Is information disclosure with wp-json endpoints considered?

Found out an interesting endpoint /wp-json/wp/v2/users of a service leaking some name slugs avatars link

Found a potential email from slug thinking it's for a username it does leak with Gmail-com wordpress login proves the email exists but password is not exposed

Will it classify as information disclosure the bug bounty accepts some information disclosure vuln
But a case like this will it be accepted?

Im really new to bug bounty so some tips in these scenarios can be appreciated.

Thanks!

https://redd.it/1pxpuxn
@r_bugbounty

built the best no code opensource security automation platform (kinda)

Most bug bounty hunters I know rely on a bunch of different tools. Nuclei for templates, maybe Semgrep for code analysis, plus a lot of manual checking. It works, but everything feels scattered.

I was doing the same thing. Scripts everywhere, some half broken, some forgotten. Instead of adding yet another noscript, I decided to build something that actually helps orchestrate the tools properly.

That turned into ShipSec Studio, which we open sourced. It’s a no-code way to chain security tools together using a drag and drop workflow builder, without writing brittle Python or bash glue.

What people are using it for:

* Run Nuclei templates and automatically follow up with deeper analysis
* Recon workflows that combine multiple tools and unify results
* Mass scanning with Trivy or similar scanners on schedules
* Scanning every build before release and auto-creating tickets
* Reusable, versioned workflows you can share with a team

Repo: [github.com/shipsecai/studio](http://github.com/shipsecai/studio)
Live: [studio.shipsec.ai](http://studio.shipsec.ai)

Feel free to try it out. If it’s useful, a star is appreciated. If you run into issues or have ideas, DM me. I’m iterating fast.

https://redd.it/1pxsvih
@r_bugbounty

smuggler v1.1 tool false positive

Anyone here been using smuggler v1.1 tool?

Got this results, however when i tried running it again it is not flagging anymore. Already encountered similar results from other target, flag once then running the scan again.

Results on 1st run:

[endspace-ff\] : OK (TECL: 0.14 - 501) (CLTE: 0.13 - 501)

[xprespace-ff\] : Potential CLTE Issue Found - GET @ hxxps://endpoint.redacted.com/ - default[.\]py

[CRITICAL\] : CLTE Payload: /home/kali/Documents/python-noscripts/tools/smuggler/payloads/https_endpoint_redacted_com_CLTE_xprespace-ff.txt URL: hxxps://endpoint.redacted.com/

[endspacex-ff\] : OK (TECL: 0.16 - 501) (CLTE: 0.15 - 501)


Results after retry:

[postspace-ff\] : OK (TECL: 0.13 - 400) (CLTE: 0.13 - 400)

[prespace-ff\] : OK (TECL: 0.34 - 200) (CLTE: 0.42 - 200)

[endspace-ff\] : OK (TECL: 0.13 - 501) (CLTE: 0.12 - 501)

[xprespace-ff\] : OK (TECL: 0.35 - 200) (CLTE: 0.74 - 200)

[endspacex-ff\] : OK (TECL: 0.10 - 501) (CLTE: 0.13 - 501)



https://redd.it/1pxxftn
@r_bugbounty

Public programs are too competitive

Is it a good strategy to build up my reputation through VDP for a while and then earn bounty money once I get invited to private programs?

More importantly, do you actually get invited to private programs just by building a reputation through VDPs?

https://redd.it/1pye7nw
@r_bugbounty

Any better ways for finding XSS and IDOR?

So basically, most of my work relies on automated tools. First, I use parameter discovery tools and save the results in a folder. Then I crawl for IDOR-related parameters. For XSS, I use Dalfox, which automates payload testing on the parameters file. Sometimes I also do manual testing when I find parameters that look really promising.
Is this a good approach, or do you have better tools or workflows to recommend? There are literally so many subdomains to hunt, and even more vulnerabilities to figure out.

https://redd.it/1pyenp4
@r_bugbounty

Weekly Collaboration / Mentorship Post

Looking to team up or find a mentor in bug bounty?

Recommendations:

Share a brief intro about yourself (e.g., your skills, experience in IT, cybersecurity, or bug bounty).
Specify what you're seeking (e.g., collaboration, mentorship, specific topics like web app security or network pentesting).
Mention your preferred frequency (e.g., weekly chats, one-off project) and skill level (e.g., beginner, intermediate, advanced).

Guidelines:

Be respectful.
Clearly state your goals to find the best match.
Engage actively - respond to comments or DMs to build connections.

Example Post:
"Hi, I'm Alex, a beginner in bug bounty with basic knowledge of web vulnerabilities (XSS, SQLi). I'm looking for a mentor to guide me on advanced techniques like privilege escalation. Hoping for bi-weekly calls or Discord chats. Also open to collaborating on CTF challenges!"

https://redd.it/1pypyw6
@r_bugbounty

Can someone provide the resource link for these books.ie, GitHub repository?

1. The Linux Command Line: A Complete Introduction
Author: William Shotts
2. The Basics of Hacking and Penetration Testing
Author: Patrick Engebretson
3. CompTIA Network+ Certification All-in-One Exam Guide (Exam N10-008 or N10-007)
Author: Mike Meyers
4. Real-World Bug Hunting: A Field Guide to Web Hacking
Author: Peter Yaworski
5. The Hacker Playbook 3: Practical Guide to Penetration Testing
Author: Peter Kim


https://redd.it/1pz7y57
@r_bugbounty

my approach in bug bounty

I literally waste my 2025 due to lack of discipline and misleading approach. In starting of 2025 i just waste the time of doing only tryhackme and other labs, and currently I decided to only read disclosed writeups and doing bug hunting on real world and in doing bug bounty I only pick 1 target in bugcrowd and observe how the application works like i go everywhere in application fetch every request with the help of burpsuite and see every paramter and understand each parameter working and also oberve how application react when I do the normal user actions and when i perform the unexpected actions. But in these I can't able to do xss because I only read xss blogs but doing bug hunting as i mentioned above due to this I am not able to test xss. I stucked that what I need to do, is my approach is in a right way or need some better modifications

https://redd.it/1pz8va8
@r_bugbounty

Is this suppose to happen..?

I recently just got home from college and I keep hearing this noise but I didn’t know where it was the first night and come the second night I had my dad check my room and he checked three different times and there was nothing around so now it’s the fourth night and there’s this running or like scratching noise inside my drawer, but there’s nothing inside the drawer or around or under so I believe that it’s inside the wood around the dressers. Do we know what this could be? should I be scared? or do I go to bed?

https://redd.it/1pzayqc
@r_bugbounty

From Desktop To Macos

hello guys i wanna ask you about switching from linux to macbook i have desktop pc is ryzen 5 3600 and rtx 3060 12 g and 16g ram and i want to switch to MacBook air m2 16 2022 because i got bored from learning in the same place i wanna start going outside to learn there’s no problem with macos

https://redd.it/1pzbe8z
@r_bugbounty

I found 7 critical Prompt Injection bugs in the last 2 months. Here is the framework I developed.

Hi everyone,

Over the last two months, I've been focusing heavily on AI-powered applications. After identifying 7 critical prompt injection bugs and quite a few low-hanging fruits, I wanted to share the framework I developed for hunting on these specific targets.

Here is my workflow:

### 1. Information Gathering

Just like any other target, you must first understand the system. The more you know about the architecture, the easier it is to spot vulnerabilities.

You need to identify three main factors:

* **Capabilities:** What can the app actually *do*? Can it modify sensitive info? Can it browse arbitrary domains?
* **Tools:** What tools does the AI agent have access to? (Simple test: Just ask the agent *"What tools do you have access to?"*, it will often list them).
* **Access:** What user data can the app read? Does it have access to your emails, calendar, Drive docs, etc.?

**Pro Tip:** Try to retrieve the system instructions.
> Getting the underlying system prompt gives you a clear map of how the AI is programmed to behave, its guardrails, and its limitations.

---

### 2. Injection Points

Map out every single input source the AI application can receive as data.

This takes many forms:

* **Documents:** Title, body content, headers/footers.
* **Calendar events:** Title, denoscription, attendees information.
* **Emails:** Subject, body text, attachments name/content.
...


You must test **EVERY** source to find a viable injection point.

The Workflow is really simple:
1. Plant a malicious instruction in an input source (e.g., an email sent to the victim).
2. Ask the AI to review or summarize that source.
3. If the AI executes the hidden instruction rather than just summarizing it, the app is likely vulnerable.

---

### 3. The Attack

Once you have an injection point, there are two main impact categories to investigate:

**A. Action Triggering**
Forcing the AI to take unconfirmed actions on a victim's account/data without their consent.
* *Examples:* Updating a calendar event, deleting an email, sending a Slack message, etc.

**B. Data Exfiltration**
Forcing the AI to send a victim's sensitive info to an external server you control.
* *Example:* Using Markdown image rendering to hit your server, [Joining Zoom meetings](https://arxiv.org/html/2508.12175v1#:~:text=5.5.2,User%20via%20Zoom%20), etc.

Based on your research in Step 1, identify high-value targets and construct your payloads accordingly.

It is not hard, but it requires a creative and persistent mindset.

---

### Resources

If you want to dive deeper, check out these presentations:

* [Hack to the Future (Kudelski Security)](https://kudelskisecurity.com/research/hack-to-the-future-slides-and-content)
* [Invitation Is All You Need (DEF CON 33)](https://arxiv.org/html/2508.12175v1)
* [When Guardrails Aren't Enough (Black Hat USA 25)](https://i.blackhat.com/BH-USA-25/Presentations/USA-25-Brauchler-When-Guardrails-Arent-Enough.pdf)

Thanks for reading. Happy hunting!

https://redd.it/1pzfo7t
@r_bugbounty

Should i trust chatgpt to learn cybersecurity?

Hey Reddit,

I’m interested in learning cybersecurity, but I’m debating how much I should rely on ChatGPT as a learning resource. I know it can explain concepts, give step-by-step guidance, and even simulate some labs, but I’m worried about:

* **Accuracy:** Could it give outdated or wrong info?
* **Depth:** Can it replace actual courses, books, or hands-on practice?
* **Safety:** If I follow its instructions, could I accidentally do something unsafe or illegal?

Has anyone here used ChatGPT to learn hacking, pentesting, or general cybersecurity skills? How reliable was it, and what would you recommend combining it with (labs, tutorials, YouTube, courses, etc.)?

I want to make sure I’m learning correctly without picking up bad habits or misinformation.

Thanks in advance!

https://redd.it/1pzgsej
@r_bugbounty

Selling WAHH 2
https://redd.it/1pzj5x0
@r_bugbounty

Meta rejected container escape + AWS creds as "safeguard bypass" - then patched everything


Found in Meta AI:
• Container escape to host
• AWS IMDS credential theft
• Root privesc (sudo NOPASSWD)
• Docker socket exposure
• Hardcoded AWS keys

Meta's response:
1. "AI hallucination" ❌
2. patches everything
3. "Safeguard bypass - not eligible" ❌

You don't patch hallucinations.
Container escape ≠ Prompt injection.

Full evidence thread:
https://x.com/zektheproisback/status/2005950750430495069

Anyone else experienced this?


https://redd.it/1pzfy6x
@r_bugbounty

What’s the best way to introduce someone to bug bounty?

Hi! For those who’ve taught bug bounty to a friend, sibling, or anyone else, how did you get them started? What did you teach first? And do you now collaborate on bug bounty hunting?

I’m asking because I jumped straight into bug bounty myself without really learning the fundamentals first, and while I got lucky and learned along the way, it was rough and led to a lot of burnout. I don’t want to put someone else through that, so I’m curious how others approached teaching it properly.

https://redd.it/1pzrx8t
@r_bugbounty

VDP Stored XSS on out-of-scope URL

I found a stored xss vulnerability on a subdomain on a VDP. I was confused by the scope saying :

*.theVulnerableWebsite.com (IN SCOPE)

but few lines after :

*.theSubdomain.theVulnerableWebsite.com (OUT OF SCOPE) <- which is the subdomain I exploited

It is too late and my payload is now stored and displayed on multiple pages of their site.

I reported it anyway but what could be the consequences ?

https://redd.it/1pzydnt
@r_bugbounty

How I'll write REPORTs without keyboard
https://redd.it/1q0602m
@r_bugbounty

I have a question regarding account squatting

So few weeks ago i was bug hunting on a site , it allowed free sign ups and i signed in with my email , the auth process seemed fine , but when changing the email address from inside the profile , the site changed the email address and sent a verification mail to the new email , some functions were blocked but i could set the 2fa to a mobile number or an app , this way i could effectively create and lock the victim's email if it was not registered before . Even if the victim tried to use forgot password option to change password, the 2fa made it impossible to recover


This was rated informational , but i think this qualifies for account squatting , can you give your thoughts ?

https://redd.it/1q05yhr
@r_bugbounty

Asking triagers About OWASP-A6-Security Misconfiguration

Is it relevant to make a report with this specific vulnerability when a complete OpenAPI specification for the backend is publicly accessible ?

In my case it reveals every admin/ internal/ endpoints, data structures (schemas) on a test backend.

https://redd.it/1q0db38
@r_bugbounty

Gemini prompt

I found a prompt in gemini that makes it loop and go forever without stoping can i get smt or no?

https://redd.it/1q0et0h
@r_bugbounty

Best way to write reports

Im a newbie and im looking at ways to efficiently write reports. Have seen some tools (ghostwriter, Sysreptor?) which helps in writing reports. What do y'all use for report writing?

https://redd.it/1q0fglj
@r_bugbounty