This is Vibhurushi Chotaliya. I hope you guys are doing well…Today I want to share my recent finding on Bugcrowd Private Program.
I found a 2FA Bypass. How??
Below is the Application behaviour that will help us to bypass 2FA.
Application Logic 1:
Application Logic 2:
This is Vibhurushi Chotaliya. I hope you guys are doing well…Today i want to share about my recent finding on Bugcrowd Private Program.
I found the Unrestricted File Upload vulnerability….
I got the email from bugcrowdninja.com(on behalf email) which we are using for testing purpose, i identified that the private program is launching their new portal with that email.
So after the job hours i was just looking into that portal and found the upload functionality, where we can only upload the specific projects files like in MAC/Window if you want to install the APP then…
This is Vibhurushi Chotaliya. I hope you guys doing well…Today i want to share my cool finding on Bugcrowd Private Program.
I was found the IDOR vulnerability, through that i was able to do a big money fraud to company.
Let’s ROCK it…….
I got the Scope update mail from XYZ.com private program, then i start the hunting and observe the functionality of product and its transaction.
I add product into cart about the worth 100001 MXN (Maxican Peso) then go to the address tab then transaction tab.they have a Paypal payment gateway. …
This is Vibhurushi Chotaliya. I hope you doing well…
This post is about i was able to bypass password protection when add some bank details and something else.
Associate Security Engineer at Oracle + Bug Bounty Hunter