Hello everyone, do you remember the content we shared last time? In the previous article, we shared a case involving a pre-authentication takeover vulnerability and an API security vulnerability (regarding product information leakage) on an e-commerce website. Today, we will continue to share two other vulnerability cases discovered by researcher Injamam, hoping to provide some insights for everyone.
- API vulnerabilities: Exposing Content of User-Deleted Comments
- Directory brute forcing leads to information disclosure
Click here to know: E-commerce website vulnerability bounty practice sharing: Pre-Authentication takeover, API security vulnerabilities And Directory Brute Forcing(I)
Takeaways of Bug Bounty
① Be Creative
② Understanding the Application
③ Combining Techniques
Click here to know the details: E-commerce website vulnerability bounty practice sharing: Pre-Authentication takeover, API security vulnerabilities And Directory Brute Forcing(Ⅱ)
Top comments (0)