Scribd
Upload
239 views10 pages

Abusing Functions For Bug Bounty PDF

This document discusses various functions that can be abused during bug bounty hunting to potentially find vulnerabilities, including: 1. Register, login, and account settings functions which should be thoroughly tested both as an authenticated and unauthenticated user. 2. Creating accounts with the same credentials or email domains across web and mobile apps to test for inconsistencies. 3. Attempting common activities without logging in to find authorization bypass bugs. 4. Using atypical payloads like null values, delayed responses, and special characters to uncover errors or behavior that disclose information.

Uploaded by

big bros
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
Download as pdf or txt
239 views10 pages

Abusing Functions For Bug Bounty PDF

This document discusses various functions that can be abused during bug bounty hunting to potentially find vulnerabilities, including: 1. Register, login, and account settings functions which should be thoroughly tested both as an authenticated and unauthenticated user. 2. Creating accounts with the same credentials or email domains across web and mobile apps to test for inconsistencies. 3. Attempting common activities without logging in to find authorization bypass bugs. 4. Using atypical payloads like null values, delayed responses, and special characters to uncover errors or behavior that disclose information.

Uploaded by

big bros
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
Download as pdf or txt
Download as pdf or txt
You are on page 1/ 10

Abusing functions

for bug bounty


ADITYA SHENDE
whoami
ADITYA SHENDE

-Proud Indian

-Bug Bounty Hunter

-Listed in top 100 researchers on Bugcrowd

-Trader and investor


Functions ? What ? Type ? 
BASIC
What we can do on website or how it works

AUTHENTICATED
In this type we need to use our credentials to perform activities or changes

NON-AUTHENTICATED
Simple opposite of authenticated, In which we dot need to provide
creds or identity
REGISTER FUNCTION

What to check ?
Creating new user in site as per function

LOGIN FUCNTION
Always check whole Providing creds to access registered account
website as normal user.
ACCOUNT SETTINGS

No need to use Most buggy section with multiple functions


burpsuite all time.
WEB APP + ANDROID APP
For checking activity reflections in both
Functions are easy to
understand
-Creating account on
web + android with Register account
same id

-Crafting id for takeover

hacker@gmail.com@target.com

-Username + reset function with


collaborator link
username@collaborator.net

-Creating account with company


mail addresses to gain extra
authorities.

Use hunter.io
-Using multiple usernames at a time.
"aditya","victim": It may give you
weird response or error disclosing
Account Login
information.

-As usual perfoming Long DOS attack but


ever tried "username=z||ping+-
c+10+0.0.0.0 |" for time delay resposne

-Sending reset link with email :


1. victimusername@site.com
2.victimusername@collaboratorlink.net to gain
link in SMTP conversation.
-Multiple functions: Add link, Attach
file, Add number, Password functions,
Account Settings
email functions etc.

-Using null payloads everywhere to get


weird response, time delay, Blind SSRF,
IDOR's, Long DOS everywhere

-Try to perform same actions without log


in.

Opening sensitive URL like


site.com/uvsgkushdjnxlj2s1a/account-
settings.
Web + Android app
-Creating account with same email-id
on web and android app.

-Bypassing it with response


tampering(mostly works) in web app.

-For verification do some changes into


android app and verify it with web app
Example: Updating name, number, data
change, deleting account.
Burnout and time
management
FUSTRATION
Getting duplicates is okay, You found
valid bug just need to increase speed
SCREENSHOTS
Don't focus on money . Learning
always leads to $$$$. Better ignore
screenshots.
TIME
Read 2 hours daily. Increase your
report ratio and finally do not
compare.

You might also like