Bug Bounty POC Blog

0

S3 Bucket Misconfiguration: From Basics to Pawn

Hello friends, Recently I came across S3 Bucket Misconfiguration vulnerability on one of the private program. I saw many write-ups on how to exploit it but none of them was from Basics. So i...

How I was able to Harvest other Vine users IP address 0

How I was able to Harvest other Vine users IP address

Hello BugBountyPoc viewers,This is Prial again . Today I will share about another Information disclosure Vulnerability which was leaking users IP address . Last time I disclosed a POC on How I was able...

9

Bugcrowd’s Domain & Subdomain Takeover!

Hello BugBountyPoc viewers, this is Khizer again, I decided to Write about this Issue because I have seen some people are still confused about “Fastly error: unknown domain” Many Subdomains of BugBounty programs have This error...

1

AWS S3 bucket writeable for authenticated aws users

Hello BugBountyPoc viewers, This is SaadAhmed a security researcher. This is my 1st write-up hope you all will forgive all mistakes. Today i’ll write about the misconfigure aws s3 buckets that i found on...

6

Vine User Private information disclosure

Vine User Private information disclosure – BugBountyPOC This post is published by Prial Islam as a contributor on BugBountyPOC .Note that the post is written by Prial Islam, & any mistake in writing will be entertained...

Any user can edit any list. 0

Any user can edit any list.

Hey There, I hope you guys doing great out there. While i was hunting Instacart , I found that any user from whom a list is shared via link or any random list is...

Privilege Escalation From Manager To Admin. 3

Privilege Escalation From Manager To Admin.

Hello Users, While i was working around with sentry which is an Public Program over hackerone i found that i was able to escalate myself from manager to admin. An admin is only person...

Coinbase Partial 2FA Bypass On Enabling Recurring Payments. 0

Coinbase Partial 2FA Bypass On Enabling Recurring Payments.

Hello Users, While i was pentesting Coinbase I noticed that while creating Recurring payment meanwhile when 2FA is enabled it asks a user to enter verification code. So when someone confirm the recurring payment...

Read-only share recipient can restore old versions of file. 1

Read-only share recipient can restore old versions of file.

Description The restore capability of Nextcloud was not verifying whether an user has only read-only access to a share. Thus an user with read-only access was able to restore old versions. Affected Software Nextcloud...