@bugbountywizard profile picture
Bug bounty wizard @bugbountywizard
Joined November 2024
  • Tweets 459
  • Following 0
  • Followers 1,601
7 Photos and videos
Breaking Kerberos: How I Walked Through an Active Directory Domain wgilescyber.medium.com/break… #bugbounty #bugbountytips #bugbountytip

Attacking Kerberos: How I Walked Through an Active Directory Domain

A hands-on look at Tickets, Kerberos attacks, and delegation abuse in an AD lab environment

wgilescyber.medium.com
1
3
16
IDOR Allows Unauthorized Payment Hijacking infosecwriteups.com/idor-all… #bugbounty #bugbountytips #bugbountytip

IDOR allows unauthorized payment hijacking

FREE READ

infosecwriteups.com
4
30
827
How a Simple Comment Box Almost Cost a Fintech Giant $15,000 medium.com/@21bec131/how-a-s… #bugbounty #bugbountytips #bugbountytip

How a Simple Comment Box Almost Cost a Fintech Giant $15,000

The thrill of bug hunting isn’t in the lines of code; it’s in the silence of the “Aha!” moment.

medium.com
2
23
862
Business Logic Vulnerability Leading to the Owner's Inability to Manage Tags medium.com/@hgr00x/business-… #bugbounty #bugbountytips #bugbountytip

Business-logic vulnerability leading to the Owner’s inability to manage tags.

.بِسْمِ اللهِ الْوَاحِد، وَالصَّلَاةُ وَالسَّلَامُ عَلَى نَبِيِّنَا مُحَمَّدٍ، النَّبِيِّ الشَّهِيدِ الْمُجَاهِدِ

medium.com
4
21
712
Admin Dashboard Accessible Without Authentication medium.com/@GR1M/admin-dashb… #bugbounty #bugbountytips #bugbountytip

Admin Dashboard Accessible Without Authentication

Severity: critical Bounty: 5 digits (PHP)

medium.com
7
41
1,856
New Struts2 Remote Code Execution Exploit Caught in the Wild medium.com/wallarm/new-strut… #bugbounty #bugbountytips #bugbountytip

New Struts2 Remote Code Execution exploit caught in the wild

Two days ago Apache has published a fix for the new Remote Code Execution vulnerability in Struts2.

medium.com
2
6
21
2,927
Web Security Beginner Series: PortSwigger XSS Lab 5 Solution youtu.be/2VXd0lGefU8 #bugbounty #bugbountytips #bugbountytip

DOM XSS in jQuery anchor

In this video, I solve PortSwigger XSS Lab 5 and explain how XSS wo...

youtube.com
2
12
953
The Bug Bounty Hunter Making $500k/Year Without a CS Degree medium.com/@osmion/the-bug-b… #bugbounty #bugbountytips #bugbountytip

The Bug Bounty Hunter Making $500K/Year Without a CS Degree

Last month, I stumbled across something that completely shattered my assumptions about tech careers. A 19-year-old kid from Argentina who…

medium.com
6
22
1,665
PortSwigger XSS Lab 3 Solution: DOM XSS in document.write sink using source location.search youtu.be/oZhO9RNpda0 #bugbounty #bugbountytips #bugbountytip
6
362
From LFI to Database Takeover and the RCE That Almost Was elahe4.medium.com/from-lfi-t… #bugbounty #bugbountytips #bugbountytip

From LFI to Database Takeover and the RCE That Almost Was

In a recent pentest project I tackled with my friend Sajad, we found a perfect example of how small cracks can break a whole system. By…

elahe4.medium.com
1
21
761
Password Reset Flow Testing: The Most Overlooked Account Takeover Vulnerability osintteam.blog/password-rese… #bugbounty #bugbountytips #bugbountytip

Password Reset Flow Testing — The Most Overlooked Account Takeover Vulnerability

Hackers don’t always crack passwords. Sometimes they just click “Forgot Password?” and walk right in through a broken back door.

osintteam.blog
4
14
662
How a Single JSON Parameter Allowed Unauthorized Manipulation (IDOR) by George Zakary medium.com/@georgezakary60/h… #bugbounty #bugbountytips #bugbountytip

how a single JSON parameter allowed unauthorized manipulation(IDOR)

It started with a single parameter I wasn’t supposed to control…

medium.com
7
43
2,397
Bug Bounty Methodology | How to Find More Bugs youtu.be/383qE5iqoMI #bugbounty #bugbountytips #bugbountytip

DOM XSS in document.write sink using source location.search || Lab 3

In this video, I solve PortSwigger XSS Lab 3 and explain how Reflec...

youtube.com
1
11
672
How I Found a Critical OAuth Misconfiguration That Led to Account Takeover medium.com/@iamshafayat/how-… #bugbounty #bugbountytips #bugbountytip

How I Found a Critical OAuth Misconfiguration That Led to Account Takeover

A bug bounty story about OAuth, PKCE, open client registration, and how multiple low-level issues chained together into a critical account…

medium.com
6
19
927
AI Security: Explanation to Exploitation (Part 1) jeetpal2007.medium.com/ai-se… #bugbounty #bugbountytips #bugbountytip

AI Security: explanation to Exploitation || Part 1

Hello Everyone,

jeetpal2007.medium.com
1
8
485
Web Security Beginner Series: PortSwigger XSS Lab 2 Solution youtu.be/2arlWkTZL08?si=mROc… #bugbounty #bugbountytips #bugbountytip

Web Security Beginner Series: PortSwigger XSS Lab 2 Solution

In this video, I solve PortSwigger XSS Lab 1 and explain how Reflec...

youtube.com
2
4
627
How a Broken Cryptographic Key Derivation Allowed Full Tenant Takeover on an Enterprise Identity medium.com/@21bec131/how-a-b… #bugbounty #bugbountytips #bugbountytip

How a Broken Cryptographic Key Derivation Allowed Full Tenant Takeover on an Enterprise Identity…

Three weeks ago, I was looking at a high-end enterprise Identity Provider (IdP) platform on a private bug bounty program. This service…

medium.com
1
15
587
Solving PortSwigger XSS Lab 1 | Reflected Cross Site Scripting Explained youtu.be/IcpJ1N432mw?si=0HBy… #bugbounty #bugbountytips #bugbountytip

Solving PortSwigger XSS Lab 1 | Reflected Cross Site Scripting...

In this video, I solve PortSwigger XSS Lab 1 and explain how Reflec...

youtube.com
2
4
708
Zoho Account Takeover: How a Single Click Can Lead to Full Control Over Your Zoho Account infosecwriteups.com/zoho-acc… #bugbounty #bugbountytips #bugbountytip

Zoho Account Takeover: How a Single Click Can Lead to Full Control over your Zoho account

Hello, in this story, I will discuss how I discovered DOM XSS and Postmessage misconfiguration and escalated them to take-over the Zoho…

infosecwriteups.com
4
35
1,262
IDOR Leading to Account Takeover via Email Reassignment medium.com/@damiangambacorta… #bugbounty #bugbountytips #bugbountytip

IDOR Leading to Account Takeover via Email Reassignment

The OliveX Files | By Damian Gambacorta

medium.com
6
44
1,832
Load more