This is a short story about my recent bug hunting on a private program. This program mainly relies on OTP to check user’s authentication. This story would walk through how I bypass its OTP check using response manipulation. So, let’s begin. If you are not yet a medium member, please…

As a bug bounty hunter, you may experience something like below: After hundreds hours of hacking, you found zero bugs. So, you work a lot harder, doing more recon and test on every single endpoint. However, as time goes by, still no more bugs could be found. Finally, you found…

How hackers can bypass JavaScript security checks exploiting its weakly typed feature. — As you may know, JavaScript is a weakly typed language. These features of the language can be used by hackers to bypass some checks within a Node.js application. So, what is it means by weak type? Let’s consider the below example: var a =1; var b ="1"; var c= a + b; console.log(c==="11")…

Recently, I have been invited by my friend to participate into a private pentest project. The target has been using Nginx as its Reverse Proxy and I found a common Nginx misconfiguration that leads to a path traversal bug. In order to help the owner of the target to have…

File upload is a function commonly founded in web app. You may find it in social network app, job seeking app etc. Also, it is one of the areas that developers would overlook. This article mainly introduces what common bugs can be founded in file upload functions. So, let’s begin: File Upload IDOR …

In previous post, we discussed about how to setup a Recon Machine on VPS and how to use Screen to maintain your recon process even after you logout from VPS. This article would walk you through some other linux tricks Bug Bounty Hunter normally used in their hacking. Schedule Your Task In Linux…

If you are a bug bounty hunter, you may notice that recon is very time consuming. Sometimes, even you have mostly automate your recon, recon might takes days or even weeks if you are hunting on a huge scope. If you use your home workstation, it occupies quite a lot…

Cache Poison is a bug commonly seen in web apps. This passage walks you through how you could automate your testing on such commonly seen bug in web application. …

This is another story of my recent finding of sensitive information leakage. The target is a big hotel and resort Group which has operation in over 10 countries over the world. As I am not allowed to disclose the detail, I would use redacted.com …