Discovered a SQL injection in a big program:
1. Find subdomains with amass/subfinder
2. Fuzz to find new/unknown endpoints
3. Pick one endpoint to inspect further and fuzz POST requests
4. Boom! time-based blind SQLi
#bugbountytips #wearehackerone #infosec #sqli njection #sqli
The film What Is A Woman has an amazing cast of real villains, but this one is the creepiest. Matt Walsh
Finally Valid Submission in Sony
Tip:
1. Shodan Dorking ssl:'*.target.com'
2. Use dirsearch to fuzz
#bugbounty #bugbounty tips #sony #hackerone