#bug-bounty

You don't need to be expert , but you need to be familiar

Is there a software learning channel you recommend?

thank you bro

Gave +1 Rep to @obtuse fern (current: #13 - 588)

Good luck on your journey buddy 😄

In my first bounty I will buy gift for you

Good luck buddy , we believe in you 😄

I'm open for collab 🙂

yes after becoming familiar with HTML/CSS/JS/PHP learn bash

go-dnsbrute is a fast and lightweight DNS brute-forcing tool written in Go -https://github.com/raj77in/go-dnsbrute

hey guys

any bounty hunter here

Hi guys you have any ideas for ai pentesting?

Portswigger has a dedicated learning module here that is free.

It is directed towards LLMs though.

there is path bug bounty in tryhackme?

Check this one out 😄

https://tryhackme.com/r/path/outline/webapppentesting

I recently spotted a new bug bounty platform dedicated to AI/ML vulns: huntr[.]com but havn't explored in too much depth as yet. There's a parent inc in front of it with their AI and ML Security stack

(fell into my lap while researching the OWASP top 10 for LLMs)

i have just started myself , i was looking around and found Hackerone maybe you might find some good info there

Try Bugcrowd also 🙂

I've completed the beginner room to bash but is there a advanced knowledgeable source for Bash language

hey

how leaderboard points works?

my points are stuck at 243 for 2 days

Where , on THM 🙂 ? Monthly or overall ?

monthly one

overall is fine. i have figured it out

Only CTF points are counted and only from this month 🙂

yes ik

my points were 243 and still 243 i have solved like 5 or 6 rooms afterthat

Yeah but only CTF/challenge rooms are counted , walkthrough rooms aren't counted 🙂

i didnt do any walkthrough one

Which room have you done ?

i did sql injection lab, splunk, sql injection, advance sql injection, sql map

These are all walkthrough labs 🙂

They aren't counted 🙂

They are counted for overall score only 🙂

ohhh okay

only ctfs

got it

You can find list of CTFs here 😄

https://tryhackme.com/r/hacktivities/search?page=1&roomType=challenge

Scope?

you mean for subdomain enumeration or content discovery?

Usually you just have to check your scope. If you are tasked to enumerate on your own, its more a pentest then bug bounty.

No I was asking for you to link the scope you have been given

If it's a bug bounty program it will be public

Im not sure for your particular case but if i remember correctly python had some library that would scrap every element of a page or more accurately to say it would download the html in the same format youd see it in dev tools , if thats what youre looking for

https://www.crummy.com/software/BeautifulSoup/bs4/doc/#

Gave +1 Rep to @drowsy steeple (current: #2503 - 1)

that SUPPOSED is never feasible. Any resource can be inaccessible at any time but OK. The only way to determine if that resource is available on the server is to actively accessing it (scrapping it).

You will do crawling.

https://github.com/hakluke/hakrawler

Gave +1 Rep to @lilac spindle (current: #22 - 440)

Ooo tysm

Hi , I'm new in bug bounty , any advice ?

What do you need advice with 🙂 ?

Me too

Hi guys, I saw a video about bug bounty hunting and was instantly hooked. Although I'm still a beginner when it comes to coding and cyber security overall, I plan on working towards a skill set that allows me to partake in bug bounty hunting one day.

Does somebody have real experience in bug bounty hunting and can say something about the skills necessary and the preparation process?

Its largely web app/API hacking.

Portswigger Web Academy is good enough for gaining the required technical skills

Other than that, reconnaissance/fuzzing plays a big part in finding vulnerabilities. IMO, this comes from having a methodology and understanding what to find. For example, you have an IIS web server, one methodology is to run a “short scan” which is to do directory bruteforce on short names which is largely due to the IIS shortname file disclosure vulnerability.

You can pick up some cool tips and tricks from Youtube of other bug bounty hunters

Lastly, you need to understand vulnerabilities well and be able to appropriately score them based on risk and have the necessary writing skills to say what you want to say to the client

Thank you very much @lilac spindle

Gave +1 Rep to @lilac spindle (current: #21 - 441)

I'll look into everything you said

My goal is to find a bug in 2025

Doesn't even have to be financially rewarded

I recommend the tryhackme web fundamentals path (basic understanding of how websites work + tools/methodologies + BURP! and after that Web Application Pentesting path.

After learning a topic on tryhackme for example xss or IDOR you can go to Portswigger lab to test your skills.

learn nodejs if you really want to dig deep 🙂

Thanks folks, I love this community

I started my learning path in cyber security at the beginning of this month and was amazed at how helpful the members of this community are

I was stuck in multiple instances but there were always people to help me out, I'm blessed

sorry about that , I want to say is there any advice to be a successful web penetration tester/bug hunter .

Well , you need to learn and practice a lot 🙂 . I would recommend you to check Web App Pentesting path on THM and Burp's Web Security Academy 🙂

okay I will do that , thank you for your answer 👍

Gave +1 Rep to @obtuse fern (current: #5 - 1506)

I am new to cyber security and i am learning everything I can and i want to get into bug bounty what would is the best way to get started for bug bounty?

ok I will start there thank you

Gave +1 Rep to @modest marsh (current: #1663 - 2)

Thank you I will do what I can to learn as much as I i can from what you have shared

Gave +1 Rep to @modest marsh (current: #1249 - 3)

heyy

anyone wanna team up? I've recently started learning bug bounty, i need someone with intermediate or more than that skills, so that he/she can show me some real time bug hunting and help me...

Burp Scanner / ZAP

I suggest Zap since it’s free and has almost the same features

Why would you do that 🙂 ?

Gave +1 Rep to @obtuse fern (current: #5 - 1811)

I'd use caido if you dont want to pay for burpsuite

Hey guys I have a goal to earn enough money from bug bounty so I started doing it but failed miserably due to lack of knowledge I did learn some stuff before getting into bug bounty but that's not much of a help so again I made a path for myself that is 1. Reach the max "legend level" (right now: hacker level 8) in tryhackme then solve the hacker101 CTF then do bug bounty on a private program but I'm not sure if it's a good idea or not ?

I would also recommend you to check Burp's Web Security Academy 😄

I already solved most of em

Try to read some disclosed already discovered bugs and try to put that knowledge in some new programs 🙂

Where do I find it I check hackerone program section where people report the bug to the company but I rarely saw any writeup or method

Can you recommend me some site or place to get latest writeups

Or disclosed programme 🙏

I'm a little confused 😕

You can google Hacker One reports 🙂

Google also has a Bug Bounty program and it also shows you the reports that were submitted and there's ton of information out there on their site

Thanks ❤️

This might help:
https://hackerone.com/hacktivity/cwe_discovery?id=cwe-284

How long did it take for you to find your first bounty? I just started in November, but it still seems unlikely that I will find something others haven't found yet. I feel the disbelief I think all beginners have. I know its not a sprint

Check out our conversation above 🙂 . I would recommend you to check some already discovered bugs and try to implement that knowledge and try to find them on newer programs 🙂 .

Good luck on your journey!

thanks man! ❤️

Gave +1 Rep to @scenic hill (current: #2578 - 1)

Wouldn't forming a group for bug bounties be more efficient rather than trying to solo them? I assume the biggest hurdle for a group hunt is splitting the money IF you even get any.

I wonder this too and in terms of splitting are we doing this over written agreement or what?

I started around November last year (I had wanted to try BB for quite some time but never got a chance). I went through lots of bug reports already available on the internet. Before the end of the year, I found 4-5 bugs (Low-Med) on h1.

-t - threads . Threads are independent sequences of execution within a program, allowing multiple tasks to run at the same time, which in Gobuster case means making multiple requests at the same time to speed up the proccess 🙂 .

Should be 10 but i am not 100% sure

Gave +1 Rep to @obtuse fern (current: #4 - 1955)

following up from what was already suggested to @neat finch there's also a public github repo exactly for this that has a silly amount of examples

Thank you so much for adding that 😄

Gave +1 Rep to @frail compass (current: #207 - 35)

https://github.com/blaCCkHatHacEEkr/PENTESTING-BIBLE

some articles might be a bit dated but was a good resource in my queue

Thank you so much 😄

Gave +1 Rep to @frail compass (current: #203 - 36)

Hello

does anyone here use screaming frog SEO spider in ubuntu?

I'm very uncertain about how to best approach learning bug hunting when the field is so broad. What did you do when you were learning? Was it like focusing on one subject or bug per week to study and then moving to another the next week, or was it just a mix of everything?

Well it was a mix in my case . You can use Web App Pentesting path on THM and Burp's Web Security Academy as a starting resources 😄

Ello chat

Any tips for beginner bug bounty hunters (<- this guy)

Try to check out Burp's Web Security Academy and THM's Web App Pentesting pathway 🙂

Okayy

Feelin overwhelmed, have been training for a while but don't wanna mess it up

Well , it's a long process afterall 😄

V true
I love finding exciting bugs, monetary gain aside

I'm assuming you've done bug bounties in the past. I also assume it's 99% research, 0.5% execution and 0.5% retrying

How has your experience been if I may ask?

No , I haven't but I'm planning to start and see how it goes 😄

I see, I see

Hope your journey goes well too!

Thanks , good luck on your journey too , but afterall we're all here so we're going to help each other anyway 🙂

Gave +1 Rep to @steep kraken (current: #777 - 6)

Amen to that
Thanks for your support, appreciate it

Gave +1 Rep to @obtuse fern (current: #3 - 2122)

Probably the problem isn't on your side , this Burp's CSRF ( and generally client-side vuln. labs ) can be buggy and won't work on a first try . Wait for a lab to restart and try again , it happend to me multiple times 🙂

The problem is that bot "have some problems with clicking on links" 😄 . Also as Portswigger suggests try to use Chrome if possible 🙂

Hi, I'm participating in a bug bounty program🙂 . I'm still new to this and haven't had much luck so far. I found my target through the program and performed an ICMP Echo request to get its IP address. I was able to access the target website using the IP address (https: //IP), which is part of a Class B network. During my passive reconnaissance, I also discovered other hosts within the same IP range during passive recon and I want to continue test them because they are running on Windows 10 IIS servers without domain name.
However, the bug bounty program only lists the target domain names and not any specific IP addresses.
Will I be within scope if i continue ?

That seems a bit out of scope to me

oh thanks, I was thinking the same thing

Gave +1 Rep to @obtuse fern (current: #3 - 2174)

Yeah , client side rooms definitely have some problems with bot . Sometimes it took me 3-4 times doing literally the exact same thing in order for it to work out 😄 . Also try to use Chrome if possible 😄

Gave +1 Rep to @obtuse fern (current: #3 - 2183)

Hi everyone, How we all Doen...?

Thanks for asking , good , how are you 😄 ?

Gave +1 Rep to @meager bane (current: #1293 - 3)

I Have a question here, I want to focus on Bug bounties so that I will not have to be presenting Resumes and cover letters applying for Jobs, this is because I dont have any years of Experience, And I believe with bug bounties I can still make small income and gain my experience over time, What Resources do you thing I Need to focus on more to successful in this path as Fast as possible. And can I also be participating in the real Bounties while learning or I need to be grounded first. Cos really sometimes I feel like I am doing some irrelevant stuffs that are not in line with that path. @obtuse fern I will need your inputs here please.

Check out Web Fundaments path on THM first , after that move to Web App Pentesting pathway . Also I would definitely recommend you to check out Burp's Web Secuirty Academy if you're interested in bug-bounty , also read Articles from their research team on their web site . Checking already disclosed vulnerabilities will also be a good source of information 😄

https://tryhackme.com/r/path/outline/web

https://tryhackme.com/r/path/outline/webapppentesting

https://portswigger.net/web-security/

Thanks, I have done some tasks on Portswigger, I guess I will do more of the tasks to get acquainted then. But do I need in-depth knowledge of Networking??

Gave +1 Rep to @obtuse fern (current: #2 - 2349)

You don't need to go deep with networking for bug bountry , but you need to know how function protocols, ports, online encryption,... Majority of that is explained in THM paths that I gave you above 😄

Thanks so very much 🤝

Gave +1 Rep to @obtuse fern (current: #2 - 2350)

Hi can we use sublister for THM challenges

Check-out install section on sublist3r GH page 😄

https://github.com/aboul3la/Sublist3r

Alright, Thanks

Gave +1 Rep to @obtuse fern (current: #2 - 2356)

Tfw when you find a critical bug which leaks db creds, but it's on some pest control website with no VDP

so frustrating

Bug booty program

Is okay, report it still

They don't have any form of contact, it looks like some random dude is serving it over a python http server on his pc

its like "contact x number for pest control services", but the site uses wordpress with a lot of exposed endpoints

Of course it's wordpress

I enumerated the usernames on one of my ol' clients' website because their plugins were outdated

I told them about it, and they said, "We don't have a need to update the plugins."

I was like, "ok 😐👍"

Sure, until someone gets RCE with them

/j, but still that's wild

Whenever I find a wordpress website, I become happy

Because I know there's gonna be a ton of bugs

Serving a WordPress site... from a Python HTTP server?

Does that strike you as likely?

They're not, but the visuals make it look similar

... The visuals... Of a server technology?

Yes, I don't know exactly how to explain it

Hey guys, I currently can’t upload pictures but I just opened HackerOne where it says gold standard $200-$2M what does that even mean? Please don’t laugh 😆 but is the gold like a type of currency thing on there. No one’s actually getting paid 2million dollars right

no one is getting paid $2 for a bug

that is collectively cumulative amount

No it says $200 to 2 million

Oh

$200 is most situations

95%

Okay

So 95% of bugs are £200

Actually crypto.com offers $2M for a critical bug 🙂

Where are you seeing that?

NahamSec makes >$100,000 but he is full on hunter

okay, almost no one is paying that much. makes sense for that platform

I think you’re right, I think those ones are coin

Yeah you're totally right I think that averages are few hundred $ 🙂

I just opened an account and after the questions it puts me through to available bounties. I can send you a pic to show you if you want

In DMs because support haven’t got back to me yet

Oh Jesus

Yeah that might help, I can post it here for you

Like 100k a year ?

Okay thank you

Gave +1 Rep to @vocal folio (current: #3 - 2243)

check out his youtube channel and PhDInside, talks on bug bounty

For bugs in hackerone itself, this is the schedule by the looks of it

(This page was the only reference to "gold standard" I could find)

i signed up for intigriti (europe based) but havent done anything with it

...I ain't reposting a photograph of a screen, but that's for Coinbase specifically @fallen palm

Ah okay

Yeah sorry 😂I’m on discord on a mobile and looking at hacker one on a laptop

Gold Standard is the "gold standard safe harbor" policy, so basically they won't prosecute you if you work in good faith and they'll try to defend you if someone else tries to prosecute you for it

Okay thank you

https://hackerone.com/coinbase/safe_harbor

Ohh okay

So it’s like a protection for pentesters

Omgg

😂

Ahhhh autocorrect

This is also a bug bounty platform ?

It is

I’ve found ten so far

yes.

Would you like them

Or at least 9

the one youtuber i watch is part of it and has videos on hacking , CTFs, and bug bounty

Is that the YouTuber you mentioned above ?

Thanks for info @ember vigil @fallen palm 🙂 . Will check that one out also 😄

Gave +1 Rep to @ember vigil (current: #57 - 146)

Sorry did you want the list? I am confusion 😅

< caution posting links >

No , I just haven't heard about that platform before you told me 😄 . I will definitely check out what's going on there 🙂 . Thanks for info again 😄

Well if anyone else wants it
HackerOne
Bug crowd
Synack
Cobalt
Open bug bounty
Intigriti
Zerodium
Crowdcurity
Yeswehack

Yeah I would get muted 😆

The bot hates me

Zerodium platform pays for 0day exploits regardless of who is offering

Thanks 😄

Gave +1 Rep to @rustic sparrow (current: #178 - 44)

The page just says contact

😂

Third party vendor… seems sussy

you should edit it out

You said you use intigriti right

The bugs look cute 😌

Do you ever put your real names in these sign ups

i didnt

intigriti page was sketchy

Bug Crowd has reputation for being legit

they have a youtube channel hah

Ohh okay

Well thanks everyone 🙂

You're most welcome

Bugcrowd and openbugbounty are nice

What's the census on hackerone?

It's great for bug bounties, about what you would expect from reading the policies regarding security researchers and enterprises hosting bug bounty programs

Guys do u've paid subscriptions ?

For what 🙂 ?

I am trying to start to do bug bounties but i am worried that if i just start on a bounty i would get in trouble for anyone who uses hacker one for bug bounties be able to help me on getting started with them and if so would anyone be willing to help me get started in private messages? (i am still learning as much as I can before getting to into it)

Sure

What's the best way of bug bounty hunting on my phone.
Would this be through duel booting my OS with a Linux distro?

Kali nethunter and Tmux are alright but I want more control without compromising my devices security

I am a bit of a noob with phones so it would be good to get some advice

Alot of stuff that would be most useful for a phone would require rooting, which I don't suggest.

If you duel boot into a custom Linux environment that is completely segmented from you main phone storage with FUD and encryption in transit

Then you might be able to control that, no?

You can also use Android Studio for beginning

Great recommendation

Does it look like I'm missing something though?

No but for beginning it may be easier to use Android Studio , I think there're even pre-rooted images of some phone models available 🙂

Oh cool as, the only problem I have is security and being able to monitor the security on the phone itself

Somehow monitor both sections of the phone. Might need another device to that though

You have a virutualized phone in Android Studio , like a VM on your PC 😄 . You don't need to use your phone

You have a room on THM touching briefly on Android hacking , it's a bit outdated and not very detailed but it's at least worth checking out 😄
https://tryhackme.com/r/room/androidhacking101

Alright thanks, I'll check it out

Gave +1 Rep to @obtuse fern (current: #2 - 2627)

I'm sure it still has good information

It has but be aware that some things are a bit outdated at this point 🙂

where is god sites to try bug-bounty???

You can try hackerOne or bugCrowd 🙂

Does anyone know any attack vectors that are unique to mobile phones and are targeted in emulators which could be useful for bug bounty hunting?

hii, anyone who can help me ?
I found a weak TCP Sequence, and I wanna test that out.. it says TCP SEQUENCE PREDICTION: DIFFICULTY=261, all i found out is that, this difficulty ranges from 0 to 2³², and lower than 300 means that the target is vulnerable to TCP Session Hijacking. i found this while i was running an NMAP scan on a bug bounty program

Where did you find it?

on a website

i have to check the nmap scan result for target ip

Which website?

Are you doing a bug bounty?

yes I'm

Can you please share the scope. 🙂

can u pls share the details or article that might help me create a POC

Not until you share the scope of the website you're targeting. 🙂

I'm not wasting my time here anymore, i got my answer... GL

I'm just making sure you're not asking our members to help or assist with something that is potentially illegal. 🙂

i told you I'm done here

Such an aggressive tone...

In future, if you're not willing to share the scope, don't ask for help in this server. 🙂

u haven't seen my aggressive tone yet sir.

interesting

You can try to rev. eng. the app in Android studio/jadx or suchlike software 🙂 .

man, i feel like i missed out earlier on that convo

Tfw you have self XSS on 20 different sites (with VDPs) but no idea what to do with it

There are few bug bounty websites you should try like

Bugcrowd
Hackerone
Intigriti
Yeswehack

You can also use the google dork to find the programs which are not listed on the platforms above

Personally, I recommend Bugcrowd.

Personally, I recommend websites from 2001

They're the most vulnerable and even I have some hope of finding bugs there ;-;

They have VDPs?

I doubt unless they’re part of a large org

Yeah, things like W3 probably do

how do you keep your temper

lol

What do you mean by temper 🙂 ?

wiht people like this

with*

Laugh at them

Makes you feel better instantly 🤷‍♂️

... Just don't do it to their face if you're being professional

I'm not too worried, they left shortly after talking to me.

Are there any creators doing live bug bounties? At least the basic stuff, that you guys recommend?

creators of what?

Anyone got a repo of File Upload bypass files?

What do you mean 🙂 ?

Just ignore , trolls 🤣

I have found a upload service in a program, and i want to test if i can upload shell files 🙂

maybe a repo with, .img, .php, .php.jpg and so on 🙂

Burp should have a wordlist that will fuzz for that , seclists also

But what about files, so you can upload the files, without fuzz

upload a php file and see

typically it'll display an error message telling you what kinds of extensions are allowed

even if its limited to image files, you can try a bunch of stuff 👀

Well uploading a rev shell should probably be out of scope

Uploading an empty php file would probably be ideal, to confirm a vector for RCE

it would depend on whether or not the backend sanitizes it though, you can try including a command like whoami or echo test in the file to see if it isn't

Good idea, thanks

Gave +1 Rep to @arctic acorn (current: #257 - 27)

These two wls can be good along with Burp's 🙂
https://github.com/danielmiessler/SecLists/blob/master/Discovery/Web-Content/web-extensions.txt
https://github.com/danielmiessler/SecLists/blob/master/Discovery/Web-Content/web-extensions.txt

Thanks 🙂

Gave +1 Rep to @obtuse fern (current: #2 - 2933)

why would you recommend BugCrowd instead of other platforms?

I prefer it over hackerone

Ok but why ?

idk I guess it's just a personal preference. The UI is nicer and the way that its structured is better

is there something in specific or just personal preference?

I would also agree with you again just personal preference 🙂

in h1 i have some exp but not in bugcrowd. made the account years ago but never took a look at it

Yeah I think both are good, just whatever you find works for you better like kgb said

plus the triagers are p quick at responding on business days

what's some ways to get private programs with bugcrowd?

Get certain reputation levels

how? by participating to public programs or is there another way?

Participation mostly.

hello everyone im really new im barely starting all this sadly but i want this more than ever im studying tryhackme under drwDWN if you want to see what i've completed so far ... im looking for a mentor to get me to self sufficient bug bounty hunter if possible

We're all here to help 🙂 . Feel free to ask anything 🙂

Hi guys
I have founded a button in a site, thats is a href what indicates the / directory of the site
Manipulating the content of the href to "javascript:alert():" and clicking the button, the alert console pop-up for me
My doubt is if is a XSS or no, why not modify anything in the url
I founded a XSS? Whats type of XSS is?

self-XSS

does it reflect in the URL?

Nop

But open the alert popup

self-xss then

Understanding
Have possibility of i leverage this for a DOM based?

try seeing if it runs in the DOM

or if it persists after refreshing

if nothing is reflected in the URL, like absolutely no parameters or anything, then its most likely self XSS, which most programs don't allow

(I found this out the hard way)

Undestanding, thank you man

i am new to bug bounty

what to do in this situation

412 is used when request is conditional and you don't meet the condition . Maybe your IP has been filtered or something like that

I don't know how to do that

For example , maybe it only allows local addresses to access that resources and your address doesn't meet that condition so your receive this error code .

oh
got it , Thanks

Gave +1 Rep to @obtuse fern (current: #2 - 3295)

I can probably think of a way to bypass that

It depends on what the condition is of course

maybe he got this when he tried to do a potentially dangerous operation like a attack payload

Holy! Tons of resources for beginner bug hunters in here. Thank you guys.

Hey! Did you know that TryHackMe has its own bug bounty programme? Well you do now!

As with a bug bounty programme for any company - you must read & adhere to their rules and policies. Here is TryHackMe's: https://help.tryhackme.com/en/articles/6495946-the-bug-bounty-program

Ensure you understand what you can and cannot do before attempting anything and adhere to the disclosure policy

Thanks @lavish hollow

Gave +1 Rep to @lavish hollow (current: #6 - 1483)

Found the admin panel at: https://admin.tryhackme.com

real

omagah i got admin access!!! /j

Gave myself a lifetime subscription and a job in thm

Hi guys. Why the "value" is not closed?

It depends on the framework its built in. It might be literally putting your payload as the value of the value parameter

Understand, but how i can close the value, and add a new attribute?

Try to understand if the framework allows adding of HTML elements directly but in your case it might not be interpreting it as you want

Ok man, thank you

Thanks @lilac spindle

Gave +1 Rep to @lilac spindle (current: #22 - 447)

Yes we have given out bounty rewards

Users with the bug hunter role on the platform and Discord are recipients - they have found three security vulnerabilities

I'm not sure, support usually hand the bug bounty queries 😓

My submission on NASA got triaged and accepted

Congrats , great job 🙂 🚀

Are you allowed to disclose which type of vuln. it was 🙂 ?

Not yet, but I'll mention it here once its disclosed

Thank you 🙂

Gave +1 Rep to @arctic acorn (current: #236 - 32)

https://help.tryhackme.com/en/articles/6495946-the-bug-bounty-program

You've already emailed Support, don't release any information until they've got back to you please.

Done!

[BANSPAM] I cannot DM purflux#0!

Hi guys. If anywhere like to search for XSS in bug bounty programs, call me in dm
I am starting in bug bounty now

HI! I have found a vulnerability on a web site for an organisation, that uses a certain security product. Should you contact both or the organisation and the security product vendor? At this time I am not 100% sure if the organisation has made custom changes that has introduced this vulnerability or if it is inherent in the product. I cannot see any product version, just response header indicating what security product is used.

Report it to the website

If its a vulnerability in the product, it might have been documented in NVD, if you search for <vulnerability name> in <product name> <version number if you find it>

If not, it'll likely be a misconfiguration by the site owners, although it depends on the product. If you find the same issue consistently in other sites using the same product, there's a chance you might have a future CVE on your hands.

Thank @arctic acorn! After doing some more research it looks like a misconfiguration by the site owners. I will check with them. Thanks again for your response!

Gave +1 Rep to @arctic acorn (current: #226 - 34)

👋

i got bounties, can confirm what Jabba is saying

It depends on the site

Sometimes bugs are very easy to find, sometimes they're very hard

Got. I'll do a writeup soon.

Wow awesome! Congratulations, that's amazing 🎉

Did you actually get a shell for proof of concept, or stop at the LFI?

Nono just stopped dont need proceer its already a unauth p1

Nice, solid finding

Do you mind if I DM you about something? Related to the same program

Yep but i can reply only when they confirm the disclosure, so i can do a writeup

Not related to the vuln itself, dw

Oh ok dm

Dmed

Hello, I'm starting my bug bounty journey and would like to test my hunting skills. As a beginner, how can I choose my targets effectively? 🙂

I've seen so many targets. I'm finding it confusing to choose the right ones for my skill level.

they have also confusing policies

Maybe you can start with some newer programs or with some less known on h1/bugcrowd . Also CTFs focused on web app vulns. are a great way to prepare for actual hunting 🙂

Okey, ill try to find a less known target on bugcrowd now.

Well newer/less known program means that not as much as many people engaged in it thus means less chance of duplicates/wider attack surface but it doesn't necessarily mean that it's going to be easy , I forgot to add that 🤣 . Burp's Academy is a great resource for web vulns. I would definitely recommend you to check it out if you haven't done so already .

I'm already doing the Burp Academy labs. Is it possible to find RCE vulnerabilities in the bug bounty programs these days?

Yes , of course 🙂

#bug-bounty message

wow, but most of the programs are not allowed to run automated tools. How can I identify open ports and services in this case ?

they have too much restrictive policies

You're allowed to run tools in most cases

Its sort of infeasible to expect a researcher to find vulnerabilities without using tools

yea

Depends on how you use the tools, though

For example, I may use Nmap and dirbuster kind of tools to enumerate useful information like technology, service name and versions and exposed directories

Its not that you cant run automated tools. Its more of you need to lower the threads or put in delays so that you don’t get blocked by their security tools or you DoS them.

But it all depends on the scope and RoE of the program.

Okey, understood.

anyone wanna do bug bounty

dm me

I want to do bug bounty together but I prefer not to discuss it in dm. Can we talk about it here?

Ok

I'm a beginner hunter in bug bounty. But I have foundation skills to use various tools

Wait for sometime I will be back

Yes

and I'm motivated to find RCE, SQL, Directory traversal and CVEs

what kind of vulnerabilities do u like to hunt ?

Any

That I can do

You can't do Directory Transversal in Bug Bounty it is next to impossible

Add me friend

it is hard but possible in some cases

Add me friend

We can't talk here bro

We need to send all data

Don't be insecure

This is bug bounty discussion chat. I think, we can discuss it here

Ok I was just worried that some one else will see this the bugs that we found and report himself but no problem if you want

Bro you are so slow at typing

Can tell me fast

Which bug you wanna do

Sorry, Ill back after some time 👍

👍👍

Lol what

I've got directory traversal at least two or three times lol

Anyone open for some discussion? am stuck with a bounty program

Hi everyone, I’d like to ask those who have done pentesting or bug bounty: If you discover a blind SQLi, what would your PoC be? Would out-of-band interaction or different response errors from escaped input be enough? And if you have PoC for both of these, how certain can you be that the vulnerability is present?

Out-of-band interaction is best. Burp Collaborator or interactsh.com works.

Fairly certain as OOB to either of the domains under Collaborator or interactsh are an anomaly.

You can also use a netcat listener and use their IP address as an identifier that it did reach out.

Is there Metasploit that works in Windows 11? not patched

Go ahead

?

This comment was @jagged cargo

And also untrue

I'm surprised it's still possible

im not arguing im just surprised

Why?
What would make directory traversal suddenly impossible?

this will show how much i know but i just thought it would be patched by web servers by now.

I can't think of any common web servers or frameworks with an unpatched directory traversal issue right now, but that's not the only attack vector.
Any time an application takes user input to interact with the filesystem you have a potential opportunity for directory traversal.
i.e., it doesn't have to just be in Apache/Nginx/whatever.

interesting

what if it form google bot

Well you have to also think: It's not just the webserver you'll be testing, if something running on the webserver has a vuln then there could still be a directory traversal or something like that even if the webserver tech is fully patched.

Oh someone beat me to it.

hey guys, how experienced should you be before delving into bug bounties?

and how would I know when im ready enough

Try to complete Web App Pentester path on THM and Burp's Web Security Academy . They're a good intro into this field 🙂

when im done with them, do you think i would be ready to atleast dip my toes into real bug bounties?

To start - yes 🙂 . But be aware that it is going to be relatively hard .

alright tyty

@unborn ice

Done!

Reflected XSS

Oh wow , great job 🙂 . Thanks for sharing .

Gave +1 Rep to @arctic acorn (current: #207 - 38)

Hello everyone! I'm slowly picking up skills from THM, but I'm going try to start working in bug bounties soon. Any tips/advice on how to get started?

I would recomnend you to check Burp's web security and THM's web app pentester paths . They're great intro to bug bounty 🙂

Take your time on sites and don't give up immediately if the first thing doesnt work, keep working through all the possibilities and vulns you can think of and notice patterns within them, and notes, notes help a lot for keeping track of interesting stuff

I'm doing a bug bounty. I found some pages to upload a file. Can I upload any type of a file to them ? Is it allowed ?

I need some guidance please @obtuse fern

You will need to check out the scope of your engagement 🙂

they didn't mention about this

but the domain is in the scope

Then I think you have permission

I afraid of it because the file upload page on the main page of the website

Then don't do it

maybe, ill try to contact them to ask permission

got it now i didn't see this before thank you kgb

Hello guys, i struggle with finding my first bug, im a beginner, how can i do it?

i just read the past messages and the Web App Pentester path in thm will do great

thanks @obtuse fern

Gave +1 Rep to @obtuse fern (current: #1 - 4270)

I've found a target. It has got 9000 ports and they are open from port 1 to 9000 port. Is it honeypot or not ? How can I know it ?

I used nmap to identify those ports. I used tcp-syn scan.

I also see common services running on usual ports too

ssh,ftp,smb and others

but still wondering if they might be honeypots

It is my first time in a bug bounty and I havn't got experience at all in bug bounty.

😶

I'm doing this
https://bugcrowd.com/engagements/indeed

@unborn ice

What are you scanning with nmap?

Is it allowed to tell the name of Indeed domain here ?

I'm assuming you're using that is listed.

yes

it is resume.com

and used tcp-syn scan

You may well have a honey pot, you may well not, how long it take syou to figre it out, if you do

it took me a minute

I've heard that honeypots show unusual ports

if it is 445, it may show 9222

I mean, it's no biggie as long as its in scope

They might even reward you if you establish a certain level of access inside their honeypot

But do make sure that it's in scope first, because a commercial website likely wouldn't allow you to test their entire non-public facing infrastructure like a typical formal penetration test

Yeah , also check out Burp's academy , it's an invaluable resource for bug-bounty 🙂

The domain in scope for testing and they don't have too much restrictions. You seem to have experience in this field. Can you help me by cooperating with me, I want to increase my experience in bug bounty and I am new to it.

It seems to me like I learn faster by cooperating with a someone experienced

🙂 And, I don't want bounties but I just want to get experience and learn

I'm not that experienced, but sure I can help you with whatever you want

Thank you so much. I appreciate it

Gave +1 Rep to @arctic acorn (current: #200 - 40)

'''
subfinder -d target.com -all -o subdomains1.txt
assetfinder --subs-only target.com > subdomains2.txt
sort -u subdomains.txt subdomains2.txt -o uniqsubs.txt
cat uniqsubs.txt | httpx-toolkit -o finallist.txt

cat finallist.txt | gau --o urls1.txt
cat finallist.txt | katana -d 2 -o urls2.txt
cat finallist.txt | urlfinder -o urls3.txt
cat finallist.txt | hakrawler > urls4.txt
'''

I'm using these commands to find redirect params

I prefer manual hunting, but sure that works

how long did it take you guys to find your fist bug and what was that vuln if you don't mind me asking this is just a huge goal for me but im kind of new to everything

Omg dude, i didnt know about this , its so easy to use better than setting up diffrent webpages like dvwa and weboat in kali linux, contains everything in one place, AND video explanation, Crazy!

thanks @obtuse fern

Gave +1 Rep to @obtuse fern (current: #1 - 4306)

amazing dude

three days, source code dump

Please how do I start bug bounty hunting on websites like hackerone or bug crowd?
Do I just pick a target ans start hunting or do I need to let them know I want to hack them to hunt for bugs?
Like is there any registration that needs to be done before going to test a target?
Please somebody, make it clear

For public programs - no . Just read the scope and make sure to stay within it 🙂

Ok, thanks

Gave +1 Rep to @obtuse fern (current: #1 - 4321)

not really, just dont shut anything off. sometimes sites will have account creation requirements but that just depends on what youll be testing

Okay, thanks

Gave +1 Rep to @lapis junco (current: #747 - 7)

can this be a vuln?, thank you

Looks like an ordinary 403 page to me

hmm

how can this be exploited?

or it just cant lol

Well maybe it can if it is in scope , 403 bypasses are relatively common vulns.

so if i found a 403 its considered a vuln IF its in the scope?

No , it is a normal app behavior . Finding a way to bypass it is considered a vuln.

ooh, ok

request ID is completely normal

but yeah, bypassing it is considered

I just got an invitation to hacking a bug bounty program in intigriti but I don't know what to do beside some scanning and enumeration

I don't know what to exploit in domains beside some basic injection like xss or brute-force attack

The hard things that domain server will block me if I'm trying to exploit it by command payloads

Anyone have some strategies to handle bug bounty programs can help me pls

I just want to ask, what is considered a bug in bug bounty programs?
Is it an exploitable vulnerability that will be reported as bugs or is it a vulnerability that can be exploited but not yet exploited?
Like a vulnerability that is not hacked yet or do I need to hack it before reporting?
Somebody please make it clear

A bug generally means a security vulnerability that can be exploited by hackers. If someone bypasses an authentication of a website, it is considered a vulnerability and can be reported to a company

Okay, so say I found a RCE on a target, do I report the bug before reporting as some bounty programs ask hackers to submit only replicable bugs or do i submit the bug without exploiting?

It depends on the VDP policy of a company.

What's VDP?
Make it clear enough for absolute beginners if you really have the answer to what I'm asking 🙏

First of all, I'm also beginner. You can use platforms like HackerOne, Bugcrowd, YesWeHack and similar ones to find organizations that have active bug bounty programs. A VDP( Vulnerability Disclosure Policy) describes how an organization will handle reports of security vulnerabilities from external security researchers. You can also google it to find more information about it

https://www.hackerone.com/resources/e-book/the-beginners-guide-to-bug-bounty-programs-1

Thank you so much mate

Gave +1 Rep to @ancient wing (current: #542 - 11)

Try bypassing it

WAFs are just regex anyway

You mean domain firewall are the reason that blocking me from exploiting website right?

But idk how to track those regex from firewall too

yes, that's called a WAF (web application firewall)

you can try different payloads to see what the regex does and doesn't allow

Assuming it's in scope of course

Tks for helping

btw is it ok if I'm using burpsuite scanner to find vuln in domains?

Or manual scanning still better than?

whichever you prefer

for me , manual is better

hi guys, i was doing a bug bounty program and i found something interesting, basically i tried to add ?debug to the end of the url and it got me to this, idk if its a vuln or not

i tried to add admin to the url and it worked?

but idk how to exploit it

ai has no idea lol

... Maybe don't stick potential vulnerabilities into AI...

For what it's worth:

1. You have left more than enough information on that page to find the target.
2. Not sure what you did, but adding ?debug to the end of the home page doesn't do anything for me (FireFox Mobile), so worth double checking with a clean browser.
3. It looks like that's just nuking the stylesheets. If so, where's the impact?

I didn't get anything by adding ?debug in the URL either. Same page

And yes, it doesn't matter that you scribbled out the URL in the screenshot. Its still easy to find the site lol

how would you find a site like this, just curious , just try to google search for the exact phrases on the screen?

Yes

ok 👍

i sent a bxss in a send message feature and it gave a 200 code, before doing ?debug it didnt allow me to do this

• i got access to an admin panel

In that case, I would probably delete those screenshots right now lol

because atp people can find out what the target is and exploit it, so that wouldn't align with responsible disclosure

their site doesn't have a bug bounty or vdp as far as I can see, but maybe there's some internal program idk. If so, report it

yes, they contacted me

and i told them

its legit , they just dont have a puplic bug bounty program

sounds good then, go ahead and send them a report

i did.

its actually my first bug

... Then why are you attacking them?

I'm going to take this to mean that they asked you to test them.

In which case, I assume you've had a lawyer approve a contract of work and scope of testing?
I assume you also have insurance to cover any damages you might cause to the target (e.g., by posting screenshots of potential vulnerabilities on hacking forums and public AI).

If those things aren't the case then you have opened yourself up to some deep shit. Depending on your jurisdiction, it might be possible for the state to prosecute you under computer misuse, and that's without taking into account any civil cases the company would be within their rights to bring against you if you've caused any damage.

If you've got the legal requirements in place, awesome. If not, do not attack anything.
When you work on a registered bug bounty programme, the facilitator (HackerOne, Bugcrowd, etc), generally provide the legal agreement with their clients, passed on to you in an abstracted form via ToS and programme rules.
If you're not going through a bug bounty company then all of that falls on you 🤷‍♂️

This vulnerability is very difficult to exploit

Hey I have a question. I found a Boolean-based Blind SQLi on a prestigious target but I couldn't extract any data because of the tough WAF. sqlmap constantly failed and none of both intermediate and advanced payloads worked. The web page crashes on true condition after 6-7 seconds delay but it loads normally on false condition. Do you think reporting this would get me recognition? I don't even care about money, I just need an LOR or something like that for reputation. What are my chances? Should I keep trying exploiting?

What r u trynna get

I mean, if the scope allows it then it would be a really good finding and potentially more valuable if you can exploit it further

Even otherwise, reporting it as is would be great

wait I just read the message fully, my bad. It'll be great IF you can manage to extract any data

but I'm sure it can be bypassed if you try more. (Assuming, once more, that it's in scope)

It's for unauthenticated RCE through a race condition

Thanks for explaining sir

Gave +1 Rep to @arctic acorn (current: #186 - 45)

memory overwriting etc

Im not experienced

no knowledge abt it

You can learn about binary exploitation if you want

There are rooms about it here iirc

Can i dm you rq

Sure

Dm sir

Yes it is in scope and the target is huge so I don't want to leave it there like this and just report, but I tried literally everything haha. I'll try more then. Is there any more tool like sqlmap out there, or is sqlmap the best sqli tool so far?

This group is not gift store

@lavish hollow

Sqlmap is, as far as I'm aware, but there are many instances where it cannot detect an sqli

i actually asked them in IRL since i contacted them before hunting, when i found it i contacted them online

and they actually know me very well, they have a couple of websites that they gave me authority to hack (pentest)

sure you are right , i dont have a contract from a lawyer

You're treading on thin ice

u are definetly right

a question real quick

if i have a specific code that redeems something in a website, and i managed to redeem this same code with another account without accessing this account (logging into it), what is the severity of this vuln? and is it even a vuln?

Yyyyeah but it could depend on the context

That might be some form of ATO. Unless it's intended functionality, which may be likely

Because of how sometimes, gift codes can be gifted etc

they cant!

on the website im working on

Might be worth reporting and see what they say 🤷‍♂️

Is This a Vulnerability?
Yes. The ability to redeem the same code across multiple accounts without proper authentication or authorization indicates a flaw in how the website validates and tracks code usage. Codes intended for single-use or account-specific redemption should be securely enforced by the backend.

Wohoo!

... Is that AI again?

Oh ok so I'm not the only one thinking the reply was extremely weird lol.

Yes

But I didn’t use it to find the vuln

I used it to just name it

You know there's a reason most enterprises ban public chat bots, right?

No, can you tell me?

It's because they are completely unsuitable for handling any sensitive information.
Even aside from the fact your chat history is accessible to employees of the company, you also have no idea how they're using the data you provide.

I would consider uploading any kind of vulnerability data into a public model a security breach.
Which in this case is really not a good look for a freelance bounty hunter.

You are right but I don’t give them details about the website ,project or even the website name I just tell them some general info to identify the vulnerability since I don’t know which class it belongs to

But you are definitely right

I mean, last time you said you'd redacted project details it took all of 10 seconds to figure out the target 😆

Crazy

I get the vuln by myself tho

I use ai just to help me

But is it illegal to do this?

To give info to ai chatbots ?

not illegal but also not the best idea I would say

when I say "not illegal", I mean that the company you're testing have no way of finding out that you've fed the vulnerability data to AI, because they wouldn't have access to the chat history

so if you do, the chances of them finding out are slim. But the fact is that someone at OpenAI (or the company managing whichever LLM you're using), could theoretically find out about the vulnerability. And only you and the company is supposed to know, because you need to keep information confidential in CVD programs etc

and yeah, you don't know how they're using the data, like Muiri said

Some places do have laws about resposnible disclosure - if you live in one of those places, it's very likely that disclosing a vulnerability to the ai is not definitionally responsible and you would be liable, certainly civilly and possibly criminally.

Where can I find genuine bug bounty reports? Yes genuine... Medium is full of sh** atm. People talking about how they got 20k bounty with sql, xss or how they turned simple xss to rce... Can't get much knowledge from there.

Read disclosed reports on h1

Anyone interested this one is freaking juicy https://samcurry.net/hacking-apple

Some of them are good tbh

Abhirup Konwar specifically posts some really useful blogs on recon

Hello, I have a question. Is it considered a bug if an AI exposes someone's full name or reveals the activities of a private LinkedIn account?

I would say so

Unless you're very sure that the said name isn't available publicly and that the LinkedIn truly is private

Otherwise it could easily pull that from search mode.

is it okey to send screenshots here?

redact sensitive info

(all of it)

I know python, C, C++, and FrontEnd along with MySQL

also, basics of Linux and Networking, what else do I need to become a Bug Hunter?

could someone help me through?

uh, Javascript I guess if you're targeting web. in terms of languages

but you should learn more about tools like burp suite

yeah, how

#burp-suite-module

I mean, are you sure it's real info?
If so, then it's got something it shouldn't

i remember that trend, chatgpt leaked a bunch of microsoft codes for activation which you could have got for just simply asking the ai

Crazy!

For it to do that, someone would have had to include samples of activation codes in the training data. It would be interesting to know how many of those "activation" codes were valid vs hallucinations

ai blows my mind

It shouldn't. It's pretty dumb a lot of the time.

they needed to write a scenario

so they can lie to the ai

like making a story or smth

A quick question, people who have a full time job and keep learning new things(I mean you need to stay updated with the technology as its advancing everyday), how do you manage bug hunting along the way?

Sometimes you have to sacrifice other parts of your life

schedule out the day and what youll do after work. so if you usually learn from 5-7 if you were to bug bounties then it might be 2-3 days out of the week you replace the study period with bounty hunting

explain this anyone?

Your test account must include the phrase “sectest” in the username.

That seems fairly straightforward. What needs explained?

This crouse in tryhackme

nvm I am quite new

which course

can sm1 help me w bug bounty

am new

dm me if u can help me

with what do u need help

EVERYTHING

dm

i would appreciate some help too :)

Hey hunters, quick question... Should I focus on one bug at a time? For instance if I'm testing a site, should I look for one specific bug such as xss, ssrf or it should be like let's see what I can find...

Yeah definitely imo 🙂

With what 🙂 ?

Sir

what tools do i need

for doing succesful bug bountys.

Check out this path to find out
https://tryhackme.com/path/outline/webapppentesting

Kgb my guy

@obsidian prism

How u b ypass waf

kgb

how to bypass waf

What a useful server!

No one can help this dude with his waf bypass

Come on @obtuse fern

?

Why do you need it ? There's no universal answer to that question , it depends on the context of the app and network configuration of the target

U need to bypass waf

To run sql on the site

to check if the site is vulnerable and exploitable

Yeah , you need to know the whole security posture of the site to perform that , there is no universal answer to that

Then how do u know the whole posture of the site

Should be in the scope of the bug bounty program

Because no one can tell if it's legal or not

And without knowing the scope, no one is going to help someone bypass something

Hey guys I’m having an issue with Burp Intruder
When I run SQLi payloads, everything works fine until a payload containing the word "password" hits
Then I get an 84MB response Burp says it's too large to display, and it freezes

Happens every time unfortunately,,,, Any idea how to fix this?

anyone interested to find some bug bounties tonight

sure

dm me

I'm seeking someone for an active bug bounty collaboration or apprenticeship. If you're interested, feel free to reach out!

@ember herald Please don't advertise here.

So I just want to ask, for the web professional testers among us, part of internal pentesting is vhosts and part of external pentesting is subdomains, right?

No?

Subdomains are a DNS concept. DNS works both internally and externally.

VHosts are a web server concept. Web servers can be deployed both internally and externally.

Okay, thanks

Gave +1 Rep to @hybrid orchid (current: #10 - 873)

guys can anyone tell me if i have no knowledge about bug bounty or hacking which books should i read first i only want to learn how to do bug bounty, how to find web vulnerability

I'd learn Owasp Top Ten materials.

so did you read specific books for those or did you just find some youtube videos on those

I read books, watched youtube and done some rooms on THM.

i see thx for the info

Gave +1 Rep to @unborn ice (current: #2 - 3702)

so do you know the names of the book

Guys, how do I start on bug bounty as a beginner? I know how to scan ports using Nmap. I saw vids on youtube that said that Hackerone and other popular sites usually gets the easier bugs swooped out by big boi experts before us beginners can say "I found it"

-# also what is clickjacking..

you are never gonna get anywhere by starting bug bounty as a beginner

learn the basics first

after a year or two of consistent learning only then you can start to think about doing those

its still a very competitive field since everyone and their fathers are doing it 🤣
so just learn the owasp top 10 by heart, refine your own methodology for them and you will maybe have a chance to find a small bug

I can't imagine how can people find bugs or exploiting low-level memory stuffs, it is fr required to have outside of the box thinking to thrive in this field eh?

well if you dont know how websites work ofc you wont know how to work with the information you're getting

learn the basics like i said

tryhackme has a great free path for that

got it, time to meditate in tryhackme this whole summer 🔥

since you asked, it involves overlaying UI elements through something like stored/reflected XSS or CSRF to trick a user into clicking a malicious link or button hidden behind opaque style sheets or layering

and yeah, nmap scanning an IP really doesn't mean anything, especially if you're hunting on websites. Even if you were, you wouldn't have authorization to touch the other ports

so... only 80/443 is open to you either way

While testing a program, I found an icon_url parameter where I inserted my Burp Collaborator URL and received both DNS and HTTP interactions.

Does this confirm SSRF? What additional tests should I run to validate the severity (e.g., internal access or metadata exposure)?

Appreciate any tips on escalating or reporting this properly.???

Hello! I’m trying to get fast like 100-200$ from bug bounty. I finished the Web fundamentals on tryhackme. What do I need to learn and do to make that money in like 2-3 weeks?

you keep learning and focus on this stuff later

Is there any channel for ctfs? 🥲

Things don't function that way , this is a lifelong journey 🙂

Which one ?

Hey
I am learning web app pentesting. For that, I am solving PortSwigger labs, doing Hacker1 labs.
I am looking for tips on how I can make my workflow smoother.
I am also having problems with the recon steps since there are so many tools. I am getting confused between tools. Moreover, as a beginner, do I need to learn scripting first-hand, or should I take some time with Kali tools?
I am aiming to get a job within a month. I have my basics clear, and I have little experience handling IBM QRadar, Defender.
I am open to any suggestions.

Hey,
I would like to crack 1 or 2 bug bounties and only know some basics. Which is the best platform for beginners to crack bug bounty and tell me how can I crack it to earn some

You can practice with some machines on THM 🙂 . Juice web shop and owasp may be a good ones to start with

Yeah it's not a bad idea. But I would like to earn my first bug bounty program so there are some site like hackerone, bugcrowd etc.. and I would like to do a BBP and know how to earn thorough doing this.

Well , you've mentioned industry standard platforms like h1 and bugcrowd . Go there and look for some open programs 🙂

as a beginner you're best off learning and practicing like KGB said. its not really something you want to dive head first into without knowing what you're doing imo.
there are some good recon resources on yt too

Ok! Have you guys done one this industry based bbg and if so then tell me some knowledge/detail about doing some BBP in these platforms so that in time I can refer or make use of it.

the knowledge/advice i have to offer is learn first before attempting any public program as you're unlikely to find anything if you don't have a basic understanding of the fundamentals at the very least.
a good exercise perhaps would be to go to a public program, read the scope and guidelines and see if you understand the types of vulnerabilities they're looking for. if you can't explain what those vulns are, you may not be ready to hunt for them.
wish you the best in your bb journey 🙂

Folks, please don't get into the habit of generating bug reports using AI. It's creating undue burdens for bounty programs to filter through all the utter rubbish being produced. See below.

https://www.youtube.com/watch?v=xy-u1evNmVo
https://www.theregister.com/2025/05/07/curl_ai_bug_reports/

the consequences of artificial intelligence..

Unfortunately, yes. It's opening the floodgates for people to come into the industry without the appropriate skills and knowledge, looking for a quick buck. But, when they say AI would generate more work/jobs, they weren't suggesting it would generate work cleaning up the increasing volumes of dysfunctional drivel spewed by the machines

https://www.linkedin.com/feed/update/urn:li:activity:7326550453637308416/

Nice find. Sucks that this is the response you get...

Especially since you classify it as the "vulnerability with highest global impact by far that you've ever found"

I know you've found some pretty crazy vulnerabilities before, so can only imagine what this is then

Yea it's mainly because chrome is just such a massive product. Like billions of instances

Oh, ok. Yeah, that makes sense, and is somewhat of a relief as well 😅

what are some good webapps like juice shop to practice testing? Hoping to add some to my home lab

Dvwa

You can also look at webgoat too

Will take a look, thanks!

Gave +1 Rep to @gaunt olive (current: #1880 - 2)

https://owasp.org/www-project-webgoat/

Oops, thats webgoat

Saved, Thanks

owasp also

Btw, owasp will release TOP 10 2025