Bug bounty chat

10 Aug 2023 17:39

i think it depends on company, i would recommend to check if there was similar reports or if company actually paid for out of scope issues before.

Bug bounty chat

10 Aug 2023 12:01

Guys i found a severe vulnerable but it's out of scope should i report it the vuln is opening admin panel and full control of the subdomain and server's files

Bug bounty chat

10 Aug 2023 06:27

well that’s sad but still gives no right to actually exploit it 😔

Bug bounty chat

10 Aug 2023 06:25

nah it’s type of playing stupid games winning stupid prizes if you really order something off of them. The consequences might be really dire. If I were in your shoes, I’d rather go report it again 😌

Bug bounty chat

10 Aug 2023 06:23

yes do you want to try?

Bug bounty chat

10 Aug 2023 05:49

they did not fix it😆 its almost 2 years since i found this

Bug bounty chat

09 Aug 2023 19:40

You can. Owasp zap shows you the vulnerability. All you have to do is replicate it on your end which should be pretty easy

Bug bounty chat

09 Aug 2023 14:43

do you have youtube video explain how i use owasp.zap tool to give it to hackerone soory my english too bad

Bug bounty chat

09 Aug 2023 14:40

and a poc if it require

Bug bounty chat

09 Aug 2023 13:32

I found store account takeover

Bug bounty chat

08 Aug 2023 19:24

It was in my checkout page no one can see it so yeh no point

Bug bounty chat

08 Aug 2023 08:28

i can able to alert any user who visit the shop

Bug bounty chat

08 Aug 2023 05:33

i found POST based XSS and only me i can see it they didn't give me nothing

Bug bounty chat

08 Aug 2023 05:15

Hi guys what would you recommend me to do to get into bug bounty, I've done some pentesting (TryHackMe, HackTheBox) but I'm open to any suggestions or advices

Bug bounty chat

08 Aug 2023 03:06

does stored xss can be rejected?

Bug bounty chat

10 Aug 2023 12:21

Nope. If in bb programm it is out-of-scope, high risk that your vuln will be unpaid

Bug bounty chat

10 Aug 2023 06:30

yes. otherwise its a valid bug

Bug bounty chat

10 Aug 2023 06:26

i reported it 5 times they did not response

Bug bounty chat

10 Aug 2023 06:23

quantity tampering easy to find

Bug bounty chat

10 Aug 2023 06:01

it’s just 50% off from their boss 😅

Bug bounty chat

09 Aug 2023 23:56

For Any one who want to share a payload or find one 🤗 : @wildpayloads

Bug bounty chat

09 Aug 2023 14:51

Is It possibile ti use owasp zap in hackerone bug bounty?

Bug bounty chat

09 Aug 2023 14:41

screen recordign or screenshot

Bug bounty chat

09 Aug 2023 13:42

hi guys if i found a bug with owasp.zap tool how can i give it to hackerone

Bug bounty chat

09 Aug 2023 10:28

Is It possibile to do a subdomain takeover? Who can help me?

Bug bounty chat

08 Aug 2023 18:06

https://youtu.be/Esq3S7HFLeg

Bug bounty chat

08 Aug 2023 06:25

Pass CBBH exam on htb, first you have to complete relevant path, then you can shoot for an exam

Bug bounty chat

08 Aug 2023 05:33

if it's self XSS it's not eligible for bounty

Bug bounty chat

08 Aug 2023 03:31

i found stored xss in template and bypassing there filtration.. does self xss happen when the attacket cant send the link and cant make an alert to a victim

Bug bounty chat

07 Aug 2023 11:01

Anyone know about price tempering?