Good example of some of the fun ways you can hunt IDORs. I found two today where all I had to do was change a "10" to a "1000000" in the URL path and I got a million accounts back instead of Top 10. Whoops!
I got flooded with questions recently. Common theme: how do I pick which program to hack at? I only pick programs which interest me, have a fast response time, pay well, that do not out-law most vulnerabilities, and are simple to get started with. Slow response time is💩
For those of you looking to get started in bug hunting, check out the Bugcrowd blog series where I share some tips and tricks to help you get going! Thanks @Bugcrowd for letting me share this information and making it easy for us to get the job done!
I get asked what tools I use to find bugs a lot. Answer: Windows 10 (I wouldn't lie), Firefox, Burpsuite Professional, Python if needed, and my brain. Best add-on for Burpsuite - "BurpJSLinkFinder". It parses all your JS looking for hidden hyperlinks as you visit pages.
When you are bounty hunting large programs, do not start with the front door (obvious stuff)! Santa Clause uses the chimney to break into peoples houses. Look for chimneys in the applications you test (the less popular end points), and work backwards from there. Treasure hunt!!
$112K+ with a single program in < 6 months. I am posting this to encourage bug hunters to stay with one program longer and dive deeper, NOT to boast! I am blessed! Test manually, dive deeper! You can make tons of $$ bug hunting. Look for IDOR's, easy $$ scanners miss. #bugcrowd
Nothing like finding 4 x P1s in just a few hours! A bot would not have found these, so remember bug hunters, test manually and read through code yourself looking for strange functions and URL calls, you may find buried treasure. They haven't automated the human brain. #bugcrowd