
Hello, luvs.
I planned to post this long time ago, but because I was busy building SMFD, so it took me a while. As I mentioned in an earlier post these days, I don’t hunt for bounties. I have my reasons, but it doesn’t mean you shouldn’t shoot for bounties. It can bring you a lot of freedom, money, self-esteem, and it’s quite challenging and enjoyable. To make this post more helpful, I tried to find a case study, and I chose a bug bounty (security-aware) platform itself to prove my points. I’ll start with a general background and then jump into our case study.
Table Of Contents
Bug bounty where you should start?
#I RCE through chained vulnerabilities
#II Advanced XSS through DNS email spoof check
#III Session expiration and logic issue
#IV Admin email and information disclosures
Continue Reading …
