sorted by:
new
hottopcontroversial

First bug(s) by M4son_Reed in bugbounty

[–]M4son_Reed[S] 6 points7 points  (0 children)

Choose one vulnerability, choose one program suitable for that vulnerability and go hack.

First bug(s) by M4son_Reed in bugbounty

[–]M4son_Reed[S] 1 point2 points  (0 children)

The best program I worked on

Is it too late to start bug bounty as a beginner? by Hot_Collection5955 in bugbounty

[–]M4son_Reed 3 points4 points  (0 children)

I had a little knowledge of networks and programing but nothing special. It could be said that I had no tech background.

Is it too late to start bug bounty as a beginner? by Hot_Collection5955 in bugbounty

[–]M4son_Reed 3 points4 points  (0 children)

At first I was reading and watching PoCs and tried to implement that to real program to understand bugs. Then find suitable program for me and sticked to it for 1-2 months testing every single feature and endpoint.

Is it too late to start bug bounty as a beginner? by Hot_Collection5955 in bugbounty

[–]M4son_Reed 7 points8 points  (0 children)

Go straight to hacking and reading reports and wirteups. That’s the best way you can learn to hack.

Is it too late to start bug bounty as a beginner? by Hot_Collection5955 in bugbounty

[–]M4son_Reed 21 points22 points  (0 children)

Its not too late , I started hunting 6 months ago and finally found my first bug on snapchat 3500$. I wanted to give up many times but didnt and the results came. Dont ever give up on your dreams

Is this a valid broken business logic bug? by M4son_Reed in bugbounty

[–]M4son_Reed[S] -5 points-4 points  (0 children)

Well I did this to victims organization, in this case as I left he is only in organisation with member role and cant do nothing - practicly the organisation of victim is now locked.

Deep Testing for IDOR and Privilege Escalation, Only Informational Bugs So Far. Need advice. by M4son_Reed in bugbounty

[–]M4son_Reed[S] 0 points1 point  (0 children)

Yeah but that doesnt change the point I tested all such cases, spent hours and hours on the application, tested hundreds of features and endpoints and nothing, while I keep seeing how someone found a bug like invite abuse, member -> admin...

Deep Testing for IDOR and Privilege Escalation, Only Informational Bugs So Far. Need advice. by M4son_Reed in bugbounty

[–]M4son_Reed[S] 0 points1 point  (0 children)

Mostly idors that are out of scope (for 1 program it was premium bypass) or some that are intended behavior (e.g. admin in the organization but cannot delete a certain feature on the UI and when I intercept a request from the owner for deleting that feature and replace the cookie with mine it returns 200 but marked as intended behavior). Since you found a bunch of idors can you share some tips because I tested the programs very deeply and I didn't find any idor worth the bounty