Comments on: WRITE UP – GOOGLE BUG BOUNTY: LFI ON PRODUCTION SERVERS in “springboard.google.com” – $13,337 USD

By: Binamra

Binamra — Sun, 14 Feb 2021 13:30:43 +0000

Hey bro i am also learning bug bounty. It’s been about 6 months. What i do is directly hunt on website. Don’t know much about recon, can you explain little on how to do recon because haven’t go more then 3 valid bugs i think this is because not doing any recon and others things.. Any tips bro ?

By: milad

milad — Sun, 28 Jun 2020 13:04:15 +0000

Hey, congratulation and thank you for all this information.

Could you please share the report that you send to google, to see the template and how you write report ?

Thank you !

By: pinudsdos

pinudsdos — Fri, 03 Apr 2020 20:04:08 +0000

Годнота спасибо

By: Anonymous

Anonymous — Sat, 01 Feb 2020 06:02:28 +0000

Thanks in support of sharing such a good idea, article is good, thats
why i have read it entirely

By: omespino

omespino — Tue, 19 Nov 2019 16:40:09 +0000

In reply to Aditya. Hey, I just update this blog with some slides about my talk in google security yearly event called ESCAL8 where I describe in more specific detail how I have found this but, and also explain how I have found that parameter, thanks for reading

By: Aditya

Aditya — Mon, 18 Nov 2019 22:43:52 +0000

I really want to know how did you find that file parameter? After ANOTHER_DIR

By: omespino

omespino — Thu, 03 Oct 2019 20:05:54 +0000

In reply to 0x1bitcrack3r. Thank you for reading thanks for your comments, happy hunting.

By: 0x1bitcrack3r

0x1bitcrack3r — Thu, 03 Oct 2019 06:07:34 +0000

This is an amazing finding man. You recon process is very simple. Keep up the good work.

By: omespino

omespino — Fri, 06 Sep 2019 22:14:53 +0000

In reply to Afolic.

Hey thanks for reading, I created a custom list from Fuzz and Discovery/Web-Content, but to be honest at the end I always use the all.txt from Jhaddix and wait, for parameter bruce forcing I never look for that but I have reading that Arjun by somd3v is really cool to do that https://github.com/s0md3v/Arjun

By: Afolic

Afolic — Sun, 01 Sep 2019 23:06:53 +0000

In reply to omespino. Thanks for this amazing write-up, I really would like to know your recommendation on the wordlist to use, seclist has tons of wordlist and that makes it difficulty to choice the correct one for dir bruteforce and also I would love to Know if there is any wordlist for parameter bruteforce, not sure if that's a thing. Thanks for the write up once again.