@bxmbn I get a lot of questions on how I Find XSS, What is My “Methodology” , What Tools I use, etc. I want to start by saying that all my Hunting is 100% Manual, I don’t use Automated Tools or Anything of the Nature. If you are a Beginner…

@bxmbn I will be sharing my “Methodology” from start to end when looking for Cache Issues, then I will share recent Real-Cases Scenarios with their respective Bounties. It is worth sharing that I don’t use Automated tools to find these issues. …

@bxmbn — Cache Poisoning DoS Via X-Forwarded-Scheme Header Bounty: 3,000 I didn’t know this was a thing, until i saw @iustinBB ’s a blog about their research on Cache Poisoning Cache Poisoning at Scale Sending the x-forwarded-scheme: http header would result into a 301 redirect to the same location. If the response was cached by a CDN…

@bxmbn — A Nice Way To Hide XSS Bounty: $2,000 While Google Dorking, i found a particular URL, but this time, was not being cached, but if i added an cacheable extension file (.js , .css) at the end of URL, it would cache the response. Now, all i needed was to found a XSS. I found an…

@bxmbn — Cache Poisoning To Stored XSS Bounty: $6,300 This was actually my first Cache Poisoning, I initially reported it as a cache Deception issue, because that is all i knew about caching exploits at that time, and the reason how and why this ended up being triaged and awarded as a Cache Poisoning to Stored XSS…