Beginner Bug Bounty Guide - Part 7

Bugs that we can find via Recon?

  1. Sensitive endpoints
  • API that are hidden/testing purpose, which leak sensitive data.
  • Storage bucket with improper permissions having write, add, delete permission to public.
  • Endpoints which gives log information. (this may require you to file/directory bruteforce).
  • Development, Testing, UAT, QA, Staging, etc URLs. These environment are relatively less secure.
  • Sensitive File exposure: Backup files, config files, file system accessible via URLs etc.
  • Companies generally patch the critical assets quickly as compared to non-critical, and would sometime may result in a publicly access service unpatched.
  • Running a simple vulnerability scan like nuclei, nikto, burp, we can identify low hanging bugs, which may give up high bounty.
  • useful documentation, API documentation (like simply search the complete document for command, os, run, execute, etc keywords).
  • You may find router, switch, etc console.
  • The user may set trivial username and password, like admin:pass




Learner. Curious about Security

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Designing a Service for Password-less Temporary Access to Resources

CounterCraft closes $5m of funding to take best in class Threat Detection & Intelligence platform…

Release of the NFT Storage Mainnet and Increased Staking Rewards!

Tesla sends out ‘Cyber Rodeo’ invites for Giga Texas opening

Retrospective: Recent Coinbase Bug Bounty Award

“7 Cybersecurity Training Tips For Employees.” (From our Forums.)

Ardor Projects’ Events Calendar, Sept 2nd week

Secure Application Architectures

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Takshil Patil

Takshil Patil

Learner. Curious about Security

More from Medium

Beginner Bug Bounty Guide - Part 4

My Pentest Log -1 — (Fuzzing + Information Disclosure)

Multiple ways to find sql and cheatsheet

Bug Bounty Methodology — Bug Hunting Checklist (PART-1)