Welcome to the comment section! I hope you enjoyed the video. As promised, I will start with my story of strange behaviour. I was poking the Trello application. I could create an account with any email address there, but it was unconfirmed until I clicked the link from the confirmation email. I created two accounts: "victim" and "attacker". I was trying to do some kind of account takeover. After a few tries, on the "victim" account I wasn't able to see the homepage because I was in an infinite redirect loop. So something was wrong there for sure but I wasn't able to takeover the account or show any other impact, so I didn't even have a reason to report it :/ I was really sad, because once I saw that, I was almost sure that I will be able to get a P2 out of that.
it's so satisfying when just tinkering with applications gets someone to discover something dangerous. It happened to me once in an application and I was soooo satisfied 😂. great video bro 👌
@Rigs Barnes well reading writeups won't help you in discovering the same bug in the same application of course, but a known fact about developers is that they use code models that are so similar cuz they know they are efficient. So basically understanding the write-up will give you an idea on how you can exploit some similar vulnerability in another application. after all all these bugs have names like XSS or CSRF because they are basically the same vulnerability but being exploited in different ways. So reading them will help you developing the on the bug that you are trying to exploit. In conclusion these writeups won't give you the key to discovering new bugs, rather they are an efficient way to help you innovate.
yeah actually, it was one of the bugs that took me a lot of time to prepare the script because a few times I already though I understand it but turned out I didn't
Welcome to the comment section! I hope you enjoyed the video.
As promised, I will start with my story of strange behaviour. I was poking the Trello application. I could create an account with any email address there, but it was unconfirmed until I clicked the link from the confirmation email. I created two accounts: "victim" and "attacker". I was trying to do some kind of account takeover.
After a few tries, on the "victim" account I wasn't able to see the homepage because I was in an infinite redirect loop. So something was wrong there for sure but I wasn't able to takeover the account or show any other impact, so I didn't even have a reason to report it :/
I was really sad, because once I saw that, I was almost sure that I will be able to get a P2 out of that.
good job!
Great❤️
it's so satisfying when just tinkering with applications gets someone to discover something dangerous. It happened to me once in an application and I was soooo satisfied 😂. great video bro 👌
@Rigs Barnes well reading writeups won't help you in discovering the same bug in the same application of course, but a known fact about developers is that they use code models that are so similar cuz they know they are efficient. So basically understanding the write-up will give you an idea on how you can exploit some similar vulnerability in another application. after all all these bugs have names like XSS or CSRF because they are basically the same vulnerability but being exploited in different ways. So reading them will help you developing the on the bug that you are trying to exploit. In conclusion these writeups won't give you the key to discovering new bugs, rather they are an efficient way to help you innovate.
Nice video and explanation dude!
Another example where the bug was comparatively simple but exploitation was not so simple.
Hats off!
yeah actually, it was one of the bugs that took me a lot of time to prepare the script because a few times I already though I understand it but turned out I didn't
On it .. its a lit video ...congrats bro :)
Thanks a lot brother ❤️❤️
Good bro
I thought it was 50k$ not 25k$ ? On Hackerone
I didn't see the H1 report linked in the blogpost at all. Maybe you mean different vuln?
Plz make one video on github account takeover
Eagerly! Which one do you mean?
please provide instructions for VPS for white hat bug Hunter
🤣
1