{"uuid": "91ce00c1-4a4f-48b6-8d37-7a76545cf897", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-5902", "type": "seen", "source": "https://t.me/bhhub/86", "content": "#BugBountyTips of the Day\nComplete Application Secure against IDOR still found one IDOR 1) capture request to delete user data 2) change method from DELETE=>GET 3)  send request and observe that you are able to view data  4) change I'd with other user's & observe #bugbountytips #hacker #bugbountywriteup\n---\nFavorite bugs found by me and disclosed this year:  \u2022 CVE-2020-5902 - RCE in F5 BIG-IP \u2022 CVE-2019-19781 - RCE in Citrix ADC \u2022 CVE-2020-3452 and CVE-2020-3187 - Path Traversal in Cisco ASA  I hope I've made this world a little safer\ud83d\ude42 #bugbounty\n---\nAlways try to log in while removing your username/email and sending only a password. If you're lucky, the backend will take the password alone, check it against the database, and log you into the first matching account, which leads to account takeover. #bugbountytips\n---\nTOP 20 Weakness from HackerOne disclosed Reports  (From 9k disclosed reports)  Are u there? \ud83d\ude06  Just playing a little with these json files from diclosed reports.   https://t.co/A9C3S95uIR #bugbountytips  https://t.co/PFt1iUBjSe", "creation_timestamp": "2020-12-31T13:37:04.000000Z"}