Bug Bounty Reports Explained
@gregxsunday.bsky.social
📤 475
📥 103
📝 96
GraphQL CSRF via the HEAD method
#bugbounty
#bugbountytips
#bugbountyhunter
loading . . .
4 months ago
1
5
0
10/10 GraphQL SQL injection bug
#bugbounty
#bugbountytips
#bugbountyhunter
loading . . .
4 months ago
1
2
0
Unexpected privilege escalation deletion bug
#bugbounty
#bugbountytips
#bugbountyhunter
loading . . .
4 months ago
1
0
1
Unauthenticated → Low privileges → admin
#bugbounty
#bugbountytips
#bugbountyhunter
loading . . .
4 months ago
1
0
0
Sometimes, one field is all you need for a bug
#bugbounty
#bugbountytips
#bugbountyhunter
loading . . .
4 months ago
1
1
0
GraphQL isn’t just an API to deliver our payloads. Often, its implementations are what actually cause them. To see what bugs it can lead to, studied disclosed bug bounty reports. IDORs, privescs, DoS, CSRFs, SQLis - it's all there. Enjoy!
loading . . .
Enjoy the videos and music that you love, upload original content and share it all with friends, family and the world on YouTube.
https://youtu.be/9tNUPpB1gto
4 months ago
0
3
0
If your GraphQL testing stops at introspection and ID swapping, you’re missing out. SQLi, CSRF, caching bugs, race conditions, WebSocket bypasses - it’s all there. I studies 90 real reports to find what actually works.
4 months ago
0
2
0
Fuzzing vs broken access control bugs feat. Arthur Aires
#bugbounty
#bugbountytips
#bugbountyhunter
loading . . .
4 months ago
0
0
0
This is why you should run bug bounty tools from a VPS feat. Arthur Aires
#bugbounty
#bugbountytips
#bugbountyhunter
loading . . .
4 months ago
0
0
0
Managing your blind XSS payloads feat. Arthur Aires
#bugbounty
#bugbountytips
#bugbountyhunter
loading . . .
4 months ago
0
1
1
Generating target-specific wordlists feat. Arthur Aires
#bugbounty
#bugbountytips
#bugbountyhunter
loading . . .
4 months ago
0
0
0
Generating target-specific wordlists feat. Arthur Aires
#bugbounty
#bugbountytips
#bugbountyhunter
loading . . .
4 months ago
0
0
0
Automation to get Hackerone program updates feat. Arthur Aires
#bugbounty
#bugbountytips
#bugbountyhunter
loading . . .
4 months ago
0
1
0
In today’s episode, Arthur Aires shares his bug bounty methodology which starts with heavy fuzzing and automation to find the best assets for manual exploitation and escalation. Enjoy!🔥
loading . . .
Enjoy the videos and music that you love, upload original content and share it all with friends, family and the world on YouTube.
https://youtu.be/6mVMVLYKBYI
4 months ago
0
1
0
In this video, Arthur Aires walks us through two real-world deserialization RCEs that include bypassing a class allowlist and then exfiltrating data via DNS. Techniques you'll want in your toolbox. Enjoy!
loading . . .
Enjoy the videos and music that you love, upload original content and share it all with friends, family and the world on YouTube.
https://youtu.be/tEfjSs4fq8M
5 months ago
0
3
0
An ATO that doesn’t make sense feat. Jasmin “JR0ch17” Landry
#bugbounty
#bugbountytips
#bugbountyhunter
loading . . .
5 months ago
0
3
0
Manipulating referer policy when DOM Purify is used feat. Jasmin “JR0ch17” Landry
#bugbounty
#bugbountytips
#bugbountyhunter
loading . . .
5 months ago
0
1
0
SQLi still exists in 2025 feat. Jasmin “JR0ch17” Landry
#bugbounty
#bugbountytips
#bugbountyhunter
loading . . .
5 months ago
0
0
0
Using match and replace rules for quickly applying polyglot payloads feat. Jasmin “JR0ch17” Landry
#bugbounty
#bugbountytips
#bugbountyhunter
loading . . .
5 months ago
0
0
1
Second order injections feat. Jasmin “JR0ch17” Landry
#bugbounty
#bugbountytips
#bugbountyhunter
loading . . .
5 months ago
0
0
0
In this episode, Jasmin “JR0ch17” Landry breaks down how he consistently lands highs and crits - from SSRFs to less common bugs like XXEs and SQLis. Enjoy🔥
loading . . .
Enjoy the videos and music that you love, upload original content and share it all with friends, family and the world on YouTube.
https://youtu.be/0-o3_NumvbI
5 months ago
0
2
0
Hunting for privilege escalations by modifying the JS feat.
@renniepak.nl
#bugbounty
#bugbountytips
#bugbountyhunter
loading . . .
7 months ago
0
1
0
$50k XSS in a web3 website feat.
@renniepak.nl
#bugbounty
#bugbountytips
#bugbountyhunter
loading . . .
7 months ago
0
3
0
The CSPBypass website feat.
@renniepak.nl
#bugbounty
#bugbountytips
#bugbountyhunter
loading . . .
7 months ago
1
1
0
The mysterious bug bounty methodology
loading . . .
7 months ago
0
0
0
Using javascript bookmarks to speed up bug hunting feat.
@renniepak.nl
#bugbounty
#bugbountytips
#bugbountyhunter
loading . . .
7 months ago
0
7
0
An XSS payload tattooed on the forearm feat.
@renniepak.nl
#bugbounty
#bugbountytips
#bugbountyhunter
loading . . .
7 months ago
0
4
0
XSS is still the most common bug class that can be insanely profitable if you master it like my today's guest - Renniepak. In this interview, we talk XSS, CSP bypasses, access control, JS bookmarks, and more... Enjoy🔥
loading . . .
Enjoy the videos and music that you love, upload original content and share it all with friends, family and the world on YouTube.
https://youtu.be/0PnWrdqV3TA
7 months ago
1
6
1
My favourite bug bounty moment of 2024
#bugbounty
#bugbountytips
#bugbountyhunter
loading . . .
8 months ago
0
1
0
Are client-side RCEs a big part of my hunting style?
#bugbounty
#bugbountytips
#bugbountyhunter
loading . . .
8 months ago
0
1
0
I am discontinuing BBRE Premium in its membership form.
8 months ago
1
2
0
Hackbots for looking for privilege escalation bugs?
#bugbounty
#bugbountytips
#bugbountyhunter
loading . . .
8 months ago
0
0
0
The biggest change I made in my bug bounty hunting in 2024
#bugbounty
#bugbountytips
#bugbountyhunter
loading . . .
8 months ago
0
0
0
My 2024 bug bounty recap. This episode goes over my most common findings, key lessons learned, changes in my bug bounty methodology, and, as always, a full breakdown of my earnings. Enjoy🔥
loading . . .
Enjoy the videos and music that you love, upload original content and share it all with friends, family and the world on YouTube.
https://youtu.be/K5m-tF8y27M
8 months ago
0
2
0
I decided to take a look at the 2024 and choose the best bug bounty writeups, blogposts and tools, as well as the most underrated reports of the year. Enjoy🔥
loading . . .
Enjoy the videos and music that you love, upload original content and share it all with friends, family and the world on YouTube.
https://youtu.be/oprnf8nQqBw
8 months ago
0
5
2
reposted by
Bug Bounty Reports Explained
renniepak
8 months ago
Found a handy new CSP bypass gadget on Snapchat:
cspbypass.com#snapchat
1
22
4
Inside the FBI’s Secret Encrypted Phone Company ‘Anom’ - Joseph Cox by @josephfcox https://www.youtube.com/watch?v=uFyk5UOyNqI
#BBRENewsletter87
9 months ago
0
1
0
reposted by
Bug Bounty Reports Explained
Mikhail Shcherbakov
9 months ago
If you want to hear cool BB stories about how I used these gadgets, check out the
#DEFCON
talk
youtu.be/H-bhmSwnRdY
loading . . .
DEF CON 32 - Exploiting the Unexploitable Insights from the Kibana Bug Bounty - Mikhail Shcherbakov
YouTube video by DEFCONConference
https://youtu.be/H-bhmSwnRdY?si=mMzUpvNO3RBPz2aq
0
1
2
DoubleClickjacking: A new era of UI redressing? by @PaulosYibelo https://www.paulosyibelo.com/2024/12/doubleclickjacking-what.html
#BBRENewsletter87
9 months ago
0
2
0
ReDoS - Regular Expression Denial of Service feat.
@joaxcar.bsky.social
#bugbounty
#bugbountytips
#bugbountyhunter
loading . . .
9 months ago
0
2
0
Server-Side Prototype Pollution gadget collection https://github.com/KTH-LangSec/server-side-prototype-pollution
#BBRENewsletter87
9 months ago
1
11
1
20 DoS bugs in GitLab in one year feat.
@joaxcar.bsky.social
#bugbounty
#bugbountytips
#bugbountyhunter
loading . . .
9 months ago
0
6
0
Bypassing File Upload Restrictions To Exploit Client-Side Path Traversal by @doyensec https://blog.doyensec.com/2025/01/09/cspt-file-upload.html
#BBRENewsletter87
9 months ago
0
7
3
reposted by
Bug Bounty Reports Explained
Mastering Burp Suite
9 months ago
A nice tip Match & Replace from Intigriti... 💎 Replace `Content-Type: application/json` with `Content-Type: application/xml` in requests and look for XML parsing errors in responses 🛠️ That will allow you to identify XML-processing endpoints 🧠
0
19
4
DOM clobbering is more useful than you think feat.
@joaxcar.bsky.social
#bugbounty
#bugbountytips
#bugbountyhunter
loading . . .
9 months ago
0
2
0
What was your favourite bug bounty writeup of 2024?
9 months ago
0
3
0
Signature Verification Bypass in Nuclei by @wiz_io https://www.wiz.io/blog/nuclei-signature-verification-bypass
#BBRENewsletter87
9 months ago
0
2
0
Little known trick to bypass CSP feat.
@joaxcar.bsky.social
#bugbounty
#bugbountytips
#bugbountyhunter
loading . . .
9 months ago
0
7
1
SQL Injection Isn't Dead Smuggling Queries at the Protocol Level by @pspaul95 https://www.youtube.com/watch?v=Tfg1B8u1yvE
#BBRENewsletter87
9 months ago
0
1
0
A severe browser bug found during a bus ride from work feat.
@joaxcar.bsky.social
#bugbounty
#bugbountytips
#bugbountyhunter
loading . . .
9 months ago
0
3
0
Load more
feeds!
log in