I once found a critical on a public bug bounty program just by viewing the source code of a page, here's what happened๐
1. Target implemented a feature allowing users to post private images on their profile
2. images were publicly accessible by URLs leaking in the html source๐ฐ
@NinadMishra5 "Iโve seen tons of entry-level jobs suggested to me on LinkedIn, but I totally missed the time travel thing โ thanks for pointing it out!"
Denial of Service Using Missing or Misconfigured Pagination
Pagination: It is the process of dividing large datasets into smaller, sequential pages to improve performance and user navigation.
1. Observed the limit parameter in the GET request.
2. Found that the application was loading 10 items per page by default.
3. Created 5000+ items using a POST request.
4. Called the same GET API with limit=5000 and observed a significant delay in the response (as it was trying to load 5000 items).
5. Sent that request using high concurrency, which led to a denial of service on the server.
#pentest #bugbounty #ctf
Application Business: Travel insurance
1. Attempted price manipulation during policy purchase - no luck
2. Tried altering currency type - no luck
3. Tested modifying the number of travelers to influence final price โ no luck
4. Observed the travel date was protected using JavaScript code on the front-end. Tried sending a request directly to the server by manipulating the date using Burp Suite โ and it worked.
Impact: An attacker could backdate a policy after an incident during travel, enabling fraudulent claims.
#bugbounty #Pentesting #ctf
Note: When temporary AWS session credentials are exposed, always configure them in AWS CLI and explore accessible AWS services. Tools like ScoutSuite can also be used to enumerate permissions and identify potential misconfigurations or exposed resources.
#bugbountytips
Technology: Microservices, S3 Storage
Scenario: Multi-step image and video upload functionality
1. File upload restrictions (extension and file size) were strictly enforced server-side via the API.
2. Observed that the initial upload request response contained temporary AWS session credentials.
3. Leveraged the temporary credentials via AWS CLI to upload files directly to the S3 bucket, bypassing API-level restrictions:
#BugBounty #pentest #ctf
Technology: Java, Apache Tomcat
Scenario: The application was vulnerable to path traversal through file upload.
1. Tried default credentials on the Tomcat server โ they did not work.
2. Overwrote the `tomcat-users.xml` file to create an admin user.
3. Logged in using the created credentials and deployed a WAR file to achieve remote code execution (RCE).
#BugBounty #pentest #ctf
ASCII Smuggling is a very creative attack on LLM just by obfuscating text, it works on @grok
In future, there can be a lot of attacks using this technique as it can significantly increase the attack scenarios of indirect prompt injection
#bugbountytips
https://t.co/qqvspsCrV7