@@raghs3889yes it is also a issue that you explained. see below comments that I given the explanation. I will explain a little bit . The jwt is easily guessable it is encoding with email last like gonator.com then it holds the user id . User id is assigned in ascending order.

@@user-th3ym9nt2p drop you social media handle .I will send to you

@@user-mo8uj9vq5u thanks for the Collab request. I escalate into RCE for jinja2 instances I cut the part and just uploaded. If I got anything I will Collab . Try to drop the social media link to contact you . Any way they scammed me for not getting any response from their side.

@@A9x-AkhilReddy u have twitter ill add u

or ur insta id ???

@@BMV-kl1br why bro ask here bro .I will give a solution if I have it.

@@zedvn3792 it just a part of testing bro .even If I don't the target at first . I just randomly check everything . The most important thing is if you open any domain in your browser go through the entire source code .you can get some most interesting url ,URI , endpoints , parameters, in that source code. That time I saw this I just added the "> but nothing happened . But it reflects the exact same value inside it . Then I add these symbols for further testing how things are really working . Then I just add ;, ?so it happened .Then it comes out of the tag .then I inject simple html payloads it worked .while I was testing for xss .the waf blocked me .so I have some payloads list that saves from all over the internet .I sent it to the intruder .and checked the response of 218 payloads .then I got the xss . I hope I clarify it for you .

@@A9x-AkhilReddy nice bro

​@@zedvn3792 unfortunately it is duped .but any way I explain the scenario . Basically the jwt contains the the user id and the last name of email gonetator.com . It is assigned successfully . I was testing on three different emails to create an account. But in those responses it is the same as what I told you about above . So the server assigned a jwt so it is predictable . So that was the flaw in creating multiple accounts . Without correct OTP .

@@naho534 I didn't understand your point

@@A9x-AkhilReddy what tool did you use to find the xss vulnb

@@sukremez1870 I got you back . If you test any application you just gather info about the technology they used . Then you are testing like hit and trail . Everything about the website you have to test for different aspects in a different manner .if you don't know where you want to test.you just read the documentation of the website you are testing . It would help you what endpoint and what was the details fetch from backend to front end simple how it is working . And that was the phase where I discovered the first name and second name is vulnerable to SSTI.then I check what was they used template to process the data .then I got to know it was Jinja2 instances template is used . Then I tried a simple payload. And it worked . Then I dig deep to escalate into RCE. I hope I just clear your question

@@A9x-AkhilReddy aight got it

@@NethaxStark search it on Twitter or Google it .

@@A9x-AkhilReddy Your list !

@@NethaxStark how did I sent it to you bro .provide your discord link . I would send you my list

@@bountyvitcim it is not a bug bounty program. I randomly got this domain in a YT ad . So I was looking for a website .I just add </script> tag in URI .so it get out of it . Then I mailed him and I found a bug In your systems . Then they responded within a week .then the guy who replied to the mail he gave a mail of their security team . Then I reported . After a month of waiting they are telling us we are not given any reward at least I asked a swag .nothing bro .I found a 36 xss and 4XML injection , 2 sqli and 2 authentication bypass ATO and business logic bugs we can use premium features for free . in that domain and subdomain.

@@aatankbadboy3941 no bounty .scammed me . I found a sql injection also in that website . But I dumped the entire data and upload a shell and remove important files . This is a long scary story . They rebuilt everything from scratch.

@@aatankbadboy3941 by the way it is a open bug bounty program back in 9 months ago

Wew

@@Erontos01 still a noob to explore new things

@@Couple-Rounds I know him bro .twitter hot topic on infosec . I don't disclose bounty amount bro.

@@A9x-AkhilReddy why not please share the bounty amount as i am also beginner to this

@@avinfajar7278 no I didn't get any reward

@@gk_eth I show a simple payload in this poc . I cut the interesting part I escalate into RCE

@@A9x-AkhilReddy if rce, got bounty then? if yes, does this website have bounty program in hackerone/bugcrowd? or no?

@@kiirapookii they patch the vulnerability and doesn't give any reward

@@A9x-AkhilReddy very sad ...keep hunting on good programs

Kya setup bhaii ?? Is it Burp suite are anything else

@@A9x-AkhilReddy otp bypass karna hai mujhe gaming app ka

No bro I don't do that .

Scam .no reply from their side 3 months ago report .

Same here no bounty

@@vishnuyadav5583 yemi cheyala lemu bro .leave it .

You are welcome

No bro . They are saying we are leave this as intentionally. It not a duplicate and not eligible for reward

No response bro .they patched the report . I reported 5 bugs CSTI , Stored xss ,XSS,BAC, privilege escalation

@@A9x-AkhilReddy thats sad let me know if you got any response, i was too deciding to submit some on code chef

@@SakayaNagii no bro you didn't get any response from their side . if you report they are simply patch the report and didn't respond to your mail . waste of time to participate in that

@@A9x-AkhilReddy alright thanks, can we share some programs?

@@SakayaNagii you can hack on taxdome , nimvelo, simwood

Yup i know telugu