Hello Guys ! I am Pramod Yadav a Security Researcher and a Bug Hunter. This Is My First Bug Bounty Writeup. We are Going to See A Story of IDOR and How Could I Have Taken Over Your Account Through It. Before Getting into Details Let’s See What is An IDOR. What is an IDOR?…
I navigated this website: https://www.edilportale.com, an Italian web portal on construction. I found out that it was vulnerable to reflected XSS, as seen in the image.
Open Bug Bounty community is growing: we have over 400 [fee free] bug bounty programs running now, and over 200,000 fixed security vulnerabilities. To facilitate further sustainable growth and to help website owners spot accidental exposure of personal data (PII) on their websites in a timely manner, we implemented a new type of non-intrusive submission – GDPR PII Exposure.
Here is how it works:
Please carefully read the guidelines and make sure you will deliver value and support to the website owners when submitting such entries. Website owners are welcome to update their bug bounty programs, as usual and as always at no cost – we remain a free and non-profit project.
Among other upcoming improvements and updates:
Thank you for your support and stay tuned!
My name is Ismail Tasdelen. As a security researcher. In this article, I created a resource for you to get better information about xss. There are many xss bypass payloads in this resource, and there are a lot of technical sources. I hope that will be useful.
The website is vulnerable to CSRF because there is no use of Anti-CSRF tokens in the website but the main focus of this post is how to submit a proper CSRF report via OBB because in the start OBB couldn’t reproduce the CSRF reports and they all went to the rejected section in my case and in result making this post. Not only for bounty but you’ll get the idea what important things we should keep in our mind when making a detailed CSRF report.