Bug Bounty - GitBook
Открыть в Telegram
Everything 4 bug bounty https://t.me/GiftWay32robot?start=_tgr_HwZ24DI5MWJk
Больше7 436
Подписчики
-124 часа
+27 дней
+16630 день
Архив постов
7 439
A company exposes an API for developers? This is not the same API which is used by mobile / web application. Always test them separately. Don't assume they implement the same security mechanisms.
#api
@GitBook_s
7 439
Mass Assignment is a real thing. Modern frameworks encourage developers to use MA without understanding the security implications. During exploitation, don't guess object's properties names, simply find a GET endpoint that returns all of them.
#api
@GitBook_s
7 439
Found SSRF? use it for:
Internal port scanning
Leverage cloud services(like 169.254.169.254)
Use http://webhook.site to reveal IP Address & HTTP Library
Download a very large file (Layer 7 DoS)
Reflective SSRF? disclose local mgmt consoles
@GitBook_s
7 439
Testing a Ruby on Rails App & noticed an HTTP parameter containing a URL? Developers sometimes use "Kernel#open" function to access URLs == Game Over. Just send a pipe as the first character and then a shell command (Command Injection by design)
Learn more about the open function: https://apidock.com/ruby/Kernel/open
#api
@GitBook_s
7 439
Never assume there’s only one way to authenticate to an API! Modern apps have many API endpoints for AuthN: /api/mobile/login | /api/v3/login | /api/magic_link; etc.. Find and test all of them for AuthN problems.
#api
@GitBook
7 439
Older APIs versions tend to be more vulnerable and they lack security mechanisms. Leverage the predictable nature of REST APIs to find old versions. Saw a call to api/v3/login? Check if api/v1/login
exists as well. It might be more vulnerable.
#api
@GitBook
Уже доступно! Исследование Telegram 2025 — ключевые инсайты года 
