Hello Folks 👋,

Parth, this side from BUG XS team. In this blog I am going to discuss about GraphQL Injection. You can find my other write-ups here.

We discuss more about GRAPHQL exploitation in our bug bounty batches.DM BUG XS for more info ❤

Let’s get started🙌

ABOUT GRAPHQL

As we recognize GraphQL became initially advanced and used by Facebook as an internal query language and so the capabilities of GraphQL on the whole revolve around internal and improvement regions. GraphQL executes queries that uses type system with the data described. …


Hello Folks 👋,

Parth this side from BUG XS team. In this blog I am going to explain how I found an account takeover issue on a domain. Let’s jump into vulnearblity without things like I woke up today and decided…, went for a coffee… and blah blah blah 😂

OAUTH MISCONFIGURATION

So, This is the first and foremost bug I check as soon as I see OAuth functionality. Here are the steps that you can follow to reproduce the issue. This is also regarded as P3 vulnerability in Bugcrowd Taxonomy. Also, This attack is known as Pre-Account Takeover.

  1. Create a account…


Hello Folks 👋,

Parth this side from BUG XS team.In this blog we are going to discuss about Simple Network Management Protocol(SNMP) and SNMP polling which is an active visibility technique.

Do a clap if you found this knowledgeable.🙌

What is Simple Network Management Protocol(SNMP)?

SNMP is used in network management for monitoring the network.It helps to gather and organize information about devices present in the network.

What does SNMP do?

  1. Collects and organize device information on the Network.
  2. Gather information from : Switches, Routers,Wireless Access Point, Firewalls, VPN Connectors, Cloud Providers.
  3. Information can be CPU usage on device,Memory Usage…


Hello Folks 👋,

Parth this side from BUG XS team.In this blog I am going to explain about Deep Packet Inspection (DPI). Unlike my other write ups this is not a bug-bounty write up. This blog is related to Cybersecurity.

Clap if you find this knowledgeable and productive🙌

Let’s Start!

Deep Packet Inspection (DPI) is a kind of Data Analysis Method that inspects data being sent over a computer network in details. In Traditional Packet inspection we just look at headers,but in Deep Packet Inspection (DPI) we inspect data part as well. …


Hello Folks 👋,

Parth, this side from BUG XS team. In this blog I am going to discuss about Host header attack for Open Redirection. This blog is for someone who has just started into bug bounty. If you have any queries , do reach us out here.

As a community we regularly post tips and tricks for bug bounty hunting on our Instagram and Linked in profiles. Do check it out. ❤

Steps to find out Host Header Attack vulnerability

  • This attack can be done if URL is having status code 2xx or 3xx.(where xx represent any number)
  • Spider…


Hello Folks 👋,

Welcome again! Parth this side from BUG XS team.

I hope you got some information from my previous writing on Account Takeover Vulnerability. Today, I am going to discuss about a vulnearblity that I found on one of the most reputed airline company. At the end of the write up I have provided a video link that will help you to find sensitive data on the domain.

BUG XS community in their bug bounty batches teach some amazing ways to find out different vulnerabilities ranging from Open Redirect to XXE 💛. So, if you have any queries…

Parth Shukla

Bug Bounty hunter , Security Analyst, Bug XS Community Leader

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store