One Bug at a Time: Last 15 days of #30daysofbugbounty

Sorry for the wait! Here is the rest of my 15 days of the #30daysofbugbounty challenge.

Here are the stats that I will be breaking down for my last 15:

Total Hours Spent: 20.95 hours

Total Bugs Reported: 26

Triaged & Resolved : 4
Duplicate Bugs: 6
Paid: 4
Informative: 13

Several bugs have been discovered across a diverse range of platforms and websites, encompassing a wide array of vulnerabilities. These include impersonation vulnerabilities in various forms. Additionally, CSRF attacks and information exposure vulnerabilities have been identified. Other bug types that were found include default admin credential misuse, enumeration vulnerabilities, XSS vulnerabilities, and instances where users were able to pass courses without completing them. These bug discoveries have played a crucial role in improving security measures and reinforcing the importance of bug bounty programs. Like I have said previously, the rewards for finding and reporting these bugs were significantly higher than what I could have earned from any job at my current age.

Here are some tips to aid in finding bugs:

1. Utilize Shodan: Shodan is a search engine for Internet-connected devices. By using Shodan, you can identify hidden services and potential entry points that may contain vulnerabilities.
2. Explore Non-Public Workflows: Pay attention to workflows or processes that are not publicly advertised. These hidden areas may have overlooked security flaws that can be exploited. Try to navigate through different steps and inputs to identify any potential vulnerabilities.
3. Analyze API Requests: Examine API requests thoroughly. Check the parameters, IDs, and email inputs for potential vulnerabilities. Test different payloads and inputs to ensure the system handles them securely and does not expose any sensitive information.
4. Practice Comprehensive Testing: Leave no stone unturned and test every possible entry point or interaction within the system. This includes form inputs, file uploads, user authentication, and any other user-driven actions. The goal is to identify potential vulnerabilities across the entire application or platform.
5. Employ a Methodical Approach: Systematically go through different components and features, keeping a detailed record of your findings. This helps in identifying patterns, common vulnerabilities, and potential attack vectors.

Summary

Over the course of my 30-day bug hunting journey, I have gained valuable experience and learned a great deal. Throughout this period, I dedicated myself to improving my skills and exploring various platforms and websites for vulnerabilities. It was an enlightening experience, and I am pleased to note that I have seen progress in terms of my accuracy in identifying bugs. However, it’s important to acknowledge that I am still young and have much to learn. I recognize that mistakes are an inherent part of the learning process, and I am committed to continually enhancing my knowledge and refining my bug hunting techniques.

Happy Hunting!!!

— atomiczsec : )