Crius

You can look for DoS vulnerabilities for any reason such as for bug bounty program,delete privacy infringement site,phishing site or the classic Lulz:) I don’t encourage illegal hacking so the techniques on this blog are for educational purposes only.All the findings were reported to bug bounty programs and fixed.for obvious reasons the programs won’t be named. 1.Long password  Sending long password on signup of two sites brought down the sites. Fix:having password length limit  Bounties:$500 ,$250 2.cache poisoning  A site running on drupal 7 with misconfigured WAF(cloud flare) could be ddosed by sending alot(50+ requests) on path ?id=11 After this finding I went to look for such misconfigurations which netted over 20 reports in 2 months Another instance of cache poisoning was via a header with malformed value such as : x-forwarded-port: xxx12. 3.wordpress CVE-2018-6389 Running the script at   https://github.com/quitten/doser.py   could bring down Wordpres...