Some easy bugbounty tips for beginners

#bugbountytips #bugbounty

1. Check HTML email injection
“Got Easiest Bounty with HTML injection via email confirmation!” by Shaurya Sharma link.medium.com/u1lHiS6yXhb

2. Check IDOR

A. Profile picture upload and delete
“Change Anyone’s profile picture-Exploiting IDOR” by Rupika Luhach link.medium.com/VwksKjKzXhb

B. Edit address and delete address

techkranti.com/delete-idor-on…

C. Account delete

“Top 25 IDOR Bug Bounty Reports” by Cristian Cornea link.medium.com/0pRbUIczXhb

3. Check CSRF

A. Profile update
(Like:- first name, last name)
“Cross Site Request Forgery vulnerability Leads to User Profile Change in Microsoft Express Logic” by Adesh Kolte link.medium.com/1BgErE9zXhb

B. Email change if current password not asking.

hackerone.com/reports/538800

4. Check no rate limit

Note:- Bugcrowd and hackerone is not accepting this type of bug but "RDP" is accepting.

A. Forget password
hackerone.com/reports/838572

B. Email change
hackerone.com/reports/774050

5. Check EXIF Geolocation

A.“EXIF Geolocation Data Not Stripped From Uploaded Images” by Sourav Newatia link.medium.com/7vzrvK5FXhb

B. hackerone.com/reports/906907…

6. Check Broken link Hijacking

Note:- Esay to find😁

Website to check :- brokenlinkcheck.com

A. hackerone.com/reports/1031321

B. hackerone.com/reports/1152588