Bug bounty chat

09 Dec 2024 15:07

Hey, so I have found a vulnerability on a website from HackerOne. The webapp basically helps its users to transfer crypto currency from one place to another.
The vulnerability allows a low level user on the team to view the crypto wallet addresses which were added by the admin of the team. Also, the vulnerability leaks billing details(PII-full name, street address, zip code, city etc.) of the admin in the same http response.

I reported the bug with a clear PoC. But the H1 triager closed this as an informative saying that there is no significant security impact of this bug.

It just went over my head that how exposing wallet addresses along with PII of an admin does not pose security impact. I am really stunned.

Can someone suggest me what should I do in this situation?

Bug bounty chat

09 Dec 2024 08:40

Can someone help me?

Bug bounty chat

08 Dec 2024 23:38

https://mega.nz/folder/96AhRazA#Qci5-I29JIQobl4btJ7w0g

Bug bounty chat

08 Dec 2024 22:28

https://www.pluralsight.com/courses/advanced-web-application-penetration-testing-burp-suite

Bug bounty chat

07 Dec 2024 17:21

With cracked burp suite

Bug bounty chat

07 Dec 2024 14:24

Nahamsec course are not bad in udmey

Bug bounty chat

06 Dec 2024 07:48

anyone know sitecore api key exploit?

Bug bounty chat

05 Dec 2024 15:57

https://vijetareigns.medium.com/pii-disclosure-worth-750-758b72e7e8ca

Bug bounty chat

03 Dec 2024 18:20

My mind is overcooked 😅

Bug bounty chat

03 Dec 2024 16:11

Good book for starting bug bounty
I have experience in development

Bug bounty chat

02 Dec 2024 02:44

https://www.linkedin.com/posts/abdullah-parvez-95a8a926b_qoumi30dayschallange-linux-cybersecurity-activity-7269160563073531904-7KKH?utm_source=share&utm_medium=member_android

Bug bounty chat

30 Nov 2024 15:02

Please clap and share.

Bug bounty chat

29 Nov 2024 05:33

Dm to get free sureship tampering site

Bug bounty chat

27 Nov 2024 11:08

https://vijetareigns.medium.com/pii-disclosure-worth-750-758b72e7e8ca

Bug bounty chat

26 Nov 2024 15:01

looking for private Indian retirees database or government database.

Bug bounty chat

09 Dec 2024 12:40

Dm me for free bug site

Bug bounty chat

09 Dec 2024 03:15

Thank you brother ❤️

Bug bounty chat

08 Dec 2024 22:31

https://mega.nz/folder/96AhRazA#Qci5-I29JIQobl4btJ7w0g

Bug bounty chat

08 Dec 2024 12:04

Anyone using hackerone please message me.

Bug bounty chat

07 Dec 2024 17:20

I have 3 bug bounty course

Bug bounty chat

07 Dec 2024 12:47

I want bug bounty course

Bug bounty chat

06 Dec 2024 05:50

https://www.linkedin.com/posts/abdullah-parvez-95a8a926b_qoumi30dayschallange-cybersecurity-wireshark-activity-7270658949559787521-QV8o?utm_source=share&utm_medium=member_android

Bug bounty chat

05 Dec 2024 04:54

https://www.linkedin.com/posts/abdullah-parvez-95a8a926b_qoumi30dayschallange-networkingbasics-tcpvsudp-activity-7270274879935905794-qrz6?utm_source=share&utm_medium=member_android

Bug bounty chat

03 Dec 2024 17:36

Burp suite academy, it's a website

Bug bounty chat

02 Dec 2024 10:28

https://vijetareigns.medium.com/how-automation-detected-default-admin-credential-worth-500-d6c09719d307

Bug bounty chat

01 Dec 2024 12:19

Dm to get free sureship tampering site

Bug bounty chat

30 Nov 2024 15:02

Hello guys,
I just released a new Bugbounty writeup.

https://vijetareigns.medium.com/delete-account-functionality-helped-me-earn-250-21baa23c4034

Bug bounty chat

27 Nov 2024 16:21

PORT STATE SERVICE
80/tcp open http
443/tcp open https
5060/tcp open sip
5061/tcp open sip-tls
5222/tcp open xmpp-client
8443/tcp open https-alt

how can i exploit

Bug bounty chat

27 Nov 2024 09:26

В сеть утекла база данных 1win.

На днях на форуме Exploit появился тред, куда новоиспеченный юзер залил несколько ссылок на интересные архивы:

— Таблица с данными пользователей на 95млн строк
— Таблица с данными партнеров 500к строк
— Таблица депозитов 450млн строк
— Таблица выводов на 80млн строк🤡

Среди слитой информации есть реальные имена, телефонные номера, балансы игроков и партнеров, телеграм-аккаунты и многое другое. На владельца 1win даже сделали деанон😁.

Данные приближенных сотрудников также слили, вплоть до мобильных номеров.

P.S 450млн депозитов и 80млн выводов…

🧑‍💻Этичный Хакер

Bug bounty chat

26 Nov 2024 13:25

Aao track pant hellicopter wagera ki bug site (sure ship) available