Bug Bounty Hunting: Where to start?12:14 PM
I often get some private messages in Facebook and emails asking me to refer them blogs like mine, better or worse.
Many starting hunters often start with Big Sites like Facebook and test the basic XSS'es on search field and obviously expect a success. these attacks like SQLi and XSS are not so much common on sites like Facebook where hundreds of cleaver people reviewed the code unless you somehow manage to evade filters and have *more cleaver* scenarios to exploit them. So you need to look for some things, better/cleaver things that lots of people aren't aware of. new researches, new exploits, new techniques!
I am looking to make a quick cash, what are the most commonly forgotten flaws?
Well, lots of domains (not Facebook :P) don't have SPF (sender policy framework) headers, this is a minor threat, but this usually ends up being a valid bug for rewards, also missing mostly forgotten headers like X-Frame-options, X-*-* usually end up being valid reports.
Another thing is, lots of websites don't destroy sesssions after a user changes his password (automatic logout), this is bad because if an attacker is using my cookies (using XSS or something), the only way to log him out is by changing my password, unfortunately if the site doesnt destroy current sessions, the attacker will still be logged inside.
But if you really are looking to change the world, help the community become a better place, I suggest you read some of the blogs:
For me, the below bug bounty hunter blogs are nice. they got me started, taught me some new things. and there are lots of people out there with amazing references, researchers on (un)|common website bugs, logic flaws and many creative things.
Great bug bounty and web research blogs:
please comment down if you know more sites so I can add them.