API
- If you are testing a JSON endpoint, always try to change one letter in the parameter names to make them invalid. I had quite a few cases where the server thrown back an error with all of the accepted parameters.
- Leak PII sensitive API Users DATA with URL Path Permutations: /api/users/[email protected] -> /api/users/..%[email protected] or /api/account/123/ -> /api/account/..%2F..%2F123 Enjoy! #bugbountyTip #bugbounty@bugbounty_world #BtyPlz #infosec

Last modified 1yr ago