Today,
I brought a very small thing that is very valuable for someone who is starting a bug bounty. And finally, I will tell you some small tips and tricks related to this. It must be said that in many programs this has been directly mentioned as out of scope. Email flooding / rate limit issues etc.. Don't be surprised if I said this, my friends. Some programs have this too, if there is an impact, it can be considered. So let's go to the matruka….
This is how it starts. No need for much explanation. Go straight to the bottom of the web application you are testing. Or in some cases, it may be in the middle. The email subscription section. I will tell you a few common ways here,
- It can be just at the bottom of the site
- It can be in the footer
- It can be in the nav links like newsletter in the footer
- A little rare. When we register on a site, we can get the email subscription through it.
Now let's get to the story, enter your email in the box provided and press the subscribe button (make sure burp intercept is ON). To put it bluntly, it tells you to intercept the relevant subscribe request.
This is a POST request, the captured request should look like this,
Next, I'm going to tell you a very easy task. Send the request you received to the burp intruder. Now you will see,
I put the numbers in for ease, but when I saw it, my head felt like it was spinning. Don't mind guys.
1+2+3+4
Send the request to Burp intruder, go to the Positions tab , clear the § and Add § in the last number of the Accept-Language header like this Accept-Language: en-US,en;q=0.§7§
Go to Payloads tab and choose Null payloads in the Payload type
You can set how much email you want to send.. (50 for example in the Generate field) also Go to Optionstab and change the Throttle (milliseconds) Fixed value to 15000(i put) or more..
Finally, Click on Start attack and You will start receiving emails.
That's all. Now I'll tell you the trick. This is not a big deal. When you're looking for a bug, when you're stressed, read the program scopes. There are some that don't mention anything, and it's your job to find them.
I also do a lot of other things when I'm at work, like checking for new programs to install, new updates to old programs, etc. This is something you can do in a few minutes, and I have reproduced the steps in this one, so it's easy for you.
So, by finding this and increasing the impact, you can also get extra bounties. Just to give you an example, you can create a cli tool and show it in a way that when you type email + count, it will bomb.
I use this method a lot and I would post a recent report below, but unfortunately someone else beat me to it.
so Thanks for read, KEEP LEARNING…!