Bug Bounty Tips

General

# This section will be mainly used to store information found on Twitter
# About some bug bounty tips & web tricks


Password Reset

https://twitter.com/HusseiN98D/status/1254888748216655872/photo/1

# 1/ Include controlled mail as a second parameter
# 2/ Bruteforce reset token
# 3/ Try to use a reset token on another account
# 4/ Try to figure out how token are generated


Payloads

# Top 25 XSS Dorks
https://twitter.com/trbughunters/status/1276851918946603013/photo/1
# E-mail fields are usually less sanitized or filtered
# It can be a good candidate for payloads


401403 Bypass

https://twitter.com/h4x0r_dz/status/1317218511937261570/photo/1

# GET /api/getUser --> 403
# GET / + X-Original-URL : /api/GetUser --> 200

# GET /api/getUser --> 403
# GET / + Referer : https://site.com/api/GetUser --> 200
# or
# GET /api/getUser + Referer : https://site.com/api/GetUser --> 200


Authorization checks

# Authorization checks made easy with Firefox Containers
# and Authorize extension
https://blog.rootrwx.com/post/2021-01-11-auth-checks-made-easy/