Securitycipher

IDOR in Invitation Flow Leads to Denial of Signup and Account Manipulation

https://medium.com/@mhmodgm54/idor-in-invitation-flow-leads-to-denial-of-signup-and-account-manipulation-98c51e0dd942?source=rss------bug_bounty-5

From Simple Restriction Bypass to Internal Privilege Escalation to High Impact IDOR

https://medium.com/@Alharbe0/from-simple-restriction-bypass-to-internal-privilege-escalation-to-high-impact-idor-e7b8366ac70d?source=rss------bug_bounty-5

OAuth Login Bypasses & Account Linking Chaos — A Bug Bounty Adventure

https://sohanxp56.medium.com/oauth-login-bypasses-account-linking-chaos-a-bug-bounty-adventure-ff243fd62277?source=rss------bug_bounty-5

How I Found a Critical XSS On a Public Bug Bounty Program

https://1-day.medium.com/how-i-found-a-critical-xss-on-a-public-bug-bounty-program-27d492117f61?source=rss------bug_bounty-5

The Best Alternatives to Intelx.io

https://medium.com/@Appsec_pt/the-best-alternatives-to-intelx-io-f1c469e23fb1?source=rss------bug_bounty-5

OAuth Açığı Nedir?

https://medium.com/@sanaldunya/oauth-a%C3%A7%C4%B1%C4%9F%C4%B1-nedir-247ede6d5948?source=rss------bug_bounty-5

“Day 10: Defending the Digital Gateway — A White Hat’s Exploration of Chrome’s Security…

https://infosecwriteups.com/day-10-defending-the-digital-gateway-a-white-hats-exploration-of-chrome-s-security-e5f217177104?source=rss------bug_bounty-5

I Turned One Recon Trick Into $3,350

https://medium.com/@ibtissamhammadi1/i-turned-one-recon-trick-into-3-350-07ce80e7e8df?source=rss------bug_bounty-5

Host Header Magic: Unlocking Hidden Portals by Just Changing ONE Field!

https://medium.com/@zoningxtr/host-header-magic-unlocking-hidden-portals-by-just-changing-one-field-4b762e167a74?source=rss------bug_bounty-5

How to Chain Bugs Like a Pro (From P5 to P1)

https://medium.com/@viratavi1223/how-to-chain-bugs-like-a-pro-from-p5-to-p1-0cddd902c8e3?source=rss------bug_bounty-5

Hijacking the Pipeline: Mastering HTTP Desync Exploits

https://medium.com/@Dedrknex/hijacking-the-pipeline-mastering-http-desync-exploits-532faf98dbbe?source=rss------bug_bounty-5

Hack SMB in Minutes: The Step-by-Step Guide Pentesters Don’t Want You to Miss!

https://medium.com/@verylazytech/hack-smb-in-minutes-the-step-by-step-guide-pentesters-dont-want-you-to-miss-f2c504d2e439?source=rss------bug_bounty-5

The Wild Story of How a Website Bug Could Let Strangers Unlock Cars Anywhere

https://medium.com/readers-club/the-wild-story-of-how-a-website-bug-could-let-strangers-unlock-cars-anywhere-1ec09756291e?source=rss------bug_bounty-5

Password Reset Poisoning via Middleware: The Hidden Flaw That Can Lead to Account Takeover

https://infosecwriteups.com/password-reset-poisoning-via-middleware-the-hidden-flaw-that-can-lead-to-account-takeover-899416465d45?source=rss------bug_bounty-5

Understanding DOM-Based XSS in Acronis Promo Page: A Deep Dive

https://medium.com/h7w/understanding-dom-based-xss-in-acronis-promo-page-a-deep-dive-568d2ee1284e?source=rss------bug_bounty-5

Google Cloud Partner API Credentials Found in Public Repo

https://enterlectury.medium.com/google-cloud-partner-api-credentials-found-in-public-repo-45517dc54213?source=rss------bug_bounty-5

Exceed the maximum number of subscribers using Race Condition

https://hackerone.com/reports/3221185

My 100 Hour Rule for Bug Bounty !

https://devprogramming.medium.com/my-100-hour-rule-for-bug-bounty-046f96fc7791?source=rss------bug_bounty-5

Hacking Flutter apps: Static, dynamic and beyond

https://manasharsh.medium.com/hacking-flutter-apps-static-dynamic-and-beyond-893c7a733353?source=rss------bug_bounty-5

Stop Wasting Time! The Secret Method to Find Exploits in Minutes

https://medium.com/@verylazytech/stop-wasting-time-the-secret-method-to-find-exploits-in-minutes-5920dc6619cc?source=rss------bug_bounty-5

Bug Bounty: Information Disclosure — Leaks, Logs & Loose Ends

https://medium.com/@rajkumarkumawat.workup/bug-bounty-information-disclosure-leaks-logs-loose-ends-54cf53dbbf09?source=rss------bug_bounty-5

“Day 9: Cloud Heist Unlocked — How I Discovered a $100 AWS Vulnerability (Ethically)”

https://infosecwriteups.com/day-9-cloud-heist-unlocked-how-i-discovered-a-100-aws-vulnerability-ethically-15349c3ce4fb?source=rss------bug_bounty-5

The Bug that made me a Bounty in only a Few Minutes

https://medium.com/@cheirishpro/the-bug-that-made-me-a-bounty-in-only-a-few-minutes-7cf92bb03c19?source=rss------bug_bounty-5

How I Found a Critical Bug in My First 24 Hours

https://medium.com/@ibtissamhammadi1/how-i-found-a-critical-bug-in-my-first-24-hours-762092ae6664?source=rss------bug_bounty-5

Account/Repository Takeover via Abandoned GitHub Username in curl's href_extractor.c

https://hackerone.com/reports/3295738

The 3 Best Tools for Bug Bounty / Pentesting

https://medium.com/@dr_1n-ctrl/the-3-best-tools-for-bug-bounty-pentesting-915e95686e6f?source=rss------bug_bounty-5

Bug Bounty Entry: Getting Started with Platforms like HackerOne and Bugcrowd

https://rafalw3bcraft.medium.com/bug-bounty-entry-getting-started-with-platforms-like-hackerone-and-bugcrowd-849ffb8ba046?source=rss------bug_bounty-5

Insecure WebSocket Usage in curl Documentation and Examples (CWE-319: Cleartext Transmission of Sensitive Information)

https://hackerone.com/reports/3295652

Rate Limiting in Web Applications: Bug That Pays Your Rent

https://medium.com/@aashifm/rate-limiting-in-web-applications-bug-that-pays-your-rent-028d634abe53?source=rss------bug_bounty-5

Dorks For Sensitive Information Disclosure Part-3

https://medium.com/@devanshpatel930/dorks-for-sensitive-information-disclosure-part-3-a687a9c5a3bf?source=rss------bug_bounty-5