Welcome to the comment section! First, thanks for watching! Make sure you are subscribed if you liked the video! th-cam.com/users/BugBountyReportsExplained Follow me on twitter: twitter.com/gregxsunday ✉️ Sign up for the mailing list ✉️ mailing.bugbountyexplained.com/ ☕️ Support my channel ☕️ www.buymeacoffee.com/bountyexplained 🖥 Get $100 in credits for Digital Ocean 🖥 m.do.co/c/cc700f81d215
I am fullstack web developer for the last 3 years, just now dipping my toes into security. Was wondering how long you have been doing this? Also, how long do you think it would take a green dev like myself to get their first bounty?
hi, at the time of finding this I had one year experience in pentesting. As a web developer your are in a good position because you understand the web stuff. However, I would not recommend you starting with bug bounty as it's rather competitive field and not finding bugs might be discouraging. You should take a look into resources like pentrsterlab and potrswigger websec academy and then after a few months you might find your first bug.
i think i spent about 8 hours working to get the environment ready on my PC. Then, I gave up and tried on my VPS and it worked straight away. The testing was about three 8-hour days.
Is it just me, or is the fix actually that they added the 'try'--it looks like they're still parsing undefined (**edit:** "still attempting to access "protocol" on undefined") in this edgecase, the test just produces a warning as far as I can see 🤔.
Sure, I was just commenting on your explanation that they fixed it by "validating that there is a 'registeredRedirectUri'", when in fact its the try/catch that graciously handles the error now 🙂. The "validation" just produces a warning, and the attempt to access `.protocol` is still allowed to happen as far as I can see.
I don't think I'm good enough to give you methodology. For this bug I just installed the app locally, I was finding interesting spots and reading the source code
From my view you are great at both source codes analysis and pentesting .if you have time, make a video how you approach a target it would be a great help for noobies like me 😂
hi, I honestly don't know why YT add auto-generated subtitles to some of my videos and not to others. For now, I have to rely on that. Maybe with time, I will hire someone to add subtitles to my videos.
![กี่หมื่นฟ้า | Your Sky Series EP.1 [1/4]](http://i.ytimg.com/vi/vLGjxFL6U_I/mqdefault.jpg)
Welcome to the comment section!
First, thanks for watching!
Make sure you are subscribed if you liked the video!
th-cam.com/users/BugBountyReportsExplained
Follow me on twitter:
twitter.com/gregxsunday
✉️ Sign up for the mailing list ✉️
mailing.bugbountyexplained.com/
☕️ Support my channel ☕️
www.buymeacoffee.com/bountyexplained
🖥 Get $100 in credits for Digital Ocean 🖥
m.do.co/c/cc700f81d215
thank you for posting your story it's really encouraging
I hope it will be useful!
Man thanks u make it a lot easier to understand than any videos I’ve seen so far, you get right down to the point exactly thanks again...
I'm very glad to hear it mate!
I am fullstack web developer for the last 3 years, just now dipping my toes into security. Was wondering how long you have been doing this? Also, how long do you think it would take a green dev like myself to get their first bounty?
hi, at the time of finding this I had one year experience in pentesting. As a web developer your are in a good position because you understand the web stuff. However, I would not recommend you starting with bug bounty as it's rather competitive field and not finding bugs might be discouraging. You should take a look into resources like pentrsterlab and potrswigger websec academy and then after a few months you might find your first bug.
ótimo vídeo, você minha espiração . Brasil aqui .
: )
obrigado!
Very interesting !!! Looking forward to your next BBR :D
Great catch! Is the database you were able to view in the internal gitter server you locally set up?
yes, the mongo is easy to set up using docker-compose and it exposes the web interface i've shown on port 27017.
Congratulations, you inspire!
congratulations bro.. And your channel is unique and aswome too.
thanks bro🤛
Good job! How many hours went into that?
i think i spent about 8 hours working to get the environment ready on my PC. Then, I gave up and tried on my VPS and it worked straight away. The testing was about three 8-hour days.
Thanks, bro. Nice explanation.
thanks mate
I am lucky, that I found this channel, :)
This was really awesome.
thanks mate
How many websites can we scan at the same time
Elegant work well explained:) Congrats on your $1000 bounty. Subbed!
thanks!
Yeah fb also has redirect uri for every appid
👌
I thought it was a "GTA BOUNTY" after i read the title XD
I see a good idea for CTF challenge in this comment😂
Good job... Keep it up.
Is it just me, or is the fix actually that they added the 'try'--it looks like they're still parsing undefined (**edit:** "still attempting to access "protocol" on undefined") in this edgecase, the test just produces a warning as far as I can see 🤔.
the problem was just using undefined.something and it threw an error that you wanted a property of undefined. They fixed just that here.
Sure, I was just commenting on your explanation that they fixed it by "validating that there is a 'registeredRedirectUri'", when in fact its the try/catch that graciously handles the error now 🙂. The "validation" just produces a warning, and the attempt to access `.protocol` is still allowed to happen as far as I can see.
I have a Vulnerabilityreport of myn, 1st bounty......
Can you please make a video???
send me the report
@@BugBountyReportsExplained mail address please!!
Nice findings
thank you!
Subscribed!
welcome Vinny!
U gotta get bonus from URL redirection
I dont quite understand
Great Job!!! :)
thanks
Could You Please Upload The Captions..??
Auto-Generated Caption Would Also Work..!!
yes Saraswati, I've added english subs 😉
What are the essential programing languages I should learn to become Ethical Hacker?
the only essential thing is understanding how websites are developed.
i am astudent and want to be a ethical hacker and do bug bounty where do you think i should start from
I'd suggest owasp testing guide as a starting point and getting some practice on pentrsterlab and potrswigger's websec academy
how do I open the web application's file in visual studio code ?
You need to have the source code
Just copy the source code to vsc??
Is that it ?😅
@@aneeltripathy7420 git clone and then open the folder in vsc
Thank you 💙
can you share you methodology it would be a great help
I don't think I'm good enough to give you methodology. For this bug I just installed the app locally, I was finding interesting spots and reading the source code
From my view you are great at both source codes analysis and pentesting .if you have time, make a video how you approach a target it would be a great help for noobies like me 😂
wow great
thanks
I am gonna assume that you have tried and realized that nosql injection isn't possible
what makes you think nosql injection was present? just the sheer fact they use a nosql database?
I thought the client_id parameter's value will be part of request to mongodb. Will it not?
Sorry if i appeared unfriendly and I appreciate your eloquent videos
hyy bro i want to exploit graphql ?? any idea how?
watch my video about gql vulnerability in Hackerone
Hi, can you add english subtitle ? Thanks
hi, I honestly don't know why YT add auto-generated subtitles to some of my videos and not to others. For now, I have to rely on that. Maybe with time, I will hire someone to add subtitles to my videos.
@@BugBountyReportsExplained OK thanks you
It's complicated
maybe I can clarify something for you?
Ok
Po polsku nie możesz?
w tej branży i tak bez angielskiego ani rusz
/super $
🤑