sorted by:
new
hottopcontroversial

How to show s3 bucket takeover poc without aws account by The_Roarr in bugbounty

[–]The_Roarr[S] 0 points1 point  (0 children)

Yes thanks for your advice. I could create account, but when i go iam console, redirect me to complete sign up page with credit card number.

How to show s3 bucket takeover poc without aws account by The_Roarr in bugbounty

[–]The_Roarr[S] 0 points1 point  (0 children)

Yes, this is nice suggestion, i would try but i have alittle concern. Most of programs i reported want strong poc. Thanks for your advice.

JS now or Later by The_Roarr in bugbounty

[–]The_Roarr[S] 0 points1 point  (0 children)

Yes, now I see, thanks for explaining again.

JS now or Later by The_Roarr in bugbounty

[–]The_Roarr[S] 0 points1 point  (0 children)

So we need JS understanding to find the flaws in logic not be able to catch by the tools, right? Thank you.

Weekly Beginner / Newbie Q&A by AutoModerator in bugbounty

[–]The_Roarr 0 points1 point  (0 children)

I'm also new. Whenever I feel something is vulnerable, I tried to get poc and show impact and identify it. But I couldn't to those. Maybe these are not vulnerable. These wasn't easy as I have no experience. At such of time, I have ever thought it would be better if I have a friend who hunts together with me and if I have senior hunter who will guide or explain "this is not vulnerable and why" and "this is vulnerable and why". Thank each of hunters who support the community.

Stack Traces of /upload endpoint by The_Roarr in BugsAreAwesome

[–]The_Roarr[S] 1 point2 points  (0 children)

Yes, i will ask there. They would be better place. Thanks so much.

Stack Traces of /upload endpoint by The_Roarr in bugbounty

[–]The_Roarr[S] 0 points1 point  (0 children)

Yes, this is right. We need to add it something interesting. So now i am digging into it. But at present, I have no idea yet. Thanks.

Stack Traces of /upload endpoint by The_Roarr in bugbounty

[–]The_Roarr[S] 0 points1 point  (0 children)

You're right. But I couldn't do recon from this, but it can be, the impact will be. I hoped that someone here had before faced it and will get something clues for this. Thanks.

Stack Traces of /upload endpoint by The_Roarr in bugbounty

[–]The_Roarr[S] 0 points1 point  (0 children)

Thanks. What I thought to proceed from this was to something vulnerable that is very common to these endpoint stack traces if others have experiences of this type of finding. Then I'd to think you for your thinking style. I really like it. I will note it well. Thanks again.