#bugbountytips — Search

No JavaScript? That's cool, but you'll need to disable Turbo mode as it uses JavaScript in the client.

𝕏 Bug Bounty Writeups 𝕏 @bountywriteups · 51m

The Bug That Slipped: Stale Balance Accounting in YieldBasis (Sherlock Contest) medium.com/@talfao_94085/… #bugbounty #bugbountytips #bugbountytip

115

𝕏 Bug Bounty Writeups 𝕏 @bountywriteups · 1h

Finding an IDOR in User Profile API: A $15,000 Journey to Critical xalgord.medium.com/finding-an-ido… #bugbounty #bugbountytips #bugbountytip

🐛💰🔓🎯 Finding an IDOR in User Profile API: A $15,000 Journey to Critical

How I discovered a critical Insecure Direct Object Reference vulnerability that allowed unauthorized access to any user profile — and how…

From xalgord.medium.com

316

Bug bounty wizard @bugbountywizard · 3h

The Zero to Hero Guide to Bug Bounty Hunting: A Comprehensive Roadmap by Xalgord xalgord.medium.com/the-zero-to-he… #bugbounty #bugbountytips #bugbountytip

The Zero-to-Hero Guide to Bug Bounty Hunting: A Comprehensive Roadmap

Based on the insights from “The Best Way to Learn Bug Bounty Hunting” by CyberFlow

From xalgord.medium.com

127

𝕏 Bug Bounty Writeups 𝕏 @bountywriteups · 6h

Subfinder Subdomains Dhundho Like an Elite Hacker! (Hinglish Mein) medium.com/@HackerMD/subf… #bugbounty #bugbountytips #bugbountytip

488

𝕏 Bug Bounty Writeups 𝕏 @bountywriteups · 8h

Web Security Series #11 — Exploiting Stored Cross-Site Scripting (Stored XSS) medium.com/@laibakashif00… #bugbounty #bugbountytips #bugbountytip

438

𝕏 Bug Bounty Writeups 𝕏 @bountywriteups · 12h

How I Bypassed SSO to Access Sony’s Internal AI Chat Assistant (Broken Access Control) medium.com/@dev_fr_/how-i… #bugbounty #bugbountytips #bugbountytip

630

𝕏 Bug Bounty Writeups 𝕏 @bountywriteups · 14h

Security Misconfiguration — The #2 Vulnerability on the Web ⚙️ medium.com/@vedanthore/se… #bugbounty #bugbountytips #bugbountytip

566

Bug bounty wizard @bugbountywizard · 16h

Bypassing Rate Limit via Race Condition by Sewilam medium.com/@Sewilam/bypas… #bugbounty #bugbountytips #bugbountytip

Bypassing Rate Limit via Race Condition

بِسْمِ اللَّـهِ الرَّحْمَـٰنِ الرَّحِيم

From medium.com

716

Mo7amed 🥷 @0xMo7areb · 21h

نصيحة من البج هانترز بتضبط يومك ما بين مذاكرة ثغرة وقراءة writeups والهانتيج ازاي ؟ وهل فيه ناس مثلا مخصصة أنها تذاكر يوم وتهانت يوم وكده ولا ايه بردو ؟ #bugbountytips

𝕏 Bug Bounty Writeups 𝕏 @bountywriteups · 21h

Password Strength Policy Bypass via Server-Side Validation Flaw hackerone.com/reports/3523703 #bugbounty #bugbountytips #bugbountytip

Tucows (VDP) disclosed on HackerOne: Password Strength Policy...

It was found that the password strength policy was only enforced in the browser but not on the server side.

From hackerone.com

728

𝕏 Bug Bounty Writeups 𝕏 @bountywriteups · 21h

Building a Hacker Assistant with Python + Ollama medium.com/@RyanMaxiemus/… #bugbounty #bugbountytips #bugbountytip

652

H1 Disclosed - Public Disclosures @h1Disclosed · 22h

⚡ Password Strength Policy Bypass via Server-Side Validation Flaw 👨🏻‍💻 2026 ➟ Tucows (VDP) 🟨 Low 💰 Nohackerone.com/reports/3523703SL3TNC #bugbounty #bugbountytips #cybersecurity #inComfWD

559

𝕏 Bug Bounty Writeups 𝕏 @bountywriteups · 22h

Tomghost [Try Hack Me] machine Walkthrough : medium.com/@amroubekhedda… #bugbounty #bugbountytips #bugbountytip

499

𝕏 Bug Bounty Writeups 𝕏 @bountywriteups · 1d

Cross-Site Scripting (XSS) Explained: How a “Low Severity” Vulnerability Leads to Enterprise… medium.com/@Err0rr0rre./c… #bugbounty #bugbountytips #bugbountytip

595

𝕏 Bug Bounty Writeups 𝕏 @bountywriteups · 1d

I Spent 3 Months Failing at Bug Bounty — This Roadmap Fixed Everything medium.com/@vivekps143/i-… #bugbounty #bugbountytips #bugbountytip

880

TheHatedOne @3ugman · 1d

How these hunters are finding critical vulnerability on AT&T program, whenever I submit an issue, within 1 day it will be closed as not applicable because the domain was out of scope 😂😭. Huge respect to the hunters who finding correct in-scope domains of AT&T ��. #bugbountytips