Lightnews — Scholar-powered news

Bug Bounty Reports Explained @gregxsunday.bsky.social · Jun 30

doyensec.com

Bug Bounty Reports Explained @gregxsunday.bsky.social · Jun 30

GraphQL CSRF via the HEAD method #bugbounty #bugbountytips #bugbountyhunter

1 5

Bug Bounty Reports Explained @gregxsunday.bsky.social · Jun 28

HackerOne disclosed on HackerOne: SQL injection in GraphQL endpoint...

# Summary The `embedded_submission_form_uuid` parameter in the `/graphql` endpoint was vulnerable to a SQL injection. This allowed an attacker to extract information from the public and secure...

hackerone.com

Bug Bounty Reports Explained @gregxsunday.bsky.social · Jun 28

10/10 GraphQL SQL injection bug #bugbounty #bugbountytips #bugbountyhunter

1 2

Bug Bounty Reports Explained @gregxsunday.bsky.social · Jun 27

GitLab disclosed on HackerOne: Insufficient Type Check on GraphQL...

### Summary As you have know, Maintainer cannot delete/archive repository. But via GraphQL, they can do as there exists an sufficient check on GraphQL...

hackerone.com

Bug Bounty Reports Explained @gregxsunday.bsky.social · Jun 27

Unexpected privilege escalation deletion bug #bugbounty #bugbountytips #bugbountyhunter

1

Bug Bounty Reports Explained @gregxsunday.bsky.social · Jun 26

A.S. Watson Group disclosed on HackerOne: Access to internal info...

This report was submitted during the Ambassador World Cup 2023 finale by the Spain team, who won the competition. The reporter @jfran_cbit got a critical bounty for this report, plus a bonus for...

hackerone.com

Bug Bounty Reports Explained @gregxsunday.bsky.social · Jun 26

Unauthenticated → Low privileges → admin #bugbounty #bugbountytips #bugbountyhunter

1

Bug Bounty Reports Explained @gregxsunday.bsky.social · Jun 25

Bulletin.com email address leak - These aren't the access_tokens you're looking for

Bulletin.com is Facebook’s new publication service. The VoiceCreator object in GraphQL has no apparent permissions, this means I can list the subscribers of a podcast/publication by email address.query a {bulletin_browse_publications(){__typename,publications{creator{id,name,email_settings{nodes{__typename,...on VoicesEmailSettings{confirmed_email{email_address}}}}}}}} Timeline Jul 2, 2021 – Report sentJul 7, 2021 – Fixed by Facebook Facebook incorrectly penalised me for “exploiting” which was just me retesting the … Continue reading Bulletin.com email address leak

philippeharewood.com

Bug Bounty Reports Explained @gregxsunday.bsky.social · Jun 25

Sometimes, one field is all you need for a bug #bugbounty #bugbountytips #bugbountyhunter

1 1

Bug Bounty Reports Explained @gregxsunday.bsky.social · Jun 24

GraphQL isn’t just an API to deliver our payloads. Often, its implementations are what actually cause them. To see what bugs it can lead to, studied disclosed bug bounty reports. IDORs, privescs, DoS, CSRFs, SQLis - it's all there. Enjoy!

Enjoy the videos and music that you love, upload original content and share it all with friends, family and the world on YouTube.

youtu.be

3

Bug Bounty Reports Explained @gregxsunday.bsky.social · Jun 16

If your GraphQL testing stops at introspection and ID swapping, you’re missing out. SQLi, CSRF, caching bugs, race conditions, WebSocket bypasses - it’s all there. I studies 90 real reports to find what actually works.

2

Bug Bounty Reports Explained @gregxsunday.bsky.social · Jun 16

Fuzzing vs broken access control bugs feat. Arthur Aires #bugbounty #bugbountytips #bugbountyhunter

Bug Bounty Reports Explained @gregxsunday.bsky.social · Jun 14

This is why you should run bug bounty tools from a VPS feat. Arthur Aires #bugbounty #bugbountytips #bugbountyhunter

Bug Bounty Reports Explained @gregxsunday.bsky.social · Jun 13

Managing your blind XSS payloads feat. Arthur Aires #bugbounty #bugbountytips #bugbountyhunter

1 1

Bug Bounty Reports Explained @gregxsunday.bsky.social · Jun 12

Generating target-specific wordlists feat. Arthur Aires #bugbounty #bugbountytips #bugbountyhunter

Bug Bounty Reports Explained @gregxsunday.bsky.social · Jun 12

Generating target-specific wordlists feat. Arthur Aires #bugbounty #bugbountytips #bugbountyhunter

1

Bug Bounty Reports Explained @gregxsunday.bsky.social · Jun 11

Automation to get Hackerone program updates feat. Arthur Aires #bugbounty #bugbountytips #bugbountyhunter

2

Bug Bounty Reports Explained @gregxsunday.bsky.social · Jun 10

In today’s episode, Arthur Aires shares his bug bounty methodology which starts with heavy fuzzing and automation to find the best assets for manual exploitation and escalation. Enjoy!🔥

Enjoy the videos and music that you love, upload original content and share it all with friends, family and the world on YouTube.

youtu.be

1

Bug Bounty Reports Explained @gregxsunday.bsky.social · May 28

In this video, Arthur Aires walks us through two real-world deserialization RCEs that include bypassing a class allowlist and then exfiltrating data via DNS.
Techniques you'll want in your toolbox. Enjoy!

Enjoy the videos and music that you love, upload original content and share it all with friends, family and the world on YouTube.

youtu.be

3

Bug Bounty Reports Explained @gregxsunday.bsky.social · May 21

An ATO that doesn’t make sense feat. Jasmin “JR0ch17” Landry #bugbounty #bugbountytips #bugbountyhunter

3

Bug Bounty Reports Explained @gregxsunday.bsky.social · May 20

Manipulating referer policy when DOM Purify is used feat. Jasmin “JR0ch17” Landry #bugbounty #bugbountytips #bugbountyhunter

1

Bug Bounty Reports Explained @gregxsunday.bsky.social · May 19

SQLi still exists in 2025 feat. Jasmin “JR0ch17” Landry #bugbounty #bugbountytips #bugbountyhunter

Bug Bounty Reports Explained @gregxsunday.bsky.social · May 17

Using match and replace rules for quickly applying polyglot payloads feat. Jasmin “JR0ch17” Landry #bugbounty #bugbountytips #bugbountyhunter

1 1

Bug Bounty Reports Explained @gregxsunday.bsky.social · May 16

Second order injections feat. Jasmin “JR0ch17” Landry #bugbounty #bugbountytips #bugbountyhunter