Bug Bounty - Asecurity Blog

Sign in Subscribe

Bug Bounty

A collection of 16 posts

How i was able to hack NASA

How i was able to hack NASA

Hello everyone! I am Yashwanth, a security researcher and bug bounty hunter. Recently, I found a PII (Personally Identifiable Information) Exposure vulnerability in a target and had my report accepted. I want to share my journey with you, as a bug hunter every hacker has a dream to hack a

Learn About Local File Inclusion

Learn About Local File Inclusion

Hey bug bounty hunters! Let's dive into one of the trickier vulnerabilities out there: Local File Inclusion, or LFI. This vulnerability is very similar to a known one, which is directory/path traversal. It's really fun to look for this vulnerability, which has some impact on

Learn About Waf Bypass

Learn About Waf Bypass

What is WAF? A web application firewall (WAF) is a collection of sensors and filters used to identify and stop network intrusions on websites. The OSI model's application layer is referred to as WAFs. One security tool that is employed is the web application firewall. It makes this

Rate Limiting In Modern APIs

Rate Limiting In Modern APIs

Introduction Rate limiting is an essential security mechanism in modern APIs. Its purpose is to prevent abuse, protect server resources, and ensure service availability for all users. However, incorrect or weak configurations can lead to vulnerabilities that bug bounty hunters can exploit. Understanding Rate Limiting ● What is Rate Limiting? A

Broken Authentication in APIs , APIs can make you so rich $$$

Broken Authentication in APIs , APIs can make you so rich $$$

Introduction Authentication and authorization mechanisms are the gatekeepers of APIs, ensuring that only authorized users can access specific resources and perform allowed actions. However, flaws in these mechanisms are rampant and often lead to severe security breaches. Mastering the art of finding broken authentication vulnerabilities can be a lucrative skill

Extensive API Pentesting Guide for Bug Bounty Hunters

Extensive API Pentesting Guide for Bug Bounty Hunters

Introduction APIs (Application Programming Interfaces) are the glue that holds modern applications together. However, they are also a prime target for attackers. A successful API pentest can reveal critical vulnerabilities that could be generously rewarded in Bug Bounty programs. Understanding APIs ● What is an API? An interface that allows different

Learn About how to use Burp Suite

Learn About how to use Burp Suite

Let's see how to use this Burp Suite stuff and how to make money with it. Installing a browser and proxy: The basics Bug bounty hunters use Burp Suite, a powerful tool, extensively to discover vulnerabilities in web applications. It is a group of technologies that combine to

Learn About SQLi

Learn About SQLi

SQL Injection (SQLi) is a prevalent and potent web vulnerability that allows attackers to manipulate a website's database queries. Imagine a hacker whispering commands directly into the database's ear, bypassing the website's security measures and gaining unauthorized access to sensitive information or even control

Learn About Server-Side Request Forgery (SSRF)

Learn About Server-Side Request Forgery (SSRF)

Server-Side Request Forgery (SSRF) is a cunning vulnerability that allows attackers to manipulate a web application into making requests to internal or external resources on their behalf. Imagine a hacker using a web application as a puppet, forcing it to fetch sensitive data or perform actions that it shouldn'

XML External Entities (XXE): Unleashing the Power of XML

XML External Entities (XXE): Unleashing the Power of XML

XML External Entities (XXE) is a type of web vulnerability that allows attackers to exploit weaknesses in how an application parses XML input. Think of it as a secret passage hidden within the structure of an XML document, waiting to be discovered and exploited by a cunning adversary. Understanding XXE:

Learn About 403 Bypass

Learn About 403 Bypass

When you don't have authorization to view a webpage or anything else on a web server, you get a 403 Forbidden Error. When you are bug hunting on your target, it frequently happens that you go deep into the target and that you also receive 403 Forbidden or

Learn About Insecure Direct Object References (IDOR)

Learn About Insecure Direct Object References (IDOR)

Insecure Direct Object References (IDOR), also known as broken object level authorization, is a vulnerability that arises when a web application exposes a direct reference to an internal implementation object, such as a file, directory, or database key. It's like leaving a treasure chest unlocked, allowing anyone with

CSRF in Bug Hunting

CSRF in Bug Hunting

Cross-Site Request Forgery, or CSRF, is a technique that an attacker can use to alter user data, passwords, and other information without the user's knowledge. The attacker's goal is to fool the user into clicking a link even if they have already authenticated with the application

Open Rediction in Bug Hunting

Vulnerabilities 101

Open Rediction in Bug Hunting

I'll try to cover all of the information I know regarding open redirect. I just found an open redirect on a private program, which I was able to use to access the victim's account. With the help of this essay, I thought I'd let

Open Rediction Bug

Open Rediction Bug

Open redirects are fun to find. Most Bug Bounty programs not pay more than $250 per each but still love finding them. I have found around 500 open redirects in my life. I don't look for them so much anymore, but still think is a must-look for a

Want to succeed in bug bounties? Follow these 10 tips! 🧵👇

Want to succeed in bug bounties? Follow these 10 tips! 🧵👇

#1 Start This may seem obvious, but it's the hardest thing for most people to do. Just do it! Take the leap, even if you don't feel ready. You won't regret it. #2 Target fresh programs Always be on the lookout for fresh targets