Sorry for the silence from me lately with regards to any new writeups or anything interesting! The new dad life has been something interesting to adapt to, but I am loving every second of being a dad to my beautiful son. I am slowly finding a routine with work and…

BugBountyHunter.com opened early November 2020 and the amount of growth we have seen in members has been phenomenal! Members have been using BARKER to build confidence with testing web applications and leaving no stone unturned, with the end goal to apply this mindset on bug bounty programs..

We’re finally happy to announce we have re-opened membership on BugBountyHunter.com and we’re ready to welcome new members. https://www.bugbountyhunter.com/ However please note, we actually did plan on re-opening a little later but with the amount of people wanting to join we prioritised re-opening. …

Greetings! In this post I plan to outline some changes I’ve made to bugbountyhunter since launch and future plans for the platform. At the time of writing we are not currently accepting new members (we’re training over 700+ members currently!) however after our next major upgrade we will begin to…

Hi there! What a year it’s been right?! Let’s not mention the C word… it’s lockdown in 2hours here in the UK. Yay. Although, I do hope you are all well & safe! We will get through this ❤ Carrying on.. …

This is another bug that was right in front of everyone because if you didn’t purposely look for it you’d never realise personal information was being ‘secretly’ leaked. How does this feature work..? When testing on [redacted] I noticed this piece of text: Checking this box allows us to share your address with the list…

Sometimes new features designed to generate revenue for a company can be rushed and sometimes not enough thought has gone into how to securely implement this new feature into the main web app. What does that usually mean? Bugs! The bigger the company the more products planned on the road…

Do any of you use Intruder when checking out subdomains? For me personally I use a tool called “XAMPP” which lets me run PHP locally combined with intruder. From here I then create a simple redirect script inside index.php, <?php $url=$_GET[‘url’]; header(“Location: “.$url); ?>. Next I modify my /etc/hosts/ file…

This post is going to outline how I simply applied my methodology and managed to find multiple vulnerabilities leaking airline passenger information on a YesWeHack bug bounty program. My experience on YesWeHack has been extremely good as the companies engage & communicate with you on reports to understand the issue…