Day 0⃣6⃣/2⃣0⃣ -- [Delete/Deactivating An Account & Logout Vulnerabilities]
➡️ Day 6, Have You Ever Known That Deactivating & Logout Feature Can Be Hacked & Earn You Bounties?
➡️ Below are Tips & References (Feel Free To Share)🧵🧵👇👇 #BugBounty #bugbountytips #cybersecuritytips
Day 0⃣4⃣/2⃣0⃣ -- [Hacking A Web Application Via Password Change Functionality]
➡️ Day 4, Hack A Web Application Via "Password Change Functionality"
➡️ Below are Tips & References (Feel Free To Share)🧵🧵👇👇 #BugBounty #bugbountytips #cybersecuritytips "No Resting Only Hacking!"
Day 0⃣3⃣/2⃣0⃣ -- [How To Hack A Login Page!]
➡️ Day 3, How To Hack A Login Page "Exploiting Vulnerabilities On A Login Page"
➡️ Below are Tips & References (Feel Free To Share)🧵🧵👇👇 #BugBounty #bugbountytips #cybersecuritytips
Day 0⃣2⃣/2⃣0⃣ -- [Registration/SignUp Page Vulnerabilities]
➡️ Day 2, we will cover potential vulnerabilities that can affect a Registration/Sign-Up Page of a web application
➡️ Below are Tips & References (Feel Free To Share)🧵🧵👇👇 #BugBounty #bugbountytips #cybersecuritytips
Day 0⃣1⃣/2⃣0⃣ -- [Bug Bounty Reconnaissance/Information Gathering]
➡️ Being Day 1, Recon is usually the first approach when handling your target.
➡️ Below are some of the Best Checklists/Bug Bounty RECON references & Tips🧵🧵👇👇 #BugBounty #bugbountytips #cybersecuritytips
1/n The Bug Hunter's Methodology v4.0 - Recon Edition by @Jhaddix
Bug Bounty Pro Tips
If You Have Any, Please Feel Free To Add To The Thread #bugbountytips #bugbountytip #cybersecuritytips
Pro Tip — Android applications can suffer from LFI and stored XSS just by injecting <iframe/src=/etc/hosts> into input fields.
Tip for finding SSRF
To demonstrate XSS impact, don’t use alert(‘alert’). Determine whether session is stored in cookies or local storage and put that in the popup. cookie: alert(document.cookie) LocalStorage: alert(localStorage.getItem(‘access_token’))