Discover and read the best of Twitter Threads about #bugcrowd
Most recents (2)
3 Simple broken access control vulnerabilities you should hunt for, while logic vulnerabilities testing
#BugBounty
#bugbountytip
#bugbountytips
#Bugcrowd
👇👇
#BugBounty
#bugbountytip
#bugbountytips
#Bugcrowd
👇👇
If the website allows creating an organisation you have ex.
2 roles admin && admin
access the user's information endpoint with the admin 2 , save the request
With the previous admin downgrade his role to few user and execute the request and see If you can access the users PII
2 roles admin && admin
access the user's information endpoint with the admin 2 , save the request
With the previous admin downgrade his role to few user and execute the request and see If you can access the users PII
2:
Remove the user from the organization and save the join URL For the organization, after removing the user use the same URL And see if you can rejoin the organization using the old URL After you removed from the ORG
Remove the user from the organization and save the join URL For the organization, after removing the user use the same URL And see if you can rejoin the organization using the old URL After you removed from the ORG
A 3 step process to finding and reporting critical secrets :
🧵👇
🧵👇
1️⃣ Find secrets :
➡ Look into source control like Github, gitlab etc
Use github dorks for more directed searches. Like github.com/techgaun/githu…
➡ Look into source control like Github, gitlab etc
Use github dorks for more directed searches. Like github.com/techgaun/githu…
➡ Search for secrets in commit history and full organisation by trufflehog : github.com/trufflesecurit…
