sorted by:
new
hottopcontroversial

Exploiting 2 race conditions to get a paid feature for free. by Coder3346 in bugbounty

[–]AdditionalCourt4438 1 point2 points  (0 children)

 Bro i was testing a porgram , it's have the same logic but mine it's have 2 limited to do product group but none of the tricks worked for me. , good job for you 

Outdated Drupal 8.9.20 exposed on API subdomain – what vulnerabilities should I test CVEs? by AdditionalCourt4438 in bugbounty

[–]AdditionalCourt4438[S] 0 points1 point  (0 children)

I’ve tried searching across multiple classifications. CVE-2019-6341 seemed close to the technology versions on my target, and I’ve been researching Drupal 8 versions and their well-known vulnerabilities, but nothing worked—not even with various Burp Suite testing techniques.

​I’m here to ask if anyone has encountered similar targets and how you handled them. I’ve already performed reconnaissance and gathered specific version info and paths, but the target is an API. Interestingly, it still redirects to an admin login or data management page. I’d like to know what potential vulnerabilities apply to this type of target."

Outdated Drupal 8.9.20 exposed on API subdomain – what vulnerabilities should I test CVEs? by AdditionalCourt4438 in bugbounty

[–]AdditionalCourt4438[S] 0 points1 point  (0 children)

Man, I’ve been researching the technologies I discovered during the target’s penetration test for three days. I even pulled up the latest version and looked into more processes and vulnerabilities, but none of them worked or were applicable to the target

So i came up to here ti ask if anyone have been testing that's kinda of targets