Bug Bounty & Agile Pentesting Platform

Twitter Recap #1 – Bug Bounty Tips by the Intigriti Community

 

bug bounty tip 1kopieBug Bounty Tips

Over the past years we have shared a lot of  tips to help our readers in one way or another. Thinking outside the box or trying a different approach could be the defining factor in finding that one juicy bug!

We dove deep into our archives and made a list out of all the Bug Bounty tips we posted up untill this point. Here is a summary.

Index

Recon

The way you perform your reconnaissance is what differentiates you from other hackers. Here are some tips to step up your recon game!

Copyright Footer

Company Owned Domains

Company Resources

Webinars

OpenSSL for Recon

Deleted Accounts Recon

Premium Features

E-mail Template Injection

RTFM

Rails Application Testing

API Endpoints Recon

Tools

There are lots and lots of security tools out there, these are the ones we tried throughout the years. The might me worth your time looking into!

Objection

EyeWitness

Apktool

FileChangeMonitor

Exiftool

Cloud_Enum

Security_Trails

Payloads

Sometimes you feel like you are close to finding something but you are not quite there yet. It could be a matter of executing the right payload in the right place. The next example might help you in the right direction.

XSS in Parameter Names

Youtube XSS

XSS with htmlentities()

Hidden GET and POST Parameters

Payloads in E-mail Address

X-Forwarded-For Headers

Long String Parameters

Hidden Wildcarts

Fuzz Non-Printable Characters

JSONp Callback

XSS in API

XSS in MathJax or KaTeX

Authentication & Authorization

Many problems reside in the authentication and authorization process.  These vulnerabilities cause huge security risks for company’s so your reports wil gladly be received. With these tips you will be sure to find more of them.

UUID IDOR Trick

Username Takeover

Swapping Tokens

Leaked Slack Tokens

Facebook Account Takeover Vulnerabilities

Hidden OAuth Providers

Change Request Method

JWT Account Takeover

Extract AWS S3 Bucket Name

Support Subdomain Takeover

Bypasses

You find yourself getting stuck against some type of wall while hunting? No worries! The next tips might help you get past them.

Bypass JWT Signature

403 Forbidden Bypass

Bypass Paywalls

Bypass Firewalls

Send Back Responses

From False to True

Business Logic

Tired of getting only low or medium bounties? Then you need to hit where it really hurts. Try thinking in the company’s perspective and what is important for them. You will get more money for your work!

Focus on Impact

The Birthday Trick

Skipping Steps

The Coupon Trick

Informative

Asking Questions

XSS Passwords

%d bloggers like this: