I repeat: Bug bounty is not get fast money scheme it requires a lot of hours studying learning and understanding how an application works before being able to get $$$ from it.
#bugbounty#ethicalhacking
To find this you can use Google Dorks or Shodan.
Google : intitle:"WoodWing Studio Server"
Shodan : http.title:"WoodWing Studio Server"
Default creds: username: woodwing password: ww
#bugbounty#bugbountytip#bugbountytips#ethicalhacking#infosec
Just scored a reward 750 € @intigriti#HackWithIntigriti
If you find woodwing studio server framework, definitely check https://woodwing.domain.tld/Server/.git/ folder, so you can have full access authority 😊😎 also by default user: woodwing pass : ww
Bug Bounty is painful stressful Im doing Web Application Security Since i was 10 and now im now 24 if you think Bug Bounty is easy or you can get quick cash from it, Bug Bounty is just not for you.
#bugbounty#ethicalhacking
I just found the most critical vulnerability in my whole Bug bounty journey with more than 3 milion PII Data Being Leaked.
Feels Good to be back.
#bugbounty#ethicalhacking#cybersecurity#cybersec
Tried everything 403 forbidden
Tried this Payload : "><a href="//bing.com">Redirect</a> Worked fine
HTMLi to Open Redirection was Possible #bugbounty#bugbountytip#bugbountytips
Google Dorking is such an incredibly powerful way of doing recon! 💪
@fattselimi shows us an example of how you can find AEM instances of your target in just seconds! ⏲
#bugbounty#bugbountytips 👇
If you encounter in a Website running on Laravel don't forget to check /_debugbar which is Debug Mode Enabled for Laravel and you might end up finding Sensitive Data Like DB Creds and other stuff.
#bugbounty#bugbountytip#bugbountytips#ethicalhacking
Everyone just sees the payout in bug bounties, but they never see the long road that was necessarily needed to arrive at those rewards
#bugbounty#ethicalhacking
I just found an Unprotected Apache Pulsar Admin Login using default credentials
username: pulsar
password: pulsar
#bugbounty#bugbountytip#bugbountytips
Always hack with your friends! me and @badcrack3r found some cool findings today hard work always pays off.
Thank you @intigriti for making a really enjoyable platform for everyone who likes web/mobile even hardware researching and security.
#infosec
Finding of the day in @Hacker0x01 after a long time.
Bug type: SQLi
I managed to identify a hidden subdomain using @dorkipty and i found a hidden endpoint after fuzzing and reported for further remediation.
#bugbounty#infosec#cybersec#ethicalhacking
This was my first Bug Bounty from @Bugcrowd and im still getting bounties the same way.
Find the more details in my new write up how you can find Adobe Experience (AEM) Information Disclosure Vulnerability : medium.com/@fattselimi/infor…#bugbounty#cybersecurity