Found an RCE on an external program.
Reported them the issue via mail with PGP encryption.
It's been a month since, but never heard back from them.
It seems like they weren't able to decrypt the mail ๐.
#PrettyGoodPrivacy#infosec
Easiest BAC:
1. gau https://t.co/6967VDPSFo
2. Got a URI having path /admino/confidential/billingID=[num]
3. Open the Link & Invoice got downloaded.
4. Changed the value of param ID & got thousands of invoices having PII data.
#hackcura#infosec#bugbounty#hacking
Who does not love private invites?
Follow the Steps to avail one:
1. Go to https://t.co/NI0YRL1xrn
2. Click on Submit Flag
3. Copy and Paste the following and hit submit.
flag{EnjoyTheFreeInvite}
Kudos๐
Thanks to @Hacker0x01#infosec#bugbountytip#TogetherWeHitHarder
@fs0c131y@SetuAarogya You are mentioning the features of the app. This is what the app do. It gives you the information about the cases in your area.
Even a noob will mark this bug as Won't fix๐ฌ.
@Bugcrowd@PentesterLab@udit_thakkur Introduced me to the world of hacking and bug bounty. Learned most of the things from him. Glad to have him as a friendโ๏ธ