Hello to all Security Researchers and Bug Hunters who is reading this blog, Im Jefferson Gonzales also new in bug hunting, so without wasting your time lets beggin

First I used dork to find a Responsible Disclosure Program and while searching I found foxit.com

I created an account on foxit.com and exploring the functionalities but I found nothing inside, then I logout my account and testing the forgot password functionality.


Good day to all Bug Hunters again I’m Jefferson Gonzales and today I will share my findings on Hashnode.com

On July 30 my friend Shuvam Adhikari posted a writeup on how he got a SWAG from Hashnode.com so after reading he’s writeup I also try to hunt on Hashnode.com and I found Open Redirect Vulnerability

When I login to Hashnode.com I found this parameter

https://hashnode.com/login?next=/settings

When I login my account it redirect me to

https://hashnode.com/settings

Then I change the value of ?next= parameter to http://google.com

https://hashnode.com/login?next=http://google.com

Then login again my account and it redirect me to Google.com this confirm that…


Good day to all Security Researchers and Bug Hunters again Im Jefferson Gonzales and today I will share my writeup about my findings on HackerEarth and how I got a SWAG from them, so without wasting your time lets begin

First step is recon, so I collected all the subdomains of HackerEarth then I check it all manually and one of their subdomain caught my attention, sorry but I can’t disclose the subdomain, so lets name it test.hackerearth.com

In test.hackerearth.com you can Signin and Signup, first I signup and redirect me to Dashboard area, then I hunt for CSRF but…


Hello to all Bug Hunters and Security Researchers I’m Gonz a newbie in Bug Hunting and this is my first writeup on my first bug I found and I want to say sorry for my bad english

First I started participating on SQLi, XSS, and Pentest challenge in Facebook Groups and that time I don’t know what is Bug Bounty. Because I don’t have a laptop I only used my android phone for searching on google and youtube for tutorials in SQLi and XSS, months later I know some tricks about that, one day I saw my friend posted on…

Jefferson Gonzales

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store