help@cyb4rgeek.xyz

+1 (512) 588 6950

bug-bounty-tips

Home/Category: bug-bounty-tips
Basic SSTI — Server-Side Template Injection | 2023
Basic SSTI — Server-Side Template Injection | 2023 bez0x January 24, 2023

Basic SSTI — Server-Side Template Injection | 2023

Portswigger — Basic server-side template injection Solution What is SSTI? Server-side template injection is a vulnerability where the attacker injects malicious inpu

Read More
Clear communication is crucial: why writing effective vulnerability reports matters
Clear communication is crucial: why writing effective vulnerability reports matters bez0x January 13, 2023

Clear communication is crucial: why writing effective vulnerability reports matters

First, let’s address the question of why it is necessary to write a clear report. A clear report is essential for effective communication, ensures that the appropriate steps a

Read More
Strange 2FA Misconfiguration
Strange 2FA Misconfiguration bez0x January 13, 2023

Strange 2FA Misconfiguration

Hey guys I am back again with another interesting bug bounty writeup. In this write-up, I am going to tell you about my recent finding on a VDP. Due to the company’s policy, I

Read More
$350 XSS in 15 minutes. Bug Bounty Writeup about DOM XSS
$350 XSS in 15 minutes. Bug Bounty Writeup about DOM XSS bez0x December 29, 2022

$350 XSS in 15 minutes. Bug Bounty Writeup about DOM XSS

Bug Bounty Writeup about DOM XSS via JSONP + Parameter pollution Photo by Pepi Stojanovski on Unsplash Hello 👋 This is my first and last Bug Bounty Writeup this ye

Read More
Unauthorized Sign-up on Subdomain of Subdomain leading to Organization takeover worth $2000
Unauthorized Sign-up on Subdomain of Subdomain leading to Organization takeover worth $2000 bez0x December 28, 2022

Unauthorized Sign-up on Subdomain of Subdomain leading to Organization takeover worth $2000

Hello people, Here I am sharing another four-digit write-up which is one of my very old findings. If you haven’t read my previous writeup about how I was able to bypass a stro

Read More
How these IDOR vulnerability earned 5000$ | Hackerone Reddit Bug Bounty
How these IDOR vulnerability earned 5000$ | Hackerone Reddit Bug Bounty bez0x December 23, 2022

How these IDOR vulnerability earned 5000$ | Hackerone Reddit Bug Bounty

Modifying any users custom profile links Photo by Brett Jordan on Pexels IDOR, Insecure Direct Object Refference is a broad yet potentially a critical vulnerability. T

Read More