Live BugBounty Hunt - May 2, 2026
- icanhaspii
- May 2
- 4 min read
Updated: May 3
Bug Hunting 5/2/2026 - LIVE
We began with an overview of the importance of ethical bugbounty hunting, and the seriousness of staying in scope when bug hunting.
We were hunting around the Intigriti RedBull client: https://app.intigriti.com/researcher/programs/redbull/redbull/detail. I personally like that target because there are close to 6k (yes, that’s six thousand!) URL’s within scope, and the target doesn’t require custom headers, etc. (I still mostly “announce” myself as Integriti_Researcher just to be safe). You may view the in-scope URL's here: https://gist.github.com/RedBullSecurity/3eb88debcb01759eccf65ec2b799b340.
I mentioned that a few years back I’d taken the free 10-week BugBounty class that Nahamsec led over in his Discord channel and that at that time he had shared a hunting spreadsheet he created to keep everything organized for his notes, so I threw all of the RedBull URL’s into my own version of a similar spreadsheet, based off of what I’d done in those sessions.
We reviewed last week’s effort around the same platform (Intigriti – RedBull), which was a Domino (LotusNotes) endpoint (one of the oldest apps known to humankind imho). One of the researchers in the chat (for privacy reasons I won’t list names) used AI to find the version of Lotus Notes, so we looked up the published vulnerabilities.
We talked about how details matter when researching (and quite frankly in everything you do in life imho). I mentioned that on last week’s target, in order to look up any vulnerabilities for us to hack on, one of the things we tried was searching in: ExploitDB: https://www.exploit-db.com. I pointed out that last week I only searched for “domino” but then after the stream ended, I tried both “notes” and “lotus”, and I got back additional things to look at:



We also reviewed an older tool that is often overlooked but still works really, really well when researching 403 bypasses: https://github.com/Dheerajmadhukar/4-ZERO-3/blob/main/403-bypass.sh.
Additionally last week, just to finish our recap, we had used a really nice tool from one of our very own BugForgers, @7s26simon called VerbTamper, check it out here: https://github.com/7s26simon/VerbTamper.
Moving into this week’s hunt. I had performed some prior recon around a few of the RedBull in-scope targets, so we began with one of those: https://akkreditierung.rbleipzig.com/.
We talked about recon and an oldie but goodie that I like better than https://builtwith.com due to pricing and what you get for free...I like free 😊 https://sitereport.netcraft.com/?url=https%3A%2F%2Fakkreditierung.rbleipzig.com. We also installed the WappAlyzer browser extension last week because I was on an older VM and it wasn’t on there: https://www.wappalyzer.com.
Note: Yes, I love free tools, who doesn’t, but I would like to encourage you to give-back as much as you can. Even if it’s just a mere note to the author to say, “thank you”.
We also discussed some other free Website scanners that I like and ran our target through those:
SNYK has a scanner, and the target was rated a big fat “F” on the SNYK scan report. Surely, we thought there must be something there for us to hack on. Below is a snippet and here is the report: https://securityheaders.com/?q=https%3A%2F%2Fakkreditierung.rbleipzig.com%2F&followRedirects=on

Qualys has a scanner, and the target was rated a bit better on there with a “B”. Below is a snippet and you can read the full report here: https://www.ssllabs.com/ssltest/analyze.html?d=akkreditierung.rbleipzig.com

There are loads of other free scanning sites which we can try on our next target next week. One which I didn’t mention, I will put here to whet your appetite for next week’s live stream: https://web-check.xyz.
We did one really cool test on this target that was soooo much fun!!! It literally blew my mind (I guess it doesn’t take much LOL). We found something that wasn’t big enough to be a finding as it’s apparently pedestrian and not really a risk, but boy was it a blast! We learned it from one of the folks in the stream. Check it out...here are the steps we took:
-Launched Burp.
-Turned "Intercept" ON:

-Browsed to: https://akkreditierung.rbleipzig.com

-Over in our Burp “Intercept” tab, we made the following changes to the Cookie:
Cookie: ASP.NET_SessionId=iqhj0qcpt4ee3gixks25gjzu; ACP_SELECTED_LANG=en

to:
Cookie: ASP.NET_SessionId=iqhj0qcpt4ee3gixks25gjzu; ACP_SELECTED_LANG=Intigriti_Researcher_Was_Here

-Hit the orange "Forward" button:

-Went back to our Web browser and refreshed our page: https://akkreditierung.rbleipzig.com and..
THERE.
WAS.
OUR.
TEXT!!!!!!!!!!!!!!!!!!!!!!!!!!!

Well, we didn’t find enough else there to pique our interest, so we moved on to another in-scope RedBull URL I'd done a bit of recon around: https://portal.racingbullsf1.com/applications. This was interesting because it appeared to be a login portal for a cash app, but the URL belonged to RedBull so it was in scope:

When we clicked on “Log In”, it took us to a very interesting page: https://portal.racingbullsf1.com/applications

We performed a new SNYK site scan, and got another bit fat “F”! https://securityheaders.com/?q=https%3A%2F%2Fportal.racingbullsf1.com%2Fapplications%2F&followRedirects=on

We tried admin/admin and test/test, but as expected, nothing popped. We then moved over to Burp to review the URL’s there. Another researcher in the chat ran some of the js code through Claude and posted that output here: https://pastebin.com/7dEcHLQN.
We found some additional endpoints thanks to some folks in the chat who ran some of the js code through Claude and the Claude output is at this PasteBin: https://pastebin.com/7dEcHLQN.
So we tried the following, and a few other endpoints, but we decided after about 90 minutes to wrap: https://portal.racingbullsf1.com/applications/api/UserManagement/V1/sendReset.
We discussed a pretty well-known endpoint discovery tool that I mentioned our very own @PawPawHacks/Tom Fieber had modded, so I made an entire separate blog post about that here: https://icanhaspii.wixsite.com/bugforge/post/bug-hunting-new-tool-5-2-2026.
I learned a ton and was really touched by how many kind folks joined the chat and pitched in to help guide the hunt in a fantastic direction. I hope everyone will join me again very soon for my next stream!
##### End of Report #####


