ไม่สามารถเล่นวิดีโอนี้
ขออภัยในความไม่สะดวก
3 Real API Bugs I got a bounty for
ฝัง
- เผยแพร่เมื่อ 13 ต.ค. 2023
- This is a series of mildly Halloween-themed hacking stories for October. I'm going to walk you through my most unimpressive, easy, and straightforward vulnerabilities as I tell three stories of real bugs in real production systems. In this video, we take a look at some API flaws. I've (obviously) had to omit a lot of details, even though these bugs are resolved, sometimes clients worry about disclosing, so no permission = no details on client names, programs, platforms or anything else, all screenshots are taken from unrelated and mildly similar products. ANYWAY, I hope you enjoy the slightly shorter videos.
This video is kindly sponsored by Snyk, sign up to their Fetch The Flag CTF on October 27th via my link snyk.co/ctf-insiderphd and don’t forget about their CTF 101 workshop on October 17th where you can get hands on practice and help from Synk staff! With over 30 challenges and prizes for the top 3 teams it’s a great chance to learn new skills, do something with friends or just challenge yourself!
I'm only here for the cute animated Katie avatar! 🤩
Seriously, though: thanks for sharing your hacking stories with us.
Thanks for giving back to the community
Thank you katie your videos are really helpful for us please make full video on READ THE DOCS .
Great video thank you these really do help :)
Thank you! 🙂 I'll need to go back and find your other GraphQL videos.
Katie I just want you to know your videos helped me find my first bug a few weeks ago and I got paid $5k after that my life is changed I know I can actually make money doing this thank you so much and God bless you for real
That’s amazing well done man, that’s a fantastic first bounty 💪 keep at it and I’m sure you’ll be earning $$$$
@@InsiderPhD yes ma’am just wanted you to know that what you do does make a difference in peoples lives if you ever doubt yourself about that, I’m living proof haha again thanks and have a great one ☝️
yes thanks to katie, but i havent found a bug that got paid yet, all of the bugs i found was p5, where are you hunting and what kind of bugs are you looking for?
@@josetranscriptionist7927 I’m hunting on mobile apps and looking for api bugs like idors on them etc
@@josetranscriptionist7927 check out Katie’s video on mobile bug bounty on android with gent motion. Specifically that video is what led to me getting my first bounty. Hope this helps and good luck friend
I immensely benefit from your videos!! I have a question? Is there age factor for Bugbounty i m in mid 30s,, can i be successful if i work Hard at this age!! Already got basics!!
please full video
Please make more
Love your videos ! I’ve a simple question, in your opinion for someone( like me , 32 old) wants to start hacking in 2024 ( bug hunting ) , a learning path ?
I cannot understand the csp bypasses and dangling payloads in xss can you recommend resources and labs
Thank you katie im beginner im focus on xss csrf & blind xss any any advice give me to help me level up my skills thank you alot
Make sure you’re not getting tunnelvisioned on those bugs, learn the signs of a few others so you can adapt on the fly. Write some JavaScript projects to better learn the language.
❤
I am really interested in finding How did you cause the error in the first part??
Missed out a {!
what did you do to cause an error in the GraphQL bug ?
I think initially I just sent a malformed query and we were trying to get Java deserialisation, until we pivoted to nested json and poped it as an application level dos
Katie Am Expecting How To Find Waf Bypass Xsa Businesses P1 Bug's like. Account Takeover , SQL INJECTION
P1 bugs the easiest ones are account takeovers, usually because a password reset is bugged, you can generate a token for any account or you can reset any account with a valid token
cool anime!!!
Not sure if intentional or not but you are leaking the target you against for the 1st bug in one of your screenshots.
Can you give me road map to become bug bounty hunter
أستمر اتمنى لك التوفيق والنجاح أنا صديقه جديده في انتظارك احلى لايك
*our bugs are not interesting enough