Originally posted : https://aseemshrey.in/abusing-report-abuse/
One fine day, I was invited to another private program, this being a foreign financial institution kind of company. I don’t always invest time in foreign fintech companies because in most of the cases the setup itself requires a verified account and for that you need to submit some verification document and which I don’t have for that country.
However, this time since I hadn’t done any bug hunting for past couple of months, I thought of dabbling with this. …
Not long ago, I started a youtube channel, HackingSimplified.
So after a month of making videos on basics of web security attacks, I started another series on the channel namely, the bug bounty series. Here, I am going to talk about the 7 stages of bug bounty and how to go about it. Since, I had started making videos on bug bounty so I thought to brush up my bug bounty skills and automation tools.
Goa has always been an adventure paradise. This tale is no exception.
A few of us friends were planning a Goa trip. Searching for cheap tickets on skyscanner, led me to this website, henceforth called as ‘whereIDORsLive.com’, which had amazing offers. This is a big travel portal in India and elsewhere, with offices in Singapore, Dubai and London too. Since its beginning, last decade, it has gained quite some traction in recent days, due to some big Bollywood celebrities advertising for them.
Note these IDORs are in the sequence of which I found them and not on the basis of severity. …
One fine day amongst a deluge of articles that we share on our slack channels, Avinash posted an article on leaklooker. We were working on making our perimeter more secure and thus this popped up.
This blog was published with the approval from the company and the sole purpose is to spread awareness and share the technical learnings.
As I was reading the article, I found the author mentioned some of the dorks for Jenkins and Sonarqube. Since I had my first encounter with Jenkins and Sonarqube quite recently, so these dorks looked quite familiar to me. I started with some manual queries on Shodan. Now, there were more than 5000 results on Shodan for Jenkins alone and another 2000 for Sonarqube. …