Epic Bug Hunting Failures
2023-8-19 03:28:12 Author: infosecwriteups.com(查看原文) 阅读量:53 收藏

Varshini Ramesh

InfoSec Write-ups

Hey People, I am Varshini Ramesh trying to be a Security analyst from years!). So When I started bug hunting it was so funny I made blunders like:

  1. I joined a course which said clickjacking( an attack that fools users into thinking they are clicking on one thing when they are actually clicking on another) vulnerability gives you lots of bounty and obviously got fooled.

2. Without even knowing what the website is I barged into the websites started to recon, scan with the tools, find nothing and this wasted a lots of time for me without knowing how a website actually works.

many out-of-scopes due to barging into websites

3. Don't copy anybody's report even if you find the same vulnerability as them. I used to copy others report that's actually a strict no because you will have a mentality of copying so you wont realise what bug you have found.

I copy pasted the same report for finding long string dos attack.

4. If you find vulnerability in case know about the vulnerability thoroughly and try to exploit the vulnerability and report it from end to end. Don't just report the vulnerability, try to exploit its the best practice. Make sure your doing with the permissions and only if the so and so company asks you to exploit.

5. Please..Please.. read their out-of-scopes and in scope and start hunting without knowing it don't start hunting because I started doing it by taking all efforts to hunt and said its out-of-scope.

Ok nerds, I am coming to the end of the blog these were the pretty big blunders at the beginning of my bug bounty and still I do. These are not only the mistakes I did, there were many but I remember only these and pretty major ones.

Small Bug Bounty Tips:

  1. Start with the basics
  2. Read program guidelines
  3. Learn from others
  4. Test different input vectors
  5. Practice responsible disclosure
  6. Document your findings
  7. Automate repetitive tasks
  8. Stay up to date
  9. Be patient and persistent
  10. Continuous learning

Don't give up after many tries got few acknowledgements check it on my LinkedIn (https://www.linkedin.com/in/varshini~ramesh/) and hunting in bug organizations like hackerone, bugcrowd is a big task and not a easy one so make sure you follow everything required.

Conclusion:
So, fellow bug hunters, Bug hunting isn’t always a smooth ride. It’s the unexpected twists and turns, the peculiar bugs that test our sanity, and the camaraderie within the bug hunting community that make it an exhilarating and humorous journey. Stay tuned for more Bug Bloopers as we explore the world of epic bug hunting fails, one laugh at a time. Remember to keep a sense of humour close at hand as you embark on your own bug hunting adventures. Embrace the unexpected, laugh at the absurd, and cherish the valuable lessons that epic bug hunting fails have to offer. Happy hunting!

📫 Reach me if you wish to:

LinkedIn: https://www.linkedin.com/in/varshini~ramesh/
Twitter: https://twitter.com/varshiniramesh5
GitHub: https://github.com/varsh1408


文章来源: https://infosecwriteups.com/epic-bug-hunting-failures-7d95bb61cb12?source=rss----7b722bfd1b8d--bug_bounty
如有侵权请联系:admin#unsafe.sh