Bug Bounty Reports Discussed The mindset for finding highs and crits in bug bounty with JR0ch17
May 14, 2025
Jasmin “JR0ch17” Landry, a former security manager turned full-time bug bounty hunter, shares her journey from sysadmin to vulnerability expert. She discusses effective learning methods and her strategy for prioritizing critical findings. Jasmin highlights various vulnerabilities she hunts, including SSRF and OAuth issues, and offers insights on using job postings for technology guessing. With an emphasis on hands-on practice and structured recon, she reveals her approach to finding high-impact vulnerabilities while maintaining work-life balance.
AI Snips
Chapters
Books
Transcript
Episode notes
Spray SSTI With Targeted Payloads
- Test SSTI broadly: place tailored payloads across inputs and adapt syntax to backend template engines to bypass filters.
- Use match-and-replace rules and polyglots for client-side templates to increase hit rates.
Use Simple Tests And Recon For SQLi
- Test for SQLi with simple inputs like a single quote and observe behavior; use SQLMap for quick exploitation when detected.
- Use job postings and public docs to guess backend databases and tailor payloads accordingly.
Find Hidden XML Parsers
- Look for XML-based features beyond obvious uploads (e.g., XLIF, sitemaps, CXML) and inject XXE payloads where parsers accept those formats.
- Test internal DTD techniques as external DTDs may be blocked but internal entities can still work.
