Discover and read the best of Twitter Threads about #Bugcrowd

Most recents (2)

3 Simple broken access control vulnerabilities you should hunt for, while logic vulnerabilities testing
#BugBounty
#bugbountytip
#bugbountytips
#Bugcrowd
👇👇
If the website allows creating an organisation you have ex.
2 roles admin && admin

access the user's information endpoint with the admin 2 , save the request

With the previous admin downgrade his role to few user and execute the request and see If you can access the users PII
2:

Remove the user from the organization and save the join URL For the organization, after removing the user use the same URL And see if you can rejoin the organization using the old URL After you removed from the ORG
Read 5 tweets
A 3 step process to finding and reporting critical secrets :

🧵👇
1️⃣ Find secrets :

➡ Look into source control like Github, gitlab etc

Use github dorks for more directed searches. Like github.com/techgaun/githu…
➡ Search for secrets in commit history and full organisation by trufflehog : github.com/trufflesecurit…
Read 10 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!