LEFT SIDEBAR AD

Hidden in mobile, Best for skyscrapers.

Unreleased function leads to 150$ bounty

4 weeks ago 26
BOOK THIS SPACE FOR AD
ARTICLE AD

Noureldin(0x_5wf)

Hi ,

The story begin in the past , this was my first bounty in the bug hunting field, and in my luck , it was in a public BBP in hackerone .

The target is a paying platform , its for making paying links , while i was hunting i saw a request with a name “/enforce_mfa” , i didn’t what it is for in the begining , but after i changed the parameter in response body from false to true , I realised that this request is for a function that makes you must make a 2fa to open your account , so i reported it as a “enforce mfa bypass” , after two weeks i opened the application one time and see a team function that you can enforce the invited users to set 2fa to have access for the account!

Steps to produce:

Set a simple match and replace to make the “true” to “false”

Learned Lessons:

Don’t only change from true to false , you can also change from false to true , you may find an unreleased functionality.

Read Entire Article
  3. Unreleased function leads to 150$ bounty

Related

Step into my Professional Life(:Finding my first Bug:)

Step into my Professional Life(:Finding my first Bug:)

How a Simple Bug Could Have Taken Down Your Instagram Tags

How a Simple Bug Could Have Taken Down Your Instagram Tags

Why Bug Bounty Is Just for You :)

Why Bug Bounty Is Just for You :)

Disallowed but Discoverable: The Hacker’s robots.txt Playbook

Disallowed but Discoverable: The Hacker’s robots.txt Playbook

HTML INJECTION- My Second Major Bounty

HTML INJECTION- My Second Major Bounty

Building a Bug Bounty Journey: Exploring Web Security with a Custom CMS

Building a Bug Bounty Journey: Exploring Web Security with a Custom CMS

Trending

1. Leicester City vs Chelsea
2. Priyanka Gandhi
3. Zeeshan Siddique
4. F1
5. Ajit Pawar
6. News today
7. Wayanad Election Result
8. Aditya Thackeray
9. Karnataka by Election Results 2024
10. Amit Thackeray

Popular

Install waybackurls on Kali Linux

Install waybackurls on Kali Linux

1-click RCE in Electron Applications

1-click RCE in Electron Applications

Microsoft Office Professional Plus 2019 (x64 & x86) Multilingual + Pre-Activated

Microsoft Office Professional Plus 2019 (x64 & x86) Multilingual + Pre-Activated

Over 40 Apps With More Than 100 Million Installs Found Leaking AWS Keys

Over 40 Apps With More Than 100 Million Installs Found Leaking AWS Keys

Install DalFox on Kali Linux

Install DalFox on Kali Linux

Adobe Master Collection CC 2022 v25.08.2022 (x64) Multilingual Pre-Activated

Adobe Master Collection CC 2022 v25.08.2022 (x64) Multilingual Pre-Activated

Maxon CINEMA 4D Studio S22.123 (x64) Multilingual + Crack

Maxon CINEMA 4D Studio S22.123 (x64) Multilingual + Crack

Autodesk Revit 2023 R1 Build 23.0.11.19 (x64) Multilingual + Crack

Autodesk Revit 2023 R1 Build 23.0.11.19 (x64) Multilingual + Crack

‘We are not motivated by profits’ – Open Bug Bounty maintainers on finding a niche in the crowdsourced AppSec market

‘We are not motivated by profits’ – Open Bug Bounty maintainers on finding a niche in the crowdsourced AppSec market

Just Gopher It: Escalating a Blind SSRF to RCE for $15k

Just Gopher It: Escalating a Blind SSRF to RCE for $15k

BOOK THIS SPACE FOR AD
RIGHT SIDEBAR BOTTOM AD
Bengali (Bangladesh) Bengali (Bangladesh) · English (United States) English (United States) ·
About Us · Terms & Condition · Contact Us
© Security Alert 2024. All rights are reserved