BOOK THIS SPACE FOR AD
ARTICLE ADFinding bugs can be actually very easy and I present you some of the easiest bugs that are ridiculously easy to find and pretty much are a money glitch. Before I even start make sure to subscribe to my youtube channel, I post some educational content regarding hacking that could help you get started or even improve if you are already in this industry!
Youtube: https://youtu.be/F07PxKBY8nU?si=OBiWZbHOrd8nZV7G
Instagram: https://instagram.com/deadoverflow
CWE-307: Improper Restriction of Excessive Authentication Attempts
If you don’t understand what this means, basically if you can send a lot login attempts without being rate limited and or restricted, allowing you to potentially brute force someone’s password, then you have identified an actual vulnerability! On the official CWE website, they claim that you can report this vulnerability to the associated bug bounty program and it should get accepted.
On top of that, you can find this vulnerability when making a submission on pretty much any bug bounty platform. For example, Intigriti lists this vulnerability under the Broken Authentication category.
Overall, this is in fact a valid bug that you can report in case you have identified it. You can use Burp Suite or even make your own code that would send a lot of login attempts with different password each time (on your account) and if they all go through without any rate limitation or restrictions, then you have identified an actual vulnerability.
CWE-307: Improper Restriction of Excessive Authentication Attempts (Different scenario)
Imagine a website that uses 6 digit codes to verify your password reset request. What you can do is try to see if you can brute force that as well. Even if the website has proper security against brute force attacks, they can still be vulnerable to this bug. For example, if a website responds with 401 if you entered the wrong code, and it responds with 200 if you entered the right one, you can craft an exploit and serve it on a website. This exploit would be JS code that would send a lot of these codes and just checking the response status code to see if it’s correct. Then you can send a link to a lot of different people and have them brute force the code for you!
CWE-640: Weak Password Recovery Mechanism for Forgotten Password
Finally, this type of vulnerability is my favorite one even though I am closing on 3 years experience in hacking. It’s just easy to hunt for but it could be critical in case you discover it! Here are the main things you should keep in mind when hunting for weak password reset mechanism
Scenario: A website uses security questions for password recovery, such as “What is your mother’s maiden name?” or “What is the name of the street you grew up on?” Such questions might be easy for an attacker to guess or find through social media or other public records.Scenario: An attacker exploits a password reset function that does not limit the number of attempts. They continuously submit requests for password resets for a target’s email until they successfully guess the correct input, such as a birthday or a simple security question answer.Scenario: A system generates predictable reset tokens based on a formula that an attacker can reverse engineer (like using a simple timestamp). The attacker generates a valid token and uses it to reset the user’s password without needing access to the user’s email.Scenario: After initiating a password reset, a user receives a link that remains valid indefinitely. If this link is later discovered by an attacker (for instance, if the user’s email is compromised), it can still be used to reset the password.Scenario: A website’s password reset page confirms whether an email address is registered: “If your email is in our database, you will receive a password reset link.” This behavior can be exploited by an attacker to harvest valid user emails for future attacks or spam.Conclusion
Hopefully this helps you understand on where to look for if you are just starting out with bug bounty. Note that I cannot guarantee that you will find any of these vulnerabilities but, with just some patience, you most definitely could. Thanks for making it all the way until the end, and as always, happy hacking lads!