bug bounty
-
✅ What Is SSRF (Server‑Side Request Forgery)? SSRF happens when a server is tricked into making HTTP requests to unexpected locations, such as: This goes through the server, not the attacker directly. Attacker → Application → Internal Network The danger comes from the fact that servers often have access to networks and resources normal users…
-
Error pages like 403 (Forbidden) and 404 (Not Found) seem simple. To most users, they just mean “you can’t go here” or “this page doesn’t exist.”But in security, these responses reveal far more than they should. As a result, attackers often probe them to learn about hidden sections of a website, misconfigurations, or forgotten administrative…
-
Normally, XSS happens when user-controlled input appears in a webpage without being escaped. But the Host header is a special case: However… Some websites accidentally reflect the Host header inside their HTML or JavaScript code. Example: If the server inserts the Host header into a JS file: …and the website uses it without sanitizing, the…
-
1. What’s the Host header? When your browser visits a website, it sends a Host header that tells the server which website you want.Example: Host: example.com Sometimes websites mistakenly use this value in their HTML (like printing it on the page or using it inside script URLs). 2. Why this looks like a vulnerability If…
-
Password Reset Poisoning is a web-security vulnerability where an attacker manipulates the password-reset process so the system sends a reset link containing an attacker-controlled URL.The attacker’s goal is to trick the victim into using that malicious link, allowing the attacker to capture the reset token and take over the account. What Is Password Reset Poisoning?…
-
Web applications are full of hidden weaknesses, and with the right tools, even beginners can uncover serious security issues. Burp Suite the go-to toolkit for web app testing provides everything needed to spot vulnerabilities that can lead to data exposure, financial loss, or account takeover. In this article, we’ll look at three high-impact vulnerabilities that…
-
What is CSRF? Cross-Site Request Forgery (CSRF) occurs when: CSRF exploits the fact that browsers automatically include authentication credentials (cookies, session tokens). Simple Example If a banking site allows money transfer via a URL like: https://bank.com/transfer?to=attacker&amount=1000 An attacker could embed this in an image on their site: If a logged-in victim visits the attacker’s site,…
-
Ever seen a website where changing a number in the URL shows someone else’s info? That’s what an IDOR (Insecure Direct Object Reference) looks like. Let’s break it down in the simplest way possible what it is, how it works, and how bug bounty hunters find it quickly. 💡 What is IDOR? IDOR happens when…
-
How to find AWS misconfigured S3 Buckets for bug hunting | By Alham Rizvi
AWS pentesting, AWS security, bug bounty, Bug Bounty Tips, cloud hacking, cloud misconfiguration, cloud pentesting, cybersecurity, data exposure, Ethical Hacking, Information Disclosure, LazyS3, misconfigured S3, open S3 buckets, PyLazyS3, recon automation, Reconnaissance, S3 bucket, s3recon, S3Scanner, Security ToolsIntroAmazon S3 stores files in named containers called buckets. Developers sometimes leave buckets public by mistake, exposing files like logs, backups, or credentials. This guide shows what S3 is, why misconfigs happen, simple non-destructive checks, and practical install/run commands for common tools. What is an S3 bucket?An S3 bucket is a named storage location in…
-
Sensitive Data Exposure in .js Files |By Alham Rizvi
Alham Rizvi, API Key Exposure, Bounty Report Writing, bug bounty, Bug Bounty Tips, Bug Hunter Guide, Credential Exposure, cybersecurity, Data Leakage, Ethical Hacking, GetJS, Hacking Guide, httpx, Information Disclosure, JavaScript Security, JS Bundle Analysis, JS File Analysis, Katana, LinkFinder, Mantra, Penetration Testing, Recon Tools, Reconnaissance, ripgrep, Secret Key Finder, Security Research, Security Tools, Sensitive Data Exposure, Sensitive Information in JS, Source Map Exposure, subjs, Token Leak, Vulnerability Hunting, Web Application Security, Web Security1. Why JS Files Are Useful for Hunters Web apps send a lot of code to the browser. JavaScript bundles, source maps, and inline scripts can leak: • Hardcoded config like API endpoints and environment flags.• API keys, tokens, and credentials left in code or comments.• URLs to staging or internal services.• Source maps that…
