E-commerce website vulnerability bounty practice sharing(Ⅱ)
#security#writing
TECNO Security

TECNO Security @tecno-security

About: TECNO Security Response Center is a platform for cooperation and exchanges between TECNO and security industry experts, researchers, and organizations.

Joined:
Mar 26, 2024

E-commerce website vulnerability bounty practice sharing(Ⅱ)

Publish Date: Oct 17 '24
0 0

Hello everyone, do you remember the content we shared last time? In the previous article, we shared a case involving a pre-authentication takeover vulnerability and an API security vulnerability (regarding product information leakage) on an e-commerce website. Today, we will continue to share two other vulnerability cases discovered by researcher Injamam, hoping to provide some insights for everyone.

  • API vulnerabilities: Exposing Content of User-Deleted Comments
  • Directory brute forcing leads to information disclosure

Click here to know: E-commerce website vulnerability bounty practice sharing: Pre-Authentication takeover, API security vulnerabilities And Directory Brute Forcing(I)

Takeaways of Bug Bounty
① Be Creative
② Understanding the Application
③ Combining Techniques

Click here to know the details: E-commerce website vulnerability bounty practice sharing: Pre-Authentication takeover, API security vulnerabilities And Directory Brute Forcing(Ⅱ)

Comments 0 total

    Add comment