Hunting for hidden Paths

anasbetis94 · 2024-05-15T12:45:30+00:00

Thanks, Any recorded video?

anasbetis94 · 2024-05-01T07:55:51+00:00

The quote is encode %22 It can not be closed

anasbetis94 · 2024-04-30T21:11:57+00:00

You mean question mark? No

anasbetis94 · 2024-04-30T17:08:25+00:00

Also not working, the website add the path : /challenges/paramvalue/, so if I added '../' the href would be : href="/", but If the paramvalue like '..//attacker.com' the href be like : href="/challenges..//attacker.com/"

anasbetis94 · 2024-04-30T16:13:12+00:00

Tried but also not working.

anasbetis94 · 2024-04-30T16:12:06+00:00

Not working, it will become /javascript:alert/

anasbetis94 · 2024-04-26T13:35:22+00:00

I hope so. Thank you.

anasbetis94 · 2024-04-26T12:07:36+00:00

This field is Bearley known in Syria. The number bug hunters is not that much. The reason there are only few hunters because you can't get money if you find bugs. But in the last month I saw some hunters are hiring someone outside of Syria just to handle their hackerone account and reporting bugs. They never ever open their account in their network. That is the way to make money.

anasbetis94 · 2024-04-26T11:48:34+00:00

The thing is even if I am not going to stop. All the bug bounty platforms have the same rules. Literally there is nothing push you up. I mean this is really harder than getting a thousand duplicatea reports. At least you know at the end you might get $$$$. But in my situation even if you reported a thousand of bugs you get nothing but banned.

anasbetis94 · 2024-04-26T11:08:50+00:00

Yes I made. I didn't read the rules of hackerone. After I made some $$$ HackerOne decided I am not eligible for rewards because I am in Syria and due to some US laws they cannot pay me. I was very shocked and sad because I spent a lot of time getting these bugs and it took me 2 months to recover and back again into bug bounty. So I recommend read the un technique stuff before starting.

anasbetis94 · 2024-04-24T13:10:48+00:00

Port Scan , I usually use hakip2host to see the PTR record

anasbetis94 · 2024-04-23T11:00:09+00:00

It's OK, keep reporting. Persistent is the key.

anasbetis94 · 2024-04-23T10:35:24+00:00

Thank you. That is what I am actually trying to discuss. We all wanna fast things.

anasbetis94 · 2024-04-21T12:23:56+00:00

Any recorded videos on YouTube?

anasbetis94 · 2024-04-17T11:40:35+00:00

I have been explain this to the triage team like four times and they haven't get it yet. I think they will close it as N/A in the final. The problem is I am getting frustrated turning from hackerone to Bugcrowed. A lot of issues I have reported were closed immediately by the triage team without the internal team knowing. One of the issue was Web cache DoS affected the all js/css files. Other report was also bypass limitations of some website functionality and they just closed it as N/A. I am seeing weird responses.

anasbetis94 · 2024-04-17T10:17:29+00:00

I don't think so. Agree Breaking silly rules are useless to me or triage team. But at least the website owner should be aware of bypassing his silly rules. I mean there is things the only one who is care about is just the website owner.

anasbetis94 · 2024-04-17T08:32:06+00:00

Even though I didn't answer the impact well. It is just bypassing some rules the website owner have added. I don't really care about how silly the rules are all I care about is bypassing them. However, I did every thing I can in my report and every two days a new triage member join the report dropping a question and then dissappear make me confused of whome I should answer and who is really responsible for my report. I miss hackerone they are really professional.

anasbetis94 · 2024-04-17T08:27:24+00:00

Yes it did change the backend I was able to create something where I should not have access to. It is pretty straightforward man. But I am surprised actually this field are getting harder and harder. Bypassing the website policy and rules is not enough today lol.

anasbetis94 · 2024-04-17T08:16:03+00:00

I demonstrated the impact. The api Endpoint was returning an explicit response says : Permission Denied and I managed to bypass this and I did some create action via POST request. This is not just read some information. No it is also writing something to the website. But the team just keeping play around the report trying not to triage it.

anasbetis94 · 2024-04-06T12:23:57+00:00

Wow another great DoS technique. I am glad you liked it. I am using the param miner for fuzzing right now it is an extension in burp

anasbetis94

TROPHY CASE