Bug Bounty Reports Explained (@gregxsunday) Bsky

9 months ago 0 0 0 0

GraphQL CSRF via the HEAD method #bugbounty #bugbountytips #bugbountyhunter

9 months ago 7 0 1 0

HackerOne disclosed on HackerOne: SQL injection in GraphQL endpoint... # Summary The `embedded_submission_form_uuid` parameter in the `/graphql` endpoint was vulnerable to a SQL injection. This allowed an attacker to extract information from the public and secure...

9 months ago 1 0 0 0

10/10 GraphQL SQL injection bug #bugbounty #bugbountytips #bugbountyhunter

9 months ago 4 0 1 0

GitLab disclosed on HackerOne: Insufficient Type Check on GraphQL... ### Summary As you have know, Maintainer cannot delete/archive repository. But via GraphQL, they can do as there exists an sufficient check on GraphQL...

9 months ago 0 0 0 0

Unexpected privilege escalation deletion bug #bugbounty #bugbountytips #bugbountyhunter

9 months ago 1 0 1 1

A.S. Watson Group disclosed on HackerOne: Access to internal info... This report was submitted during the Ambassador World Cup 2023 finale by the Spain team, who won the competition. The reporter @jfran_cbit got a critical bounty for this report, plus a bonus for...

9 months ago 0 0 0 0

Unauthenticated → Low privileges → admin #bugbounty #bugbountytips #bugbountyhunter

9 months ago 1 0 1 0

Bulletin.com email address leak - These aren't the access_tokens you're looking for Bulletin.com is Facebook’s new publication service. The VoiceCreator object in GraphQL has no apparent permissions, this means I can list the subscribers of a podcast/publication by email address.query a {bulletin_browse_publications(){__typename,publications{creator{id,name,email_settings{nodes{__typename,...on VoicesEmailSettings{confirmed_email{email_address}}}}}}}} Timeline Jul 2, 2021 – Report sentJul 7, 2021 – Fixed by Facebook Facebook incorrectly penalised me for “exploiting” which was just me retesting the … Continue reading Bulletin.com email address leak

9 months ago 0 0 0 0

Sometimes, one field is all you need for a bug #bugbounty #bugbountytips #bugbountyhunter

9 months ago 1 0 1 0

Enjoy the videos and music that you love, upload original content and share it all with friends, family and the world on YouTube.

GraphQL isn’t just an API to deliver our payloads. Often, its implementations are what actually cause them. To see what bugs it can lead to, studied disclosed bug bounty reports. IDORs, privescs, DoS, CSRFs, SQLis - it's all there. Enjoy!

9 months ago 3 0 0 0

If your GraphQL testing stops at introspection and ID swapping, you’re missing out. SQLi, CSRF, caching bugs, race conditions, WebSocket bypasses - it’s all there. I studies 90 real reports to find what actually works.

10 months ago 2 0 0 0

Fuzzing vs broken access control bugs feat. Arthur Aires #bugbounty #bugbountytips #bugbountyhunter

10 months ago 0 0 0 0

This is why you should run bug bounty tools from a VPS feat. Arthur Aires #bugbounty #bugbountytips #bugbountyhunter

10 months ago 0 0 0 0

Managing your blind XSS payloads feat. Arthur Aires #bugbounty #bugbountytips #bugbountyhunter

10 months ago 1 1 0 0

Generating target-specific wordlists feat. Arthur Aires #bugbounty #bugbountytips #bugbountyhunter

10 months ago 0 0 0 0

Generating target-specific wordlists feat. Arthur Aires #bugbounty #bugbountytips #bugbountyhunter

10 months ago 1 0 0 0

Automation to get Hackerone program updates feat. Arthur Aires #bugbounty #bugbountytips #bugbountyhunter

10 months ago 2 0 0 0

Enjoy the videos and music that you love, upload original content and share it all with friends, family and the world on YouTube.

In today’s episode, Arthur Aires shares his bug bounty methodology which starts with heavy fuzzing and automation to find the best assets for manual exploitation and escalation. Enjoy!🔥

10 months ago 1 0 0 0

Enjoy the videos and music that you love, upload original content and share it all with friends, family and the world on YouTube.

In this video, Arthur Aires walks us through two real-world deserialization RCEs that include bypassing a class allowlist and then exfiltrating data via DNS.
Techniques you'll want in your toolbox. Enjoy!

10 months ago 3 0 0 0

An ATO that doesn’t make sense feat. Jasmin “JR0ch17” Landry #bugbounty #bugbountytips #bugbountyhunter

11 months ago 3 0 0 0

Manipulating referer policy when DOM Purify is used feat. Jasmin “JR0ch17” Landry #bugbounty #bugbountytips #bugbountyhunter

11 months ago 1 0 0 0

SQLi still exists in 2025 feat. Jasmin “JR0ch17” Landry #bugbounty #bugbountytips #bugbountyhunter

11 months ago 0 0 0 0

Using match and replace rules for quickly applying polyglot payloads feat. Jasmin “JR0ch17” Landry #bugbounty #bugbountytips #bugbountyhunter

11 months ago 1 1 0 0

Second order injections feat. Jasmin “JR0ch17” Landry #bugbounty #bugbountytips #bugbountyhunter

11 months ago 0 0 0 0

Enjoy the videos and music that you love, upload original content and share it all with friends, family and the world on YouTube.

In this episode, Jasmin “JR0ch17” Landry breaks down how he consistently lands highs and crits - from SSRFs to less common bugs like XXEs and SQLis. Enjoy🔥

11 months ago 2 0 0 0