Fix stuff, earn big awards? Maybe, if this idea for repair bounties takes off. The group is dubbed the FULU Foundation, for “Freedom from Unethical Limitations on Users,” and was co-founded by right-to-repair activist Kevin O’Reilly and perennial Big Tech thorn-in-the-side Louis Rossman. The operating model works a bit like the bug bounty system, but in reverse: FULU posts cash bounties on consumer-hostile products, like refrigerators that DRM their water filters or bricked thermostats. The bounty starts at $10,000, but can increase based on donations from the public. FULU will match those donations up to $10,000, potentially making a very rich pot for the person or team that fixes the problem.

So far, it looks like FULU has awarded two $14,000 bounties for separate solutions to the bricked Nest thermostats. A second $10,000 bounty, for an air purifier with DRM’d filters, is under review. There’s also a $30,000 bounty outstanding for a solution to the component pairing problem in Xbox Series X gaming consoles. While we love the idea of putting bounties on consumer-unfriendly products and practices, and we celebrate the fixes discovered so far, we can’t help but worry that this could go dramatically wrong for the bounty hunters, if — OK, when — someone at a Big Tech company decides to fight back. When that happens, any bounty they score is going to look like small potatoes compared to a DMCA crackdown.

From the “Interesting times, interesting problems” Department comes this announcement by NASA of a change in vendor for the ground support vehicles for the Artemis program. The US space agency had been all set to use EVs manufactured by Canoo to whisk astronauts on the nine-mile trip from their prep facility to the launch pad, but when the company went belly up earlier this year, things abruptly changed. Now, instead of the tiny electric vans that look the same coming and going, NASA will revert to type and use modified Airstream coaches to do the job. Honestly, we think this will be better for the astronauts. The interior of the Airstream is spacious, allowing for large seats to accommodate bulky spacesuits and even providing enough headroom to stand up, a difficult proposition in the oversized breadloaf form-factor of the Canoo EV. If they’re going to strap you into a couple of million pounds of explosives and blast you to the Moon, the least they can do is make the last few miles on Earth a little more comfortable.

Speaking of space, we stumbled across an interesting story about time on Mars that presented a bit of a “Well, duh!” moment with intriguing implications. The article goes into some of the details about clocks running slower on Mars compared to Earth, thanks to the lower mass of the Red Planet and the reduced gravity. That was the “duh” part for us, as was the “Einstein was right” bit in the title, but we didn’t realize that the difference would be so large — almost half a millisecond. While that might not sound like much, it could have huge implications when considering human exploration of Mars or even eventual colonization. Everything from the Martian equivalent of GPS to a combined Earth-Mars Internet would need to take the differing concept of what a second is into account. Taking things a bit further, would future native-born Martians even want to use units of measurement based on those developed around the processes and parameters of the Old World? Seems like they might prefer a system of time based on their planet’s orbital and rotational characteristics. And why would they measure anything in meters, being based (at least originally) on the distance between the North Pole and the equator on a line passing through Paris — or was it Greenwich? Whatever; it wasn’t Mars, and that’s probably going to become a sticking point someday. And you thought the U.S. versus the metric system war was bad!

Sticking with space news, what does it take to be a U.S. Space Force guardian? Brains and brawn, apparently, as the 2025 “Guardian Arena” competition kicked off this week at Florida’s Space Force Base Patrick. Guardians, as Space Force members are known, compete as teams in both physical and mental challenges, such as pushing Humvees and calculating orbital properties of a satellite. Thirty-five units from across the Space Force compete for the title of Best Unit, with the emphasis on teamwork. It’s not quite the Colonial Marines, but it’s pretty close.

And finally, Canada is getting in on the vintage computer bandwagon with the first-ever VCF Montreal. In just a couple of weeks, Canadian vintage computer buffs will get together at the Royal Military College of Saint-Jean-sur-Richelieu for an impressive slate of speakers, including our friend “Curious Marc” Verdiell, expounding on his team’s efforts to unlock the secrets of the Apollo program’s digital communications system. Along with the talks, there’s a long list of exhibitors and vendors. The show kicks off on January 24, so get your tickets while you can.

In a nod to the evolving threat landscape that comes with cloud computing and AI and the growing supply chain threats, Microsoft is broadening its bug bounty program to reward researchers who uncover threats to its users that come from third-party code, like commercial and open source software,

The post Microsoft Expands its Bug Bounty Program to Include Third-Party Code appeared first on Security Boulevard.

Welcome back, aspiring cyberwarriors!

Before we can exploit a target, we need to understand its attack surface completely. This means identifying web servers, discovering hidden endpoints, analyzing response headers, and mapping out the entire web infrastructure. Traditional tools like curl and wget are useful, but they’re slow and cumbersome when you’re dealing with hundreds or thousands of targets. You need something faster and more flexible.

Httpx is a fast and multi-purpose HTTP toolkit developed by ProjectDiscovery that allows running multiple probes using a simple command-line interface. It supports HTTP/1.1, HTTP/2, and can probe for various web technologies, response codes, title extraction, and much more.

In this article, we will explore how to install httpx, how to use it, and how to extract detailed information about a target. We will also cover advanced filtering techniques and discuss how to use this tool effectively. Let’s get rolling!

Step #1 Install Go Programming Language

Httpx is written in Go, so we need to have the Go programming language installed on our system.

To install Go on Kali Linux, use the following command:

kali > sudo apt install golang-go

Once the installation completes, verify it worked by checking the version:

kali > go version

Step #2 Install httpx Using Go

To install httpx, enter the following command:

kali > go install -v github.com/projectdiscovery/httpx/cmd/httpx@latest

The “-v” flag enables verbose output so you can see what’s happening during the installation. The “@latest” tag ensures you’re getting the most recent stable version of httpx. This command will download the source code, compile it, and install the binary in your Go bin directory.

To make sure httpx is accessible from anywhere in your terminal, you need to add the Go bin directory to your PATH if it’s not already there. Check if it’s in your PATH by typing:

kali > echo $PATH

If you don’t see something like “/home/kali/go/bin” in the output, you’ll need to add it. Open your .bashrc or .zshrc file (depending on which shell you use) and add this line:

export PATH=$PATH:~/go/bin

Then reload your shell configuration:

kali > source ~/.bashrc

Now verify that httpx is installed correctly by checking its version:

kali > httpx -version

Step #3 Basic httpx Usage and Probing

Let’s start with some basic httpx usage to understand how the tool works. Httpx is designed to take a list of hosts and probe them to determine if they’re running web servers and extract information about them.

The simplest way to use httpx is to provide a single target directly on the command line. Let’s probe a single domain:

kali> httpx -u “example.com” -probe

This command initiates an HTTP probe on the website. This is useful for quickly checking the availability of the web page.

Now let’s try probing multiple targets at once. Create a file with several domains you want to probe.

Now run httpx against this file:

kali > httpx -l hosts.txt -probe

Step #4 Extracting Detailed Information

One of httpx’s most powerful features is its ability to extract detailed information about web servers in a single pass.

Let’s quickly identify what web server is hosting each target:

kali > httpx -l hosts.txt -server

Now let’s extract even more information using multiple flags:

kali> httpx -l hosts.txt -title -tech-detect -status-code -content-length -response-time

This command will extract the page title, detect web technologies, show the HTTP status code, display the content length, and measure the response time.

The “-tech-detect” flag is particularly valuable because it uses Wappalyzer fingerprints to identify the technologies running on each web server. This can reveal content management systems, web frameworks, and other technologies that might have known vulnerabilities.

Step #5 Advanced Filtering and Matchers

Filters in httpx allow you to exclude unwanted responses based on specific criteria, such as HTTP status codes or text content.

Let’s say you don’t want to see targets that return a 301 status code. For this purpose, the -filter-code or -fc flag exists. To see the results clearly, I’ve added the -status-code or -sc flag as well:

kali > httpx -l hosts.txt -sc -fc 301

Httpx outputs filtered results without status code 301. Besides that, you can filter “dead” or default/error responses with -filter-error-page or -fep flag.

kali> httpx -l hosts.txt -sc -fep

This flag enables “filter response with ML-based error page detection”. In other words, when you use -fep, httpx tries to detect and filter out responses that look like generic or error pages.

In addition to filters, httpx has matchers. While filters exclude unwanted responses, matchers include only the responses that meet specific criteria. Think of filters as removing noise, and matchers as focusing on exactly what you’re looking for.

For example, let’s output only responses with 200 status code using the -match-code or -mc flag:

kali> httpx -l hosts.txt -status-code -match-code 200

For more advanced filtering, you can use regex patterns to match specific content in the response (-match-regex or -mr flag):

kali> httpx -l hosts.txt -match-regex “admin|login|dashboard”

This will only show targets whose response body contains the words “admin,” “login,” or “dashboard,” helping you quickly identify administrative interfaces or login pages.

Step #6 Probing for Specific Vulnerabilities and Misconfigurations

Httpx can be used to quickly identify common vulnerabilities and misconfigurations across large numbers of targets. While it’s not a full vulnerability scanner, it can detect certain issues that indicate potential security problems.

For example, let’s probe for specific paths that might indicate vulnerabilities or interesting endpoints:

kali > httpx -l targets.txt -path “/admin,/login,/.git,/backup,/.env”

The -path flag, as the name suggests, tells httpx to probe specific paths on each target.

Another useful technique is probing for different HTTP methods:

kali > httpx -l targets.txt -sc -method -x all

In the command above, the -method flag is used to display HTTP request method, and -x all to probe all of these methods.

Summary

Traditional HTTP probing tools are too slow and limited for the kind of large-scale reconnaissance that modern bug bounty and pentesting demands. Httpx provides a fast, flexible, and powerful solution that’s specifically designed for security researchers who need to quickly analyze hundreds or thousands of web targets while extracting comprehensive information about each one.

In this article, we covered how to install httpx, basic and advanced usage examples as well as shared ideas on how httpx might be used for vulnerability detections. This tool really fast and can significantly boost your productivity whether you’re conducting bug bounty hunting or web app security testing. Check this out, maybe it will find a place in your cyberwarriors toolbox.

In this article, let us discuss what Bug Bounty is and how to get started with Bug Bounty as a complete beginner. This article will  guide you on where to start, how to learn and how to earn

I have been a bug bounty hunter for a while. Of course, I  got some certifications for reporting critical bugs to companies and some bounties, too; I will share my journey, how I got into bug bounty, where I started, and some valuable tips and resources you can learn effectively.

What is Bug Bounty

What is a Bug Bounty Program 

How to get started in bug bounty 

Learn the Basics of How the  Internet Works

Start With the web first.

Learn the basics of web development.

Where to Start

Practice Vulnerable web application exploitation.

Resources

What's Next

Web Hacking Playground is a controlled web hacking environment. It consists of vulnerabilities found in real cases, both in pentests and in Bug Bounty programs. The objective is that users can practice with them, and learn to detect and exploit them.

Other topics of interest will also be addressed, such as: bypassing filters by creating custom payloads, executing chained attacks exploiting various vulnerabilities, developing proof-of-concept scripts, among others.

Important

The application source code is visible. However, the lab's approach is a black box one. Therefore, the code should not be reviewed to resolve the challenges.

Additionally, it should be noted that fuzzing (both parameters and directories) and brute force attacks do not provide any advantage in this lab.

Setup

It is recommended to use Kali Linux to perform this lab. In case of using a virtual machine, it is advisable to use the VMware Workstation Player hypervisor.

The environment is based on Docker and Docker Compose, so it is necessary to have both installed.

To install Docker on Kali Linux, run the following commands:

sudo apt update -y
sudo apt install -y docker.io
sudo systemctl enable docker --now
sudo usermod -aG docker $USER

To install Docker on other Debian-based distributions, run the following commands:

curl -fsSL https://get.docker.com -o get-docker.sh
sudo sh get-docker.sh
sudo systemctl enable docker --now
sudo usermod -aG docker $USER

It is recommended to log out and log in again so that the user is recognized as belonging to the docker group.

To install Docker Compose, run the following command:

sudo apt install -y docker-compose

Note: In case of using M1 it is recommended to execute the following command before building the images:

export DOCKER_DEFAULT_PLATFORM=linux/amd64

The next step is to clone the repository and build the Docker images:

git clone https://github.com/takito1812/web-hacking-playground.git
cd web-hacking-playground
docker-compose build

Also, it is recommended to install the Foxy Proxy browser extension, which allows you to easily change proxy settings, and Burp Suite, which we will use to intercept HTTP requests.

We will create a new profile in Foxy Proxy to use Burp Suite as a proxy. To do this, we go to the Foxy Proxy options, and add a proxy with the following configuration:

• Proxy Type: HTTP
• Proxy IP address: 127.0.0.1
• Port: 8080

Deployment

Once everything you need is installed, you can deploy the environment with the following command:

git clone https://github.com/takito1812/web-hacking-playground.git
cd web-hacking-playground
docker-compose up -d

This will create two containers of applications developed in Flask on port 80:

• The vulnerable web application (Socially): Simulates a social network.
• The exploit server: You should not try to hack it, since it does not have any vulnerabilities. Its objective is to simulate a victim's access to a malicious link.

Important

It is necessary to add the IP of the containers to the /etc/hosts file, so that they can be accessed by name and that the exploit server can communicate with the vulnerable web application. To do this, run the following commands:

sudo sed -i '/whp-/d' /etc/hosts
echo "$(docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' whp-socially) whp-socially" | sudo tee -a /etc/hosts
echo "$(docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' whp-exploitserver) whp-exploitserver" | sudo tee -a /etc/hosts

Once this is done, the vulnerable application can be accessed from http://whp-socially and the exploit server from http://whp-exploitserver.

When using the exploit server, the above URLs must be used, using the domain name and not the IPs. This ensures correct communication between containers.

When it comes to hacking, to represent the attacker's server, the local Docker IP must be used, since the lab is not intended to make requests to external servers such as Burp Collaborator, Interactsh, etc. A Python http.server can be used to simulate a web server and receive HTTP interactions. To do this, run the following command:

sudo python3 -m http.server 80

Stages

The environment is divided into three stages, each with different vulnerabilities. It is important that they are done in order, as the vulnerabilities in the following stages build on those in the previous stages. The stages are:

• Stage 1: Access with any user
• Stage 2: Access as admin
• Stage 3: Read the /flag file

Important

Below are spoilers for each stage's vulnerabilities. If you don't need help, you can skip this section. On the other hand, if you don't know where to start, or want to check if you're on the right track, you can extend the section that interests you.

Stage 1: Access with any user

Stage 2: Access as admin

Stage 3: Read the /flag file

Solutions

Detailed solutions for each stage can be found in the Solutions folder.

Resources

The following resources may be helpful in resolving the stages:

• Google
• Twitter Advanced Search
• HackTricks
• PortSwigger Learning Materials
• Payloads All The Things
• Payload Box

Collaboration

Pull requests are welcome. If you find any bugs, please open an issue.

Web Hacking Playground is a controlled web hacking environment. It consists of vulnerabilities found in real cases, both in pentests and in Bug Bounty programs. The objective is that users can practice with them, and learn to detect and exploit them.

Other topics of interest will also be addressed, such as: bypassing filters by creating custom payloads, executing chained attacks exploiting various vulnerabilities, developing proof-of-concept scripts, among others.

Important

The application source code is visible. However, the lab's approach is a black box one. Therefore, the code should not be reviewed to resolve the challenges.

Additionally, it should be noted that fuzzing (both parameters and directories) and brute force attacks do not provide any advantage in this lab.

Setup

It is recommended to use Kali Linux to perform this lab. In case of using a virtual machine, it is advisable to use the VMware Workstation Player hypervisor.

The environment is based on Docker and Docker Compose, so it is necessary to have both installed.

To install Docker on Kali Linux, run the following commands:

sudo apt update -y
sudo apt install -y docker.io
sudo systemctl enable docker --now
sudo usermod -aG docker $USER

To install Docker on other Debian-based distributions, run the following commands:

curl -fsSL https://get.docker.com -o get-docker.sh
sudo sh get-docker.sh
sudo systemctl enable docker --now
sudo usermod -aG docker $USER

It is recommended to log out and log in again so that the user is recognized as belonging to the docker group.

To install Docker Compose, run the following command:

sudo apt install -y docker-compose

Note: In case of using M1 it is recommended to execute the following command before building the images:

export DOCKER_DEFAULT_PLATFORM=linux/amd64

The next step is to clone the repository and build the Docker images:

git clone https://github.com/takito1812/web-hacking-playground.git
cd web-hacking-playground
docker-compose build

Also, it is recommended to install the Foxy Proxy browser extension, which allows you to easily change proxy settings, and Burp Suite, which we will use to intercept HTTP requests.

We will create a new profile in Foxy Proxy to use Burp Suite as a proxy. To do this, we go to the Foxy Proxy options, and add a proxy with the following configuration:

• Proxy Type: HTTP
• Proxy IP address: 127.0.0.1
• Port: 8080

Deployment

Once everything you need is installed, you can deploy the environment with the following command:

git clone https://github.com/takito1812/web-hacking-playground.git
cd web-hacking-playground
docker-compose up -d

This will create two containers of applications developed in Flask on port 80:

• The vulnerable web application (Socially): Simulates a social network.
• The exploit server: You should not try to hack it, since it does not have any vulnerabilities. Its objective is to simulate a victim's access to a malicious link.

Important

It is necessary to add the IP of the containers to the /etc/hosts file, so that they can be accessed by name and that the exploit server can communicate with the vulnerable web application. To do this, run the following commands:

sudo sed -i '/whp-/d' /etc/hosts
echo "$(docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' whp-socially) whp-socially" | sudo tee -a /etc/hosts
echo "$(docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' whp-exploitserver) whp-exploitserver" | sudo tee -a /etc/hosts

Once this is done, the vulnerable application can be accessed from http://whp-socially and the exploit server from http://whp-exploitserver.

When using the exploit server, the above URLs must be used, using the domain name and not the IPs. This ensures correct communication between containers.

When it comes to hacking, to represent the attacker's server, the local Docker IP must be used, since the lab is not intended to make requests to external servers such as Burp Collaborator, Interactsh, etc. A Python http.server can be used to simulate a web server and receive HTTP interactions. To do this, run the following command:

sudo python3 -m http.server 80

Stages

The environment is divided into three stages, each with different vulnerabilities. It is important that they are done in order, as the vulnerabilities in the following stages build on those in the previous stages. The stages are:

• Stage 1: Access with any user
• Stage 2: Access as admin
• Stage 3: Read the /flag file

Important

Below are spoilers for each stage's vulnerabilities. If you don't need help, you can skip this section. On the other hand, if you don't know where to start, or want to check if you're on the right track, you can extend the section that interests you.

Stage 1: Access with any user

Stage 2: Access as admin

Stage 3: Read the /flag file

Solutions

Detailed solutions for each stage can be found in the Solutions folder.

Resources

The following resources may be helpful in resolving the stages:

• Google
• Twitter Advanced Search
• HackTricks
• PortSwigger Learning Materials
• Payloads All The Things
• Payload Box

Collaboration

Pull requests are welcome. If you find any bugs, please open an issue.

Simple python script supported with BurpBouty profile that helps you to detect SQL injection "Error based" by sending multiple requests with 14 payloads and checking for 152 regex patterns for different databases.

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-
| S|Q|L|i| |D|e|t|e|c|t|o|r|
| Coded By: Eslam Akl @eslam3kll & Khaled Nassar @knassar702
| Version: 1.0.0
| Blog: eslam3kl.medium.com
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-

Description

The main idea for the tool is scanning for Error Based SQL Injection by using different payloads like

'123
''123
`123
")123
"))123
`)123
`))123
'))123
')123"123
[]123
""123
'"123
"'123
\123

And match for 152 error regex patterns for different databases.
Source: https://github.com/sqlmapproject/sqlmap/blob/master/data/xml/errors.xml

How does it work?

It's very simple, just organize your steps as follows

1. Use your subdomain grabber script or tools.
2. Pass all collected subdomains to httpx or httprobe to get only live subs.
3. Use your links and URLs tools to grab all waybackurls like waybackurls, gau, gauplus, etc.
4. Use URO tool to filter them and reduce the noise.
5. Grep to get all the links that contain parameters only. You can use Grep or GF tool.
6. Pass the final URLs file to the tool, and it will test them.

The final schema of URLs that you will pass to the tool must be like this one

https://aykalam.com?x=test&y=fortest
http://test.com?parameter=ayhaga

Installation and Usage

Just run the following command to install the required libraries.

~/eslam3kl/SQLiDetector# pip3 install -r requirements.txt 

To run the tool itself.

# cat urls.txt
http://testphp.vulnweb.com/artists.php?artist=1

# python3 sqlidetector.py -h
usage: sqlidetector.py [-h] -f FILE [-w WORKERS] [-p PROXY] [-t TIMEOUT] [-o OUTPUT]
A simple tool to detect SQL errors
optional arguments:
  -h, --help            show this help message and exit]
  -f FILE, --file FILE  [File of the urls]
  -w WORKERS, --workers [WORKERS Number of threads]
  -p PROXY, --proxy [PROXY Proxy host]
  -t TIMEOUT, --timeout [TIMEOUT Connection timeout]
  -o OUTPUT, --output [OUTPUT [Output file]

# python3 sqlidetector.py -f urls.txt -w 50 -o output.txt -t 10 

BurpBounty Module

I've created a burpbounty profile that uses the same payloads add injecting them at multiple positions like

• Parameter name
• Parameter value
• Headers
• Paths

I think it's more effective and will helpful for POST request that you can't test them using the Python script.

How does it test the parameter?

What's the difference between this tool and any other one? If we have a link like this one https://example.com?file=aykalam&username=eslam3kl so we have 2 parameters. It creates 2 possible vulnerable URLs.

1. It will work for every payload like the following

https://example.com?file=123'&username=eslam3kl
https://example.com?file=aykalam&username=123'

2. It will send a request for every link and check if one of the patterns is existing using regex.
3. For any vulnerable link, it will save it at a separate file for every process.

Upcoming updates

• Output json option.
• Adding proxy option.
• Adding threads to increase the speed.
• Adding progress bar.
• Adding more payloads.
• Adding BurpBounty Profile.
• Inject the payloads in the parameter name itself.

If you want to contribute, feel free to do that. You're welcome :)

Thanks to

Thanks to Mohamed El-Khayat and Orwa for the amazing paylaods and ideas. Follow them and you will learn more

https://twitter.com/Mohamed87Khayat
https://twitter.com/GodfatherOrwa

Stay in touch <3

LinkedIn | Blog | Twitter

Hello there, In this tutorial, we will be discussing how to install and use Sqlmap in termux

What is Sqlmap?

how to use sqlmap in termux

  
    git clone https://github.com/sqlmapproject/sqlmap.git
    
  

cd sqlmap

  
    python sqlmap.py -u "htttp://127.0.0.1/page.php?id=1" --batch
  

In this article, I will share the best bug bounty tools I personally use as a Bug bounty hunter.

Of course, hundreds of tools exist for Professional pentesting or Bug bounty. Maybe you might be familiar with the tools,

as Bug bounty hunters, we are always curious to test new tools that save our maximum time and give the best results

Best bug bounty tools

Subdomain Enumeration

Httpx for checking live domains

Browser Extensions

Wappalyzer

WhatRuns

Shodan

Cookie Editor

Radom user agent

Web Proxies

Burp suite

Port Scanning

Nmap

Naabu

Smap

Shodan

Automated Tools

Nuclei

Sqlmap

Wpscan

Fuzzers

Dirsearch

ffuf

Dirbuster

WAF Detection

Most of the targets are protected by some kind of  Web application firewalls. We have to detect the WAF and bypass it for maximum impact, 

Here are the tools I use for WAF detection

wafw00f

WhatWaf

Others

Conclusion:

Today In this post, I will be sharing a unique writeup on SQL injection with Authorization Headers token.

A little bit intro to Authorization Tokens,

=> An Authorization token is generated and signed by the servers and is used to verify the users by unique tokens. 

=> After the successful login, the server sends an authorization token, and web developers often store it in the browser's local storage or session storage. 

=> Modern Websites use JWT(JSON Web Tokens) for User Authorization. It doesn't mean that each Authorization token is JWT. It depends on the backend and the Framework that the website uses,

Without wasting time, let's jump into the story

I am not a regular Bug Bounty hunter. You can say I am a seasonal Bug bounty hunter. I was bored and tried to search for some private bug bounty programs through google dorks, And Randomly selected a program for hunting. I did not do basic recon like Subdomain enumeration or any Dorking as I started with the main target.

For me, it was a typical day. I just fired up the Burp suite and opened the target site. as per the company policy, I am unwilling to reveal the target.

With the help of the Wappalyzer Plugin, I have noticed that the target runs on PHP. For me, PHP is vulnerable by nature. As a Web developer, I have plenty of experience building websites in PHP and fixing vulnerabilities.

While attacking targets, I have a practice of directory brute-forcing and checking the robots.txt file at the initial stage of my recon process.

I used Dirsearch to find the hidden directories, but no luck. I did not get anything fishy other than the admin page.

I tried Opening the admin page by visiting target/admin/

But No Luck it throws an error 403 Forbidden

I did not give up too quickly, again tried to Fuzz inside the admin page using Dirsearch. This time events page got 200 responses.

Without any delay, I have opened the page target/admin/events/ 

I have noticed that the page is a regular login page, where it has two ways to log in, one for the author and another for the super admin

Exploitation Starts here

The post Carolin Solskär answers Detectify Crowdsource FAQs appeared first on Detectify Blog.

The post Crowdsource Success Story: From an Out-of-Scope Open Redirect to CVE-2020-1323 appeared first on Detectify Blog.

Bug bounty programs have made collaborating with hackers more acceptable, but these only benefit one company at a time. We want to make hacking scalable. 

The post Detectify Crowdsource – Not Your Average Bug Bounty Platform appeared first on Detectify Blog.

The post Undetected e.02 recap: Fredrik N. Almroth – Bug Bounties appeared first on Detectify Blog.

The post Q&A with Grant McCracken, Bugcrowd: “You might be thinking, do I want people to hack me? The answer is yes!” appeared first on Detectify Blog.

The post Bug Bounty and Automation make a formidable pair together appeared first on Detectify Blog.

The post 3 ways white-hat hackers can help you protect your website appeared first on Detectify Blog.

The post Meet the team: Kristian Bremberg – Community-minded ethical hacker who loves to help out appeared first on Detectify Blog.

The post Detectify Crowdsource Monthly Recap | WordPress vulnerabilities galore appeared first on Detectify Blog.