Рет қаралды 6,695
Welcome to the final episode in the Finding Your First Bug series, today we’re talking about the final stage of bug hunting, report writing. Specifically, we’re looking at: how do you know if you’ve found a bug? When do you report a bug? What should a bug report contain? What’s the key to getting high bounties? We’re going to talk all about those really key questions! And also talk about some bug bounty etiquette and how to express yourself.
Case Studies
- #536853 Unreleased CTF Levels are Revealed on /group/user/ID1?user=USERID endpoint: hackerone.com/reports/536853 #498052
- Password theft login.newrelic.com via Request Smuggling: hackerone.com/reports/498052 #716292 JumpCloud API Key leaked via Open Github Repository.: hackerone.com/reports/716292
- #674757 Total Paid Bounty Paid can be disclose: hackerone.com/reports/674757
- #792927 Email address of any user can be queried on Report Invitation GraphQL type when username is known: hackerone.com/reports/792927
- #156098 XSS At "pages.et.uber.com" : hackerone.com/reports/156098
- #180074 BAD Code !: hackerone.com/reports/180074
- Why I’m banned from hackerone? - Kenan - Medium: / why-im-banned-from-hac...
Further Reading Bugcrowd University
- How to Make a Good Bug Submission - KZbin: • Bugcrowd University - ...
Contact Me
@insiderPhD on Twitter