It IS hard, I think what sets out people who don't find a bug and people who do is literally just perseverance. You get more skilled over time but initially all you have is luck, so you've gotta keep trying!

@@InsiderPhD Hello again, I am very happy to annonce you that I already found my first bug few days ago on Hacker101 Private Program. I want to thank you for your videos and for sharing your knowledge with us. Happy Hack ^^

​@@popo_hackwhat bug is he，How long did it take you to find this bug, I haven't harvested for four months.

How did it go?

Did u get good at it ??

Sorry! Been moving it’s super stressful 🙏🙏

Aww that sucks, hopefully you’ll be first next time!

Got a bug yass Got a dupe yaaasss Keep trying it will get better with time

@-メAjax he's probably be a prime suspect in the crime since he literally went to the devs and told them he knows this exploit

You should be happy about finding it, no matter whether you were the first or not. Well done!

Practice, practice, practice. Never stop learning, always try to hack and I’m sure you’ll find something!

We're all on the same train let's keep the grind!!

How did it go?

​@@mahmoudadel197how's it going for you ? 😅

Me too

Have you found one yet?

@@animazing1002 only a dupe

@@groeneappel7842 still you found < cheers

did you find any yet

Found anybug?

@@dev__004 bugs for 3k

@@fahadfaisal2383 I started 1 yr ago and learned fpr 2 months stopped and started now again and got 3 duplicates. Any tips for me brother

Brother, I am not that pro to give advice to you, but I need to automate your tasks avoid duplicates.

@@fahadfaisal2383 got any social media handles and also can u mention some of the tools u use. Thank you brother

Endpoint in this case is URL that does something, now years ago this would mean a file that exists but modern web apps use something called routing so each URL doesn’t necessarily map to a file, hence calling them endpoints

No, this is expected- User B doesn’t have to action it and since it sends an email that provides another layer of security

Nope, session IDs in itself are authentication tokens hence that is just how the website works. Hare supplying As credentials to B

In this case we use the cookies of account A to make changes to something owned by account B, showing that any user could affect any other user. Sorry if this is unclear it’s a quick way to test if we logged into one account if we could make changes on another! I will make this clearer in a future upcoming video! But to use your example this is a great example of when bug chains can be key to getting a high severity, by, as you say using an XSS, which can be chained into a full account takeover!

@@InsiderPhD hii Ive got the same question from twitter, asking me how you would get the cookie and csrf token of the victim..

Large API! Yahoo, tumblr uber, open sea etc just look for APIs on HackerOne

@@InsiderPhD Well thank you ma'am.. I'm now learning it.. but can you make a video about it how to find IP in Website through hacker one please coz I'm almost done just need one step closer to real world

Yeah, but what we're demonstrating is that we can do something User A's account, while logged onto to User B, so we could use the vulnerability to change any account. We use 2 accounts we own because usually program rules forbid you from accessing any other users account but ones you create. Hope that helps!

Thank you for the reply! But for this to be a potential threat, wouldn't an attacker need to know the victim's cookie?

No because we swap the cookies: Step 1: perform an action on User As account Step 2: repeat or intercept the request Step 3: Change the cookie from User As to User Bs Step 4: Did it work? If yes it’s an IDOR We never use User As cookie apart from to do the action to capture the request in Burp, then we replace it to simulate an IDOR

Oh okay now i understand. Thank you for clarifying! 🙂

Any Updates?

I would only hack on bug bounty platforms like Intigriti, HackerOne, BugCrowd or Synack- simply because it’s 100% legal and safe. For a list of VDPs try disclose.io

I had not seen it, I googled it, here is my reaction: "Oh buy a year get another free? That's pretty good, how much does it cost- JESUS CHRIST that's expensive"

At that price point you're better looking at more established qualifications that specialise you, rather than trying to take every certification you can

It's difficult until it's not! So keep pushing! :)

There are nothing that you cant do We all describe any thing we dont know as a hard thing, untill you know it and understand it you will laugh about your self in the past

Thank you so much😊❤️

Why?

HackerOne publishes that data! They posted this in the last few days: www.hackerone.com/top-ten-vulnerabilities Currently XSS is on top, followed by Improper Access Control and Information Disclosure. But the thing to look for is % change, that tells you which bugs are becoming more common: Improper Access Control, SSRFs and IDOR might be the bugs to keep an eye out for in the next few years!

@@InsiderPhD IDORS are hard to find 😵most probably all of them look for those.

It shouldn’t be? It’s just a easier way to demonstrate an IDOR exists

What happened to that guy

@@killabite620 He's been involved with The Daily Stormer. Far-right, antisemitic, white-supremacist stuff, basically.

My username is Insiderphd but I mainly hunt on private programs so I don’t have any disclosed bugs yet!

@@InsiderPhD ok mam thanks for the reply😇

I found 2 IDORs a month ago for $500 + $250 :)

@@InsiderPhD it mostly depend on luck. Since it's easy to find and exploit, it's hard to find. There's high chance of getting duplicate for such basic vulnerabilities.

​@@rafinrahmanchy Not all IDOR's are easy to spot some IDOR's requires deep understanding of the application/id's/parameters/enpoint's.

@@0xx039 everyone have understanding on them. No need to mention. Still it's hard to make bounties out of it.

Same here bro!😂 But patience and consistency is the key.

*Katie