Hey, Guys Hope you all are doing well. I started my journey in bug bounties around 1.5 years ago, and I am thankful to all the members of security community who share their knowledge to the community. I have learned a lot of things from them and I am still learning new things daily from fellow hackers, hacking is a continuous process and ultimately reflects a state of mind. I have received a lot of messages from people's asking me how to start, where to start in bug bounties. So I have decided to write a blog which contain as much information which helps for beginners. Quote- "Hacking is a lifelong Journey of Learning " Table of Content Introduction Reading Practicing Connect with community Ask Questions Motivation Certifications Conclusion Introduction What is bug bounty? To get a basic understanding of the role, the name itself is quite self-explanatory. A bug bounty hunter looks for bugs in applications and platforms, which they later
Hey Mates, Hope you all are Good, This is my first write-up about how i gain access to a company's( dev.to ) fastly account. One Day I got email that dev.to is going to open source on Github . Previously I've found a critical account takeover bug in dev.to via stored XSS and get rewarded(Write-up later), Since I have account in dev.to that's why I receive this mail. Now Let's get started. Email From dev.to Now I was damn sure that there is something that the developer's missed while making dev.to project open source in Github , first i visited their Github project at https://github.com/thepracticaldev and start searching manually for secret key's, private key's and Api key's, When searching for Api key I encountered with cache_buster.rb which is leaking the fastly Api key like this. with( headers: { " Fastly-Key " => "k 15177t3dctdg27138b03c737688c 84g " }) Dont't waste your t