bug-bounty531
xss284
rce163
bragging-post120
google112
exploit103
account-takeover100
open-source91
microsoft82
privilege-escalation79
csrf78
cve76
authentication-bypass75
stored-xss72
facebook72
malware69
access-control65
ai-agents63
reflected-xss61
writeup57
web-security53
ssrf53
input-validation53
sql-injection49
cross-site-scripting48
phishing47
tool46
smart-contract46
defi45
ethereum45
privacy44
web-application43
cloudflare41
apple40
information-disclosure39
web338
dos38
responsible-disclosure37
llm37
lfi36
browser36
api-security35
burp-suite35
opinion35
automation34
oauth34
reverse-engineering34
vulnerability-disclosure34
machine-learning32
code-generation31
0
5/10
bug-bounty
First-time bug bounty hunter discovered XSS vulnerability on a Sony sandbox subdomain (authtry.dev2.sandbox.dev.ppf.sony.net) through subdomain enumeration using crt.sh, assetfinder, and httprobe, then exploited parameter injection on the target's index.php with a classic XSS payload.
xss
cross-site-scripting
subdomain-enumeration
bug-bounty
sony
information-disclosure
sandbox-bypass
parameter-injection
Sony
ppf.sony.net
authtry.dev2.sandbox.dev.ppf.sony.net
crt.sh
assetfinder
httprobe
dirsearch
Gökhan Güzelkokar