Bug Bounty Reports Explained (@gregxsunday)

30.06.2025 10:51 👍 0 🔁 0 💬 0 📌 0

GraphQL CSRF via the HEAD method #bugbounty #bugbountytips #bugbountyhunter

30.06.2025 10:51 👍 6 🔁 0 💬 1 📌 0

HackerOne disclosed on HackerOne: SQL injection in GraphQL endpoint... # Summary The `embedded_submission_form_uuid` parameter in the `/graphql` endpoint was vulnerable to a SQL injection. This allowed an attacker to extract information from the public and secure...

28.06.2025 10:51 👍 0 🔁 0 💬 0 📌 0

10/10 GraphQL SQL injection bug #bugbounty #bugbountytips #bugbountyhunter

28.06.2025 10:51 👍 3 🔁 0 💬 1 📌 0

GitLab disclosed on HackerOne: Insufficient Type Check on GraphQL... ### Summary As you have know, Maintainer cannot delete/archive repository. But via GraphQL, they can do as there exists an sufficient check on GraphQL...

27.06.2025 10:51 👍 0 🔁 0 💬 0 📌 0

Unexpected privilege escalation deletion bug #bugbounty #bugbountytips #bugbountyhunter

27.06.2025 10:51 👍 0 🔁 0 💬 1 📌 1

A.S. Watson Group disclosed on HackerOne: Access to internal info... This report was submitted during the Ambassador World Cup 2023 finale by the Spain team, who won the competition. The reporter @jfran_cbit got a critical bounty for this report, plus a bonus for...

26.06.2025 10:50 👍 0 🔁 0 💬 0 📌 0

Unauthenticated → Low privileges → admin #bugbounty #bugbountytips #bugbountyhunter

26.06.2025 10:50 👍 0 🔁 0 💬 1 📌 0

Bulletin.com email address leak - These aren't the access_tokens you're looking for Bulletin.com is Facebook’s new publication service. The VoiceCreator object in GraphQL has no apparent permissions, this means I can list the subscribers of a podcast/publication by email address.query a {bulletin_browse_publications(){__typename,publications{creator{id,name,email_settings{nodes{__typename,...on VoicesEmailSettings{confirmed_email{email_address}}}}}}}} Timeline Jul 2, 2021 – Report sentJul 7, 2021 – Fixed by Facebook Facebook incorrectly penalised me for “exploiting” which was just me retesting the … Continue reading Bulletin.com email address leak

25.06.2025 10:47 👍 0 🔁 0 💬 0 📌 0

Sometimes, one field is all you need for a bug #bugbounty #bugbountytips #bugbountyhunter

25.06.2025 10:47 👍 1 🔁 0 💬 1 📌 0

Enjoy the videos and music that you love, upload original content and share it all with friends, family and the world on YouTube.

GraphQL isn’t just an API to deliver our payloads. Often, its implementations are what actually cause them. To see what bugs it can lead to, studied disclosed bug bounty reports. IDORs, privescs, DoS, CSRFs, SQLis - it's all there. Enjoy!

24.06.2025 11:39 👍 3 🔁 0 💬 0 📌 0

If your GraphQL testing stops at introspection and ID swapping, you’re missing out. SQLi, CSRF, caching bugs, race conditions, WebSocket bypasses - it’s all there. I studies 90 real reports to find what actually works.

16.06.2025 14:33 👍 2 🔁 0 💬 0 📌 0

Fuzzing vs broken access control bugs feat. Arthur Aires #bugbounty #bugbountytips #bugbountyhunter

16.06.2025 10:03 👍 0 🔁 0 💬 0 📌 0

This is why you should run bug bounty tools from a VPS feat. Arthur Aires #bugbounty #bugbountytips #bugbountyhunter

14.06.2025 11:02 👍 0 🔁 0 💬 0 📌 0

Managing your blind XSS payloads feat. Arthur Aires #bugbounty #bugbountytips #bugbountyhunter

13.06.2025 11:03 👍 1 🔁 1 💬 0 📌 0

Generating target-specific wordlists feat. Arthur Aires #bugbounty #bugbountytips #bugbountyhunter

12.06.2025 11:07 👍 0 🔁 0 💬 0 📌 0

Generating target-specific wordlists feat. Arthur Aires #bugbounty #bugbountytips #bugbountyhunter

12.06.2025 11:06 👍 1 🔁 0 💬 0 📌 0

Automation to get Hackerone program updates feat. Arthur Aires #bugbounty #bugbountytips #bugbountyhunter

11.06.2025 11:06 👍 2 🔁 0 💬 0 📌 0

Enjoy the videos and music that you love, upload original content and share it all with friends, family and the world on YouTube.

In today’s episode, Arthur Aires shares his bug bounty methodology which starts with heavy fuzzing and automation to find the best assets for manual exploitation and escalation. Enjoy!🔥

10.06.2025 14:35 👍 1 🔁 0 💬 0 📌 0

Enjoy the videos and music that you love, upload original content and share it all with friends, family and the world on YouTube.

In this video, Arthur Aires walks us through two real-world deserialization RCEs that include bypassing a class allowlist and then exfiltrating data via DNS.
Techniques you'll want in your toolbox. Enjoy!

28.05.2025 10:31 👍 3 🔁 0 💬 0 📌 0

An ATO that doesn’t make sense feat. Jasmin “JR0ch17” Landry #bugbounty #bugbountytips #bugbountyhunter

21.05.2025 09:14 👍 3 🔁 0 💬 0 📌 0

Manipulating referer policy when DOM Purify is used feat. Jasmin “JR0ch17” Landry #bugbounty #bugbountytips #bugbountyhunter

20.05.2025 09:13 👍 1 🔁 0 💬 0 📌 0

SQLi still exists in 2025 feat. Jasmin “JR0ch17” Landry #bugbounty #bugbountytips #bugbountyhunter

19.05.2025 09:11 👍 0 🔁 0 💬 0 📌 0

Using match and replace rules for quickly applying polyglot payloads feat. Jasmin “JR0ch17” Landry #bugbounty #bugbountytips #bugbountyhunter

17.05.2025 09:11 👍 1 🔁 1 💬 0 📌 0

Second order injections feat. Jasmin “JR0ch17” Landry #bugbounty #bugbountytips #bugbountyhunter

16.05.2025 09:19 👍 0 🔁 0 💬 0 📌 0

Enjoy the videos and music that you love, upload original content and share it all with friends, family and the world on YouTube.

In this episode, Jasmin “JR0ch17” Landry breaks down how he consistently lands highs and crits - from SSRFs to less common bugs like XXEs and SQLis. Enjoy🔥

14.05.2025 14:03 👍 2 🔁 0 💬 0 📌 0

Hunting for privilege escalations by modifying the JS feat. @renniepak.nl #bugbounty #bugbountytips #bugbountyhunter

19.03.2025 11:57 👍 1 🔁 0 💬 0 📌 0

$50k XSS in a web3 website feat. @renniepak.nl #bugbounty #bugbountytips #bugbountyhunter

18.03.2025 11:57 👍 3 🔁 0 💬 0 📌 0

The CSPBypass website feat. @renniepak.nl #bugbounty #bugbountytips #bugbountyhunter

17.03.2025 11:57 👍 1 🔁 0 💬 1 📌 0

The mysterious bug bounty methodology

15.03.2025 11:57 👍 0 🔁 0 💬 0 📌 0

Bug Bounty Reports Explained

Latest posts by Bug Bounty Reports Explained @gregxsunday