Bug bounty chat

26 Apr 2024 18:11

do you mean that command is executed but no output?

Bug bounty chat

26 Apr 2024 10:05

Thanks for the clarification.
Unfortunately, the program staff sent a message after he Traiged it few hours after submission that the emails and usernames are dummy data by retool but he hasn't close the report.

Bug bounty chat

26 Apr 2024 06:24

That's a medium at best yeah

Bug bounty chat

26 Apr 2024 00:54

It was containing a lot of PII

Bug bounty chat

26 Apr 2024 00:33

The report is still open in Traiged state. What is likely to happen?

Bug bounty chat

25 Apr 2024 23:24

Can someone share methodology please

Bug bounty chat

25 Apr 2024 19:12

i can upload file to s3 for guest section to file like shell.php it worked but when trying to open it downloads the file directly

Bug bounty chat

25 Apr 2024 17:30

Rebyata, davaite uchit ruckiy yazik

Bug bounty chat

24 Apr 2024 10:45

Has anyone came across this?

Bug bounty chat

24 Apr 2024 06:26

You're right bro.
Thanks 😊

Bug bounty chat

24 Apr 2024 05:59

If you can then try to escalate it more because the company needs to know how knowing all these credentials can affect them.

Bug bounty chat

24 Apr 2024 05:33

Hello Hunters, I got NREUM loader account id, trustkey, agentid, license key and application id in a hardcoded source code. Should I report?

Bug bounty chat

23 Apr 2024 23:05

Yo does anyone know any bug bounty platforms that pay through crypto, I'm new to this

Bug bounty chat

22 Apr 2024 21:04

This blog might help you for the Role Based Access Control Bypass
Link 🔗: https://www.google.com/url?sa=t&source=web&rct=j&opi=89978449&url=https://www.bugbountyhunter.com/hackevents/report%3Fid%3D885&ved=2ahUKEwiEuLWqwdaFAxUhzzgGHaOdB-EQFnoECCAQAQ&usg=AOvVaw1_Sbdrsv1Awf3jzfgsz34V

Bug bounty chat

22 Apr 2024 12:06

Thanks for the response.

I actually reported it and it was changed from critical to medium (Traiged) but I'm not okay with it being a medium.
The js file reveals a lot of endpoints too but whenever I try accessing the endpoints, it shows authentication token missing.

Bug bounty chat

26 Apr 2024 12:52

hello write me on russian language and i maybe help u. Because my english is very bad and i don`t understood you

Bug bounty chat

26 Apr 2024 08:38

Yeah he is right.
Majority of PII goes to Medium unless you can use it to escalate more like if email is associated with anyone in the company and using that email you Bypass some admin or higher authority.
That's when it goes for critical or high!

Bug bounty chat

26 Apr 2024 00:56

Name and email addresses

Bug bounty chat

26 Apr 2024 00:44

Why would that be critical

Bug bounty chat

26 Apr 2024 00:33

Got a response that's it's actually a retool dummy data.
💔😣

Bug bounty chat

25 Apr 2024 19:12

its exutes its code also

Bug bounty chat

25 Apr 2024 17:42

Hi all, does anyone have an external peneteation testing checklist? If you have pls share it.

Bug bounty chat

25 Apr 2024 11:44

https://infosecwriteups.com/hack-stories-hacking-hackers-ep-3-11b1f0e002e8

Bug bounty chat

24 Apr 2024 07:32

https://book.cipherops.tech/bug-bounty-notes/readme/cipherops

Bug bounty chat

24 Apr 2024 06:01

You may report It but I'm 90% sure they will say the same!
And remaining 10% they might give you bounty or points or mark it as informative if it does not effect them.

Bug bounty chat

24 Apr 2024 05:42

Treat as urgent please 🙏

Bug bounty chat

23 Apr 2024 23:33

xss.is / exploit.in 😂
——
it's a joke btw

Bug bounty chat

23 Apr 2024 06:37

new writeups !!!

View billing information using IP Rotation!

Read - https://rhymeus.blog/2024/04/view-billing-information-using-ip.html

Bug bounty chat

22 Apr 2024 12:07

I also came across a RBAC. Any idea on how to bypass? I don't think fuzzing would help

Bug bounty chat

22 Apr 2024 11:22

Just search wordlist for the purpose you want there are many GitHub pages with great wordlists or you can use Chatgpt to create one for you ✌🏻🌚