Hello everyone, do you remember the content we shared last time? In the previous article, we shared a case involving a pre-authentication takeover vulnerability and an API security vulnerability (regarding product information leakage) on an e-commerce website. Today, we will continue to share two other vulnerability cases discovered by researcher Injamam, hoping to provide some insights for everyone.

• API vulnerabilities: Exposing Content of User-Deleted Comments
• Directory brute forcing leads to information disclosure

Click here to know: E-commerce website vulnerability bounty practice sharing: Pre-Authentication takeover, API security vulnerabilities And Directory Brute Forcing（I）

Takeaways of Bug Bounty
① Be Creative
② Understanding the Application
③ Combining Techniques

Click here to know the details: E-commerce website vulnerability bounty practice sharing: Pre-Authentication takeover, API security vulnerabilities And Directory Brute Forcing（Ⅱ）