Bug bounty chat

17 January 2025 05:44

Yeah it was subdomain takeover but got duplicate someone had already reported before me

Bug bounty chat

16 January 2025 16:41

Capture site TCP request

Bug bounty chat

16 January 2025 16:02

Hello
Thank you for accepting the group

Bug bounty chat

16 January 2025 09:32

Who have private program go collabaration

Bug bounty chat

16 January 2025 08:31

The email enum vulnerability is not valid according to their rules stated on the program rules

Bug bounty chat

16 January 2025 07:19

Hey everyone, so I have stumbled upon a kind of a logic bug a while back. Basically, to change the password the app requires a two step verification via email. And the user needs to solve captcha on the front end to submit their email while requesting for a password change to get a reset link on the email.

However, in the backend through burp, I can insert the email without solving the captcha about 20-25 times before getting locked out. Mind you, the app has an email enumeration bug which lets you identify if an email is registered on the app or not.

So, I can insert any user's email as many times as I want to request reset password links and lock the actual user out from resetting their passwords.

Do you think it is a valid security bug?

I'm a bit confused and scared to report because I don't wanna lose reputation by getting flagged as N/A.

Bug bounty chat

15 January 2025 17:29

https://exploit.linuxsec.org/uptimerobot-com-custom-domain-subdomain-takeover/

Bug bounty chat

15 January 2025 17:28

Sendgrid isn’t vulnerable

Bug bounty chat

15 January 2025 14:14

I sell db with 200k rows

Bug bounty chat

15 January 2025 10:35

hey i've found 2 subdomains that are reflecting subdomain takeover vulnerablity can anyone help me to confirm this vulnerability

Bug bounty chat

14 January 2025 12:51

is anyone good with cookies/jwt?

Bug bounty chat

12 January 2025 15:44

AMAZING bookmark trick

Bug bounty chat

12 January 2025 14:07

I'm looking for the apk that are used by scammers to hack people and steal otp.. wana reverse engineer it.. does someone have a latest app that a scammer sent them

Bug bounty chat

12 January 2025 12:33

https://level-level.com/wp-login.php?redirect_to=https%3A%2F%2Flevel-level.com%2Fwp-admin%2F&reauth=1

Bug bounty chat

12 January 2025 08:19

Start from basics of network and its concepts. There are few fundamentals to learn

Bug bounty chat

16 January 2025 20:07

https://www.youtube.com/watch?v=hHLCfTm8TN8

Bug bounty chat

16 January 2025 16:29

How to capture the https username and password using wireshark tool

Bug bounty chat

16 January 2025 12:36

fuzzing ke liye wordlists send karo koi plz

Bug bounty chat

16 January 2025 09:13

https://github.com/Vulnpire/Reclaim

Bug bounty chat

16 January 2025 08:10

yeah report the username enum vulnerability

Bug bounty chat

15 January 2025 17:29

ok bro now verifying it

Bug bounty chat

15 January 2025 17:28

uptimerbot is vulnerable

Bug bounty chat

15 January 2025 16:23

and other one is uptimerobot

Bug bounty chat

15 January 2025 12:40

share poc to check and confirm

Bug bounty chat

15 January 2025 07:19

Yes I can help with jwt

Bug bounty chat

12 January 2025 19:58

hello, can anyone help me with a bug on a site?

Bug bounty chat

12 January 2025 15:44

https://www.youtube.com/watch?v=X64c_-dh3rs

Bug bounty chat

12 January 2025 12:33

Is there any way I can bypass this admin login by SQL injection or any other methods?

Bug bounty chat

12 January 2025 08:20

https://pauljerimy.com/security-certification-roadmap/

Bug bounty chat

12 January 2025 02:32

Hi everyone, I’m an 18 year old, just got into computer science, and I’m really passionate about finding loopholes, bugs in websites and applications, software systems, jailbreaking. I’ve got knowledge in coding. I was hoping you guys could suggest material to learn as a start, pdfs, books, YouTube videos white hacker 101, stuff like that, everything much appreciated.