Bug bounty chat

12 Dec 2024 03:08

I can send thousands of emails using a password reset endpoint of a private bug bounty program. There's also authentication bypass (I can register with any email I do not own e.g. elon@tesla.com).
It is usually a p2 since I wrote an exploit, I can use it as a mass scale attack. But they give it a p5 lol I really hate this

Bug bounty chat

11 Dec 2024 07:45

👾Mastering Exploit Development & Metasploit – A Step-by-Step Guide👾

Bug bounty chat

10 Dec 2024 04:09

Hello hello,

I published new bug bounty writeup. Have a read. Please share and clap.

https://vijetareigns.medium.com/email-and-home-address-disclosure-using-unauthenticated-api-endpoint-worth-500-4a497ff0678c

Bug bounty chat

09 Dec 2024 15:07

Hey, so I have found a vulnerability on a website from HackerOne. The webapp basically helps its users to transfer crypto currency from one place to another.
The vulnerability allows a low level user on the team to view the crypto wallet addresses which were added by the admin of the team. Also, the vulnerability leaks billing details(PII-full name, street address, zip code, city etc.) of the admin in the same http response.

I reported the bug with a clear PoC. But the H1 triager closed this as an informative saying that there is no significant security impact of this bug.

It just went over my head that how exposing wallet addresses along with PII of an admin does not pose security impact. I am really stunned.

Can someone suggest me what should I do in this situation?

Bug bounty chat

09 Dec 2024 08:40

Can someone help me?

Bug bounty chat

08 Dec 2024 23:38

https://mega.nz/folder/96AhRazA#Qci5-I29JIQobl4btJ7w0g

Bug bounty chat

08 Dec 2024 22:28

https://www.pluralsight.com/courses/advanced-web-application-penetration-testing-burp-suite

Bug bounty chat

07 Dec 2024 17:21

With cracked burp suite

Bug bounty chat

07 Dec 2024 14:24

Nahamsec course are not bad in udmey

Bug bounty chat

06 Dec 2024 07:48

anyone know sitecore api key exploit?

Bug bounty chat

05 Dec 2024 15:57

https://vijetareigns.medium.com/pii-disclosure-worth-750-758b72e7e8ca

Bug bounty chat

03 Dec 2024 18:20

My mind is overcooked 😅

Bug bounty chat

03 Dec 2024 16:11

Good book for starting bug bounty
I have experience in development

Bug bounty chat

02 Dec 2024 02:44

https://www.linkedin.com/posts/abdullah-parvez-95a8a926b_qoumi30dayschallange-linux-cybersecurity-activity-7269160563073531904-7KKH?utm_source=share&utm_medium=member_android

Bug bounty chat

30 Nov 2024 15:02

Please clap and share.

Bug bounty chat

12 Dec 2024 03:06

Well this is privacy violation 😅
I also found similar things but they closed it as informative and they fixed it after closing it 😆 toxicity of bug bounty

Bug bounty chat

11 Dec 2024 07:45

https://www.linkedin.com/posts/abdullah-parvez-95a8a926b_exploit-development-and-metasploit-activity-7272499074627461121-cLry?utm_source=share&utm_medium=member_android

Bug bounty chat

09 Dec 2024 15:10

P.S. the wallet addresses and the PII are hidden from the low level users on the frontend.

Bug bounty chat

09 Dec 2024 12:40

Dm me for free bug site

Bug bounty chat

09 Dec 2024 03:15

Thank you brother ❤️

Bug bounty chat

08 Dec 2024 22:31

https://mega.nz/folder/96AhRazA#Qci5-I29JIQobl4btJ7w0g

Bug bounty chat

08 Dec 2024 12:04

Anyone using hackerone please message me.

Bug bounty chat

07 Dec 2024 17:20

I have 3 bug bounty course

Bug bounty chat

07 Dec 2024 12:47

I want bug bounty course

Bug bounty chat

06 Dec 2024 05:50

https://www.linkedin.com/posts/abdullah-parvez-95a8a926b_qoumi30dayschallange-cybersecurity-wireshark-activity-7270658949559787521-QV8o?utm_source=share&utm_medium=member_android

Bug bounty chat

05 Dec 2024 04:54

https://www.linkedin.com/posts/abdullah-parvez-95a8a926b_qoumi30dayschallange-networkingbasics-tcpvsudp-activity-7270274879935905794-qrz6?utm_source=share&utm_medium=member_android

Bug bounty chat

03 Dec 2024 17:36

Burp suite academy, it's a website

Bug bounty chat

02 Dec 2024 10:28

https://vijetareigns.medium.com/how-automation-detected-default-admin-credential-worth-500-d6c09719d307

Bug bounty chat

01 Dec 2024 12:19

Dm to get free sureship tampering site

Bug bounty chat

30 Nov 2024 15:02

Hello guys,
I just released a new Bugbounty writeup.

https://vijetareigns.medium.com/delete-account-functionality-helped-me-earn-250-21baa23c4034