On Exposed Jira Dashboards

While doing my own research recently, I discovered exposed Jira dashboards for several companies. While there is no guarantee that those companies own those dashboards, it is a reasonably safe assumption to make. Circle K: https://circlek.atlassian.net/jira/filters?searchName=&Search=Search&filterView=search Waterstones: https:…

January 2021 - My first bounty

The first bounty is a milestone that many hope to hit. It marks the starting line for a lot of bug bounty hunters today. Mine was interesting. For privacy's sake, I won't disclose the company. My first bug was an IDOR. IDOR stands for Insecure Direct Object Reference - that…