Aman BhuiyanMy Second Bug: XSS(self) on Comment BoxHi Bug Hunter, Today, I am writing about my second bug discovery on VDP (Vulnerability Disclosure Program). My First Bug was XSS via HTML…Sep 191Sep 191
Aman BhuiyanBypass Brute-force IP BlockIn bug bounty, sometimes we are stuck by the target login page when we attempt too many invalid usernames or passwords. Most of the time…Aug 25Aug 25
Aman BhuiyanStatus Codes You Have to know as a Bug HunterParticularly for web application testers, HTTP status codes are important for application security. After collecting subdomains, you must…Jun 29Jun 29
Aman Bhuiyan5 Common Methods to Bypass OTP Authentication in Bug HuntingAn authentication bypass vulnerability is a weakness in a system that’s supposed to check who a user is. It allows attackers to slip past…Mar 20Mar 20
Aman BhuiyanSQL injection attack, listing the database contents on non-Oracle databasesStep 1: Go to the product category to ensure whether this is SQL injection vulnerable or not. If it shows ‘Internal Server error Or HTTP…Aug 11, 2023Aug 11, 2023
Aman BhuiyanSome Basics of SQLiSome of the common SQLi commands which are important to perform SQL injection attack:Aug 1, 2023Aug 1, 2023