.png)
1 month ago
31 BOOK THIS SPACE FOR AD
ARTICLE AD
Yup, you read that right .
A lot of bug bounty hunters out there, bust into the application right away, get burned out in an hour or so, and jump on to the other programs right away.
Well, it turns out that is the opposite of what we are supposed to do, if we wanted to bug hunt the right way.
This is a quick explanation of one particularly interesting vulnerability find, that paid me 500 bucks outta it’s bug bounty program.
This was a weather related website, or so, who does their business out of giving out weather related information, for different locations on earth.
They had all this simple to say features, that one could easily identify on any full stack application.
I started out by testing simple vulnerabilies that could be spotted effortless, like Path Traversal, Directory Traversal, Reflected XSS protections, Clickjacking on sensitive areas, etc.,
Yup i know, the probability of finding these ground hanging fruits are extrememly low, still i did it all back then for ever application i come across.
Anyways i have my automation setup that i run on every domain, i hunt on now which lessens my manual effort a little too much, of which im proud…
Bengali (Bangladesh) · 
English (United States) ·