bugbountygroup | Unsorted

Telegram-канал bugbountygroup - Bug bounty chat

2114

Talk and help about bugbounty

Subscribe to a channel

Bug bounty chat

Hm doesn't matter to me

Читать полностью…

Bug bounty chat

Damn! Living in Europe and earning in USD is not a good tradeoff according to a lot of people because of the exchange rate. Is it true?

Читать полностью…

Bug bounty chat

I'm from Europe. I also have experience in black hat hacking 🥲

Читать полностью…

Bug bounty chat

I'm trying to do that rn. I have experience in programming as well but the job market is very tough as u said

Читать полностью…

Bug bounty chat

Ikr! But when I see how little the job holders are getting paid nowadays, it's such a turn off! And also the job market is really really tough these days

Читать полностью…

Bug bounty chat

I think I'm gonna become a bug bounty hater too. It has a lot of negative impact on life.

Читать полностью…

Bug bounty chat

But I am afraid if they mark it as N/A, I am gonna lose reputation and signal 🥲

Читать полностью…

Bug bounty chat

But didn’t report it yet as I am not sure if they will accept it.

Читать полностью…

Bug bounty chat

Damn! That's absolutely ridiculous!

One guy from discord told me a story about a similar situation. One of his friends found a bug on MacDonald's website in the + - section of cart. He can increase quantity as many as he wants without changing the price.
He reported it to MacDonald but MacDonald didn’t pay them anything so he started to mass tweet about it, and finally MacDonald gave in and paid them. MacDonald was pissed off because of the mass tweets and also the guy ordered a lot of free food abusing the bug. 😆
He suggested that I do it too.

I am gonna open a resolution on the report, and if I don't get anything Imma head over to twitter.

Читать полностью…

Bug bounty chat

I can send thousands of emails using a password reset endpoint of a private bug bounty program. There's also authentication bypass (I can register with any email I do not own e.g. elon@tesla.com).
It is usually a p2 since I wrote an exploit, I can use it as a mass scale attack. But they give it a p5 lol I really hate this

Читать полностью…

Bug bounty chat

👾Mastering Exploit Development & Metasploit – A Step-by-Step Guide👾

Читать полностью…

Bug bounty chat

Hello hello,

I published new bug bounty writeup. Have a read. Please share and clap.

https://vijetareigns.medium.com/email-and-home-address-disclosure-using-unauthenticated-api-endpoint-worth-500-4a497ff0678c

Читать полностью…

Bug bounty chat

Hey, so I have found a vulnerability on a website from HackerOne. The webapp basically helps its users to transfer crypto currency from one place to another.
The vulnerability allows a low level user on the team to view the crypto wallet addresses which were added by the admin of the team. Also, the vulnerability leaks billing details(PII-full name, street address, zip code, city etc.) of the admin in the same http response.

I reported the bug with a clear PoC. But the H1 triager closed this as an informative saying that there is no significant security impact of this bug.

It just went over my head that how exposing wallet addresses along with PII of an admin does not pose security impact. I am really stunned.

Can someone suggest me what should I do in this situation?

Читать полностью…

Bug bounty chat

Can someone help me?

Читать полностью…

Bug bounty chat

https://mega.nz/folder/96AhRazA#Qci5-I29JIQobl4btJ7w0g

Читать полностью…

Bug bounty chat

You just go and find e.g exposed WordPress admin creds on the dark web, then put your webshell in it.
But bug bounty!? Argh

Читать полностью…

Bug bounty chat

But bug bounty is a lot harder and the uncertainty is a real deal

Читать полностью…

Bug bounty chat

I don't have much experience in Programming, but gonna learn it anyways

Читать полностью…

Bug bounty chat

I am thinking of moving to pen tester in future

Читать полностью…

Bug bounty chat

Testing for 50 hours and all you got is n/a and dupe

Читать полностью…

Bug bounty chat

Right 🥲 ngl working for a company a lot better than this

Читать полностью…

Bug bounty chat

I think you should report it

Читать полностью…

Bug bounty chat

I also found a bug on a popular site in which you can bypass 2fa in Password Change and can send spam emails to any users which will block them for a certain time from changing their password.

Читать полностью…

Bug bounty chat

It is significant 🥲🥲🥲 darn

Читать полностью…

Bug bounty chat

Well this is privacy violation 😅
I also found similar things but they closed it as informative and they fixed it after closing it 😆 toxicity of bug bounty

Читать полностью…

Bug bounty chat

https://www.linkedin.com/posts/abdullah-parvez-95a8a926b_exploit-development-and-metasploit-activity-7272499074627461121-cLry?utm_source=share&utm_medium=member_android

Читать полностью…

Bug bounty chat

P.S. the wallet addresses and the PII are hidden from the low level users on the frontend.

Читать полностью…

Bug bounty chat

Dm me for free bug site

Читать полностью…

Bug bounty chat

Thank you brother ❤️

Читать полностью…

Bug bounty chat

https://mega.nz/folder/96AhRazA#Qci5-I29JIQobl4btJ7w0g

Читать полностью…
Subscribe to a channel