Lmst
Login

#bugBounty

RedPacket SecurityRedPacketSecurity
2025-11-20

BugCrowd Bug Bounty Disclosure: P5 - NSPIRES login and sensitive pages lack anti-frame protections → Clickjacking (UI redress) escalated to credential capture & forced action - madhu873 - redpacketsecurity.com/bugcrowd

RedPacket SecurityRedPacketSecurity
2025-11-20

BugCrowd Bug Bounty Disclosure: P1 - IDOR that allows disclosing Username,Email,FirstName,LastName,Address,PhoneNumbers of PROSAMS application users. - - redpacketsecurity.com/bugcrowd

Bug Bounty ShortsBugBountyShorts@infosec.exchange
2025-11-18

CAPenX Exam Review: Is It Really That Difficult?
The Certified AppSec Pentesting Expert (CAPenX) exam focuses on *exploiting* vulnerabilities rather than finding them, testing advanced exploitation of OWASP Top 10 flaws (SQLi, XSS, XXE, Race Conditions, IDOR, JWT, SSRF, etc.) within 7.5 hours across 10 questions. Candidates must chain real-world vulnerabilities (not just identify them) requiring deep understanding of request/response manipulation, API mechanics, and business logic flaws. Key skills tested: time-based blind/second-order SQLi exploitation (sqlmap), JWT vulnerabilities (jwtlens), race condition exploitation for business logic abuse, out-of-band XXE via external DTD, API BOLA, and advanced bypass techniques. Preparation involves mastering PortSwigger Labs (especially exploit server/Burp Collaborator), WPScan for WordPress targets, manual exploit crafting over copy-paste, and rate-limit evasion. While harder than OSCP's MCQ/4-hour machine phases, its exploitation-only scope and real-world bug heritage create high difficulty requiring specialized AppSec skills. Validated certificate: secops.group/certificate-valid | Reviewer's credentials: linkedin.com/in/abhishek26gupt #Cybersecurity #InfoSec #CertificationReview #AppSec #BugBounty
infosecwriteups.com/capenx-exa

Bug Bounty ShortsBugBountyShorts@infosec.exchange
2025-11-18

GitHub Dorking: The Hunter's Guide to Finding Secrets in Public Code
The vulnerability class is "Exposed Secrets in Public Repositories" where sensitive data (API keys, credentials, internal configurations) is unintentionally committed to public code repositories. GitHub Dorking leverages advanced search operators (filename:, extension:, org:, etc.) to enumerate publicly accessible repositories for configuration files (.env, .json), cloud credentials (AWS keys, database URLs), and corporate secrets. Attackers craft targeted queries like `filename:.env "API_KEY"` or `"AKIA" extension:env` and use automation tools (GitLeaks, TruffleHog, Repo-supervisor) to rapidly scale these attacks. Impact includes full cloud account compromise (AWS, Azure), production database access, payment system exploitation, and data breaches affecting millions of records. Case studies show exposed AWS root keys granting server control and Docker configs leaking database credentials. Mitigation requires credential rotation, removing secrets from git history, .gitignore enforcement, pre-commit secret scanning, continuous repository monitoring, employee security training, and automated secret detection in CI/CD pipelines. Ethical practice demands responsible disclosure to affected organizations. #GitHubDorking #BugBounty #Cybersecurity #infosec #SecurityResearch
medium.com/@N0aziXss/github-do

Bug Bounty ShortsBugBountyShorts@infosec.exchange
2025-11-18

How I Received an Appreciation Letter from NASA for Identifying a CVE
CVE-2025–0133 is a reflected Cross-Site Scripting (XSS) in Palo Alto PAN-OS GlobalProtect (affected endpoints include /ssl-vpn/getconfig.esp) that allows executing arbitrary JavaScript in a victim's browser via unsanitized parameters like 'user' (commonly embedded via SVG). An attacker crafts a malicious link (e.g., adding <svg><script>prompt("CyberTechAjju")</script></svg> to 'user' or similar parameters) and entices an authenticated Captive Portal user to click it. When the GlobalProtect portal processes the request, the payload reflects back and executes in the victim's browser context, enabling session hijacking, credential theft, phishing, and clientless VPN compromise. In this case, Shodan searches for cpe:"cpe:2.3:o:paloaltonetworks:pan-os" and domain filters revealed NASA targets, where the link triggered XSS on both IP and real domain (e.g., vpn.*.*.nasa.gov) with full reproducibility. Impact is severe because authenticated user sessions can be stolen or abused to perform actions as that user; in enterprise/space agency environments, this can facilitate lateral movement and data exposure. Mitigation: upgrade PAN-OS to a fixed version per Palo Alto advisory; apply all latest GlobalProtect, VPN, and web profile updates; enable Content-ID/URL filtering for script obfuscation; sanitize and properly encode all user-controlled inputs server-side; implement strict X-Frame-Options/Content Security Policy; prefer server-side templating with contextual output encoding; restrict exposure and harden GlobalProtect login pages; conduct periodic security tests and monitor access logs for anomalous endpoints like /ssl-vpn/getconfig.esp. youtu.be/s_8oj1hWLU0?si=2W04Ge #infosec #BugBounty #Cybersecurity
medium.com/@cybertechajju/how-

AAAAKL@infosec.exchange
2025-11-18

In a nutshell, this is a bounty program that "provides a secure, anonymous channel for citizens and ethical hackers to report cyberthreats."

Fortinet and Crime Stoppers International Launch First-of-Its-Kind Global Initiative to Deter and Disrupt Cybercrime fortinet.com/blog/industry-tre @fortinet #bugbounty #infosec #cybercrime

AAAAKL@infosec.exchange
2025-11-18

Meta: Celebrating 15 years of Meta's Bug Bounty Program bugbounty.meta.com/blog/15th-a

More:

The Hacker News: Meta Expands WhatsApp Security Research with New Proxy Tool and $4M in Bounties This Year thehackernews.com/2025/11/meta @thehackernews #infosec #Meta #WhatsApp #bugbounty

RedPacket SecurityRedPacketSecurity
2025-11-18

BugCrowd Bug Bounty Disclosure: P5 - Publicly accessible XML files containing Personally Identifiable Information (PII) — 4 files - OziXploit - redpacketsecurity.com/bugcrowd

Habrhabr@zhub.link
2025-11-18

Хватит страдать в токсичных отношениях с Burp Suite. Пора быть счастливым с Caido

Burp Suite убедил вас, что настоящий инструмент должен быть тяжёлым, капризным и заставлять подстраиваться под себя. Caido доказал обратное: тот же уровень функциональности, но без боли, без ожидания и без лишних гигабайт. Всё просто работает - быстро, стабильно и без нервов. Страдать было необязательно. Пора наконец выдохнуть и работать с удовольствием. Узнать, как жить счастливо без Burp Suite

habr.com/ru/articles/967644/

#Caido #багхантинг #bugbounty #burp #slonser

RedPacket SecurityRedPacketSecurity
2025-11-18

BugCrowd Bug Bounty Disclosure: P4 - Unauthorized access to goto.jpl.nasa.gov - green_hats - redpacketsecurity.com/bugcrowd

RedPacket SecurityRedPacketSecurity
2025-11-18

BugCrowd Bug Bounty Disclosure: P3 - IDOR in Team Members API Exposes Private Emails and Roles of Any Team - SamSazzad - redpacketsecurity.com/bugcrowd

RedPacket SecurityRedPacketSecurity
2025-11-18

BugCrowd Bug Bounty Disclosure: P3 - Reauthentication can be bypassed by simply dropping the request - - redpacketsecurity.com/bugcrowd

RedPacket SecurityRedPacketSecurity
2025-11-18

BugCrowd Bug Bounty Disclosure: - - - redpacketsecurity.com/bugcrowd

RedPacket SecurityRedPacketSecurity
2025-11-18

BugCrowd Bug Bounty Disclosure: P3 - Publicly accessible NASA internal server (WFF-NENS-WEB1) exposed via IP 128.154.105.100 - JustifyMe - redpacketsecurity.com/bugcrowd

Wordfencewordfence
2025-11-17

Bug Bounty Hunters: Have you joined the Wordfence Bug Bounty Program discord server yet? All skill levels are welcome to join.

discord.gg/AjC7aBNshP

A great place to meet other researchers, share tips, advice, and victories - plus you can connect directly with the Wordfence Threat Intelligence team and get guidance on how to be successful in our program.

Search "Wordfence Bug Bounty Discord" or check the comments.

Wordfence Bug Bounty Discord
Rubén Santos Garcíarsgbengi@infosec.exchange
2025-11-16

New newsletter post is live! 🔥
Prototype Pollution explained: real CVEs, exploitation → RCE

kayssel.com/newsletter/issue-2

#cybersecurity #infosec #bugbounty #pentesting

Bug Bounty ShortsBugBountyShorts@infosec.exchange
2025-11-16

How a Single CSRF Vulnerability Can Lead to a Huge Bug Bounty — Full Breakdown + Complete…
This article educates readers on Cross-Site Request Forgery (CSRF) vulnerabilities and their high bounty potential. CSRF exploits the browser's automatic cookie attachment behavior, tricking authenticated users into executing unauthorized state-changing actions. The attack flow involves an attacker preparing a malicious request (e.g., money transfer), delivering it through various delivery methods (links, forms, images), and having the victim's browser automatically include valid session cookies when requesting the target site. The server trusts the authenticated request and executes the action without verifying intent. CSRF succeeds due to blind trust in session cookies without proper protections like anti-CSRF tokens, Origin/Referer validation, or SameSite cookie attributes. Common vulnerable endpoints include email/password changes, money transfers, admin actions, and MFA controls. High payouts ($800-$2000+) are awarded when CSRF affects financial transactions, account changes, or admin panels. Mitigation requires implementing anti-CSRF tokens, validating Origin headers, using SameSite cookies, avoiding state-changing GET requests, and proper CORS configuration. #infosec #BugBounty #Cybersecurity
medium.com/@zoningxtr/how-a-si

Bug Bounty ShortsBugBountyShorts@infosec.exchange
2025-11-16

ReconX — The Fastest All-in-One Reconnaissance Framework for Pentesters
ReconX is an open-source reconnaissance automation framework designed to accelerate structured recon for pentesters, red teamers, and OSINT users. It orchestrates multiple tools (Nmap, Subfinder, Gobuster/ffuf, WhatWeb, Nikto, SQLMap, URLScan API) in parallel with profiles (basic, fast, deep), parsing outputs into JSON, TXT, HTML, and AI summaries. Users install dependencies (Kali/Ubuntu/Debian; Python 3.8+; Go 1.16+; Nmap 7.80+) and run commands like reconx -t example.com or reconx -t example.com --profile deep --threads 20 --html --ai-summary. Results are timestamped into a unified directory with reconx_results.json, summary.txt, report.html, ai_summary.txt, plus tool-specific logs. The framework’s value is automation, centralized output, repeatability, speed via parallelization, and actionable reports; there is no vulnerability or exploit described in this article. #infosec #BugBounty #Cybersecurity
medium.com/@divyanshusainialok

Bug Bounty ShortsBugBountyShorts@infosec.exchange
2025-11-16

How My Custom IDOR Hunter Made Me $50k (And Saved My Clicking Finger)
This article describes a custom-built automated tool for detecting Insecure Direct Object Reference (IDOR) vulnerabilities, which yielded $50,000 in bug bounties. IDOR occurs when applications use predictable or user-controllable object references (like IDs in URLs or parameters) to access resources without proper authorization checks. The author built a toolkit to automate repetitive IDOR testing patterns, specifically testing "change user_id from 58432 to 58433" scenarios across 2,000+ endpoints, eliminating manual clicking fatigue. The tool functions as an API fuzzer that systematically manipulates object references to test unauthorized access. Successful exploitation allows attackers to view, modify, or delete other users' data, leading to sensitive data exposure, privilege escalation, and financial impact. High bounties are awarded because IDOR affects business-critical operations like financial transactions, personal data access, and administrative functions. Mitigation requires implementing proper authorization checks, using indirect references, validating user permissions on every object access, and avoiding predictable identifiers. The automation approach significantly increases testing coverage and efficiency compared to manual methods. #infosec #BugBounty #Cybersecurity
infosecwriteups.com/how-my-cus

Bug Bounty ShortsBugBountyShorts@infosec.exchange
2025-11-15

How a Single SSRF Changed My Life: My Journey From Logistics Into Cybersecurity
Type: Server-Side Request Forgery (SSRF) vulnerability in WordPress XML-RPC functionality, specifically exploiting the pingback.ping method which allows arbitrary external requests from the target server. The vulnerability exists because the XML-RPC pingback system accepts arbitrary URLs without proper validation or restrictions. Exploitation involves accessing the /xmlrpc.php endpoint and sending a POST request with system.listMethods to enumerate available methods, identifying pingback.ping, then crafting a malicious request with attacker-controlled URLs to force the server to make outbound requests. Using webhook.site as a listening endpoint, the attacker sends: POST /xmlrpc.php with XML payload containing pingback.ping method and webhook URL as target, which triggers the server to initiate an HTTP request to the external webhook, confirming the SSRF vulnerability. Impact includes server metadata exposure, potential internal network enumeration, SSRF-based port scanning, access to cloud metadata services (if cloud environment), and demonstration of unauthorized outbound connections from the target infrastructure. Mitigation involves disabling XML-RPC pingback functionality entirely, implementing strict input validation and URL whitelisting for outbound requests, restricting network access to internal resources, configuring firewall rules to prevent arbitrary external connections, and regular security testing of web applications. WordPress administrators can disable XML-RPC via plugins or server configuration if not needed. #infosec #BugBounty #Cybersecurity #SSRF
medium.com/@jsll/how-a-single-

Client Info

Server: https://mastodon.social
Version: 2025.07
Repository: https://github.com/cyevgeniy/lmst