BugBounty

[BugBounty] Decoding a $😱,000.00 htpasswd bounty

tldr; A Private Bug Bounty Program had a globally readable .htpasswd file. I cracked the DES hash, got access to development and staging environments and was rewarded a shitload of$. [Tools used] dirbuster https://www.owasp.org/index.php/Category:OWASP_DirBuster_Project John http://www.openwall.com/john/ [\Tools used] Today I want to share something with you that I recently discovered in a private Bug Bounty Program. Due […]

[BugBounty] Decoding a $😱,000.00 htpasswd bounty Read More »

[BugBounty] Reflected Cross Site Scripting BillMeLater

Dear followers, i recently found a reflected Cross Site Scripting issue on a Subdomain of BillMeLater (Paypal acquisition) it was possible to break the style attribute and add malicious Javascript Code into the Application. “–></style></ script >< script > alert (“XSS “)</ script > When ending the previous style and script element it was possible

[BugBounty] Reflected Cross Site Scripting BillMeLater Read More »

en_USEnglish