3264
Talk and help about bugbounty
Deep recon means finding the subdomains of subdomains like finding 5 th level subdomains or finding deeper level endpoints ,parameters, files and directories ?
Читать полностью…
Bonjour
Merci pour l’acceptation
Qui parle Français dans ce groupe ?
J’ai besoin d’aide
Yeah it was subdomain takeover but got duplicate someone had already reported before me
Читать полностью…
The email enum vulnerability is not valid according to their rules stated on the program rules
Читать полностью…
Hey everyone, so I have stumbled upon a kind of a logic bug a while back. Basically, to change the password the app requires a two step verification via email. And the user needs to solve captcha on the front end to submit their email while requesting for a password change to get a reset link on the email.
However, in the backend through burp, I can insert the email without solving the captcha about 20-25 times before getting locked out. Mind you, the app has an email enumeration bug which lets you identify if an email is registered on the app or not.
So, I can insert any user's email as many times as I want to request reset password links and lock the actual user out from resetting their passwords.
Do you think it is a valid security bug?
I'm a bit confused and scared to report because I don't wanna lose reputation by getting flagged as N/A.
endpoints,parameters all those are right but idk whats 5th level subdomains, . . . new to me
Читать полностью…
Hey does anyone here know how to escalate csrf vulnerability on logout endpoint to any other impact
Читать полностью…
https://infosecwriteups.com/stored-xss-to-admin-in-unauthenticated-wordpress-cb76bae66623
Читать полностью…
Hello, it would be a pleasure, could you help me solve the following laboratory?
thanks --> https://xss-labs.abay.sh/xss/6.php
How to capture the https username and password using wireshark tool
Читать полностью…