Hello Hackers,

Hope you guys Doing well and hunting lots of bugs and Dollars !

I always prefer to hunt bugs on file upload functionality on any web application. Vulnerabilities in file uploads will generally give you high severity bugs and it is not too secure at the time. well, so for today we are going to talk about a very exploitable part of the web that is file upload functionality.

During penetration testing, we have seen many file upload functionality which can grants users to transfer of file from user’s computer to the server. …


Hello Hackers,

Hope you guys Doing well and hunting lots of bugs and Dollars !

well, so for today we are going to talk about a very hot topic which is Multi-factor Authentication. Before jumping to this topic let’s understand some basic ideas about MFA.

What is Multi-factor Authentication?

This is also popular as Two-factor authentication (2FA ) which is also another way to verify your identity. Basically normally in single-factor authentication you just have to verify yourself by username and password to be authenticated. But for adding one more layer of security we use 2FA to verify the user…


Hello Hackers,

Hope you guys Doing well and hunting lots of bugs and Dollars!

For today we are going to talk about some web security vulnerability, which occurs on password reset functionality. So for today, we will see a brief methodology and approach for finding bugs in this very common functionality.

Most of the web application provides users “ password reset “ functionality via email. This functionality has given which allow users to recover their account, generate a new password, and repair their own problems. so let’s start and learn how to look for bugs in this function.

Password reset…


Hello Hackers,

Hope you guys Doing well and hunting lots of bugs and Dollars !

we have already discussed XSS in our previous article “All about XSS “. So let me introduce you to another way of finding XSS which can occur via a file upload.

A file upload is a serious opportunity to find cross-site scripting (XSS) to a web application.

As we know many web application allows clients or their users to upload files for many different purposes and this is only the opportunity to find loopholes on them. …


Hello Hackers,

Hope you guys Doing well and hunting lots of bugs and Dollars !

Well, let’s start and learn about Information disclosure and methodologies to find them.

What is Information disclosure ?

Information disclosure is when a web application fails to properly protect confidential information, which causes revealing sensitive information or data of the users or anything related to users to any third party.

It uncovering information like:-

  • Data about the users, such as username, credit card information, or some personal details which are listed by the web application.
  • Technical details about the web application and their back-end data.


Hello Amazing Hackers,

Hope you guys Doing well and hunting lots of bugs and Dollars !

Well, let’s start and learn about cross-site scripting attacks and methodologies to find them.

What is cross-site scripting (XSS)

Cross-site scripting (XSS) is one of the most popular vulnerabilities in today’s web applications. This vulnerability can be used to execute malicious JavaScript in a user’s web browser. This could then be used to steal users’ tokens, cookies, and some other sensitive information. It happens due to improper sanitization in input fields present on the web applications.

This could generally be fixed with proper input…


Hello Amazing Hackers,

Hope you guys Doing well and hunting lots of bugs and Dollars !

Well, let’s start

So for today, I am going to discuss about my first valid bug(Denial of service when entering a long password) which has given me $100. and This is recommended to you also that after reading this article try to find the same vulnerabilities or related vulnerabilities on your targets.

I was looking for bugs in my target “Next cloud “, which I have picked from HackerOne public programs. But this target is already seen by lots of hackers and almost lots…


What is Reconnaissance or information gathering?

It refers to the process of collecting as much information as possible about the target system to find ways to penetrate into the system. This is an important phase and preparatory phase while performing security assessments.

A strong phase of information gathering makes the difference between a good and a bad penetration tester.

A good penetration tester spends 90% of his time widening the attack surface because he knows this is what it is all about. …


Getting started in bug bounty

Hey, Amazing Hackers!

So for today, I am going to talk about How you guys can learn bug bounty, so let’s start !!

What is Bug Bounty?

Basically, a bug bounty program offers Ethical hackers to find security weaknesses on web applications, Mobile applications, and other platforms. For that, they will offer good bounties in return for the vulnerability, the hacker has reported as per the impact and type of vulnerability.

Bug bounties are a great way to gain practical experience in cybersecurity and earn some extra money and fame.

Before diving into bug bounty, you have to fulfill some basic requirement:-

Xcheater

I will update this later !

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store