These are few low hanging bugs that you can find on most of the web applications easily.
1. Broken Links
These are the links that are not claimed by anyone but the company has mentioned these links on the websites. These can be claimed by the attacker and he can post content in the name of the company. These links could be a domain name that is not registered, Twitter, Facebook, LinkedIn usernames, or pages that are not registered or deleted by the user.
How to find it?
Use this website to find out broken links on any website
https://www.deadlinkchecker.com/website-dead-link-checker.asp
For more info read this:- https://edoverflow.com/2017/broken-link-hijacking/
Examples:-
https://hackerone.com/reports/1031321
https://hackerone.com/reports/1117079
https://hackerone.com/reports/1239334
https://hackerone.com/reports/1343733
2. Information Disclosure Bugs
Any information which should not be disclosed publicly comes under this category. Sensitive information can be anything like a website disclosing internal directories, internal IP addresses, API keys, personal information, source code, classified documents.
How to find it?
Check robots.txt file for any hidden directories
Using Directory discovery tools(ffuf/dirsearch) to find hidden directories containing sensitive information like info.php, phpinfo.php
Using google dorks https://dorks.faisalahmed.me/#
Examples:-
https://hackerone.com/reports/321249
https://hackerone.com/reports/200079
https://hackerone.com/reports/384782
https://hackerone.com/reports/1241849
https://hackerone.com/reports/1118898
3. Session Expiration Issues
Insufficient Session Expiration occurs when a Web application permits an attacker to reuse old session credentials or session IDs for authorization. Insufficient Session Expiration increases a Web site's exposure to attacks that steal or reuse user's session identifiers.
How to find it?
Try to use old cookie after password change. If web application doesn't logout users after password change, then its vulnerable.
Examples:-
https://hackerone.com/reports/737039
https://hackerone.com/reports/1069392
4. Open Redirect
An http parameter may contain a URL value and could cause the web application to redirect the request to the specified URL. Check out this for more info about this vulnerability:-
https://www.cyberick.com/post/open-redirect-and-its-bypasses
5. ClickJacking
Clickjacking is an attack that fools users into thinking they are clicking on one thing when they are actually clicking on another. Its other name, user interface (UI) redressing, better describes what is going on. Users think they are using a web page’s normal UI, but in fact there is a hidden UI in control; in other words, the UI has been redressed. When users click something they think is safe, the hidden UI performs a different action. You can find these vulnerabilities easily.
How to find it?
Enter domain of your target in below script
<html>
<head><title>Clickjack</title></head>
<body>
<iframe src="http://www.target.site" width="500" height="500"></iframe></body>
</html>If its loading, then its vulnerable
Examples:-
https://hackerone.com/reports/405342
https://hackerone.com/reports/591432
6. CSRF(Cross-site request forgery)
Cross-Site Request Forgery (CSRF) is an attack that forces authenticated users to submit a request to a Web application against which they are currently authenticated. CSRF attacks exploit the trust a Web application has in an authenticated user. (Conversely, cross-site scripting (XSS) attacks exploit the trust a user has in a particular Web application). A CSRF attack exploits a vulnerability in a Web application if it cannot differentiate between a request generated by an individual user and a request generated by a user without their consent.
How to Find It?
Search for a feature which is performing sensitive action.
Check in Burpsuite, if requests using CSRF key or validating CSRF key
If not, then use below tools to generate CSRF POC of that request
https://security.love/CSRF-PoC-Genorator/
https://github.com/merttasci/csrf-poc-generator
Open html file and check if its performing he action.
If not, then its not vulnerable.
Examples:-
https://hackerone.com/reports/152569
https://hackerone.com/reports/177472
https://hackerone.com/reports/339352
https://hackerone.com/reports/856518
https://hackerone.com/reports/8849
https://hackerone.com/reports/1086752
Note:- These vulnerabilities will have low impact and few vulnerabilities are not accepted by many programs on Bug Bounty Platforms. So check the out of scope policy before reporting any of the vulnerability.
That's all Folks!
Thank you
Jai Hind!!!
Like, Share, Comment