Bug bounty chat

16 Jan 2025 07:19

Hey everyone, so I have stumbled upon a kind of a logic bug a while back. Basically, to change the password the app requires a two step verification via email. And the user needs to solve captcha on the front end to submit their email while requesting for a password change to get a reset link on the email.

However, in the backend through burp, I can insert the email without solving the captcha about 20-25 times before getting locked out. Mind you, the app has an email enumeration bug which lets you identify if an email is registered on the app or not.

So, I can insert any user's email as many times as I want to request reset password links and lock the actual user out from resetting their passwords.

Do you think it is a valid security bug?

I'm a bit confused and scared to report because I don't wanna lose reputation by getting flagged as N/A.

Bug bounty chat

15 Jan 2025 17:29

https://exploit.linuxsec.org/uptimerobot-com-custom-domain-subdomain-takeover/

Bug bounty chat

15 Jan 2025 17:28

Sendgrid isn’t vulnerable

Bug bounty chat

15 Jan 2025 14:14

I sell db with 200k rows

Bug bounty chat

15 Jan 2025 10:35

hey i've found 2 subdomains that are reflecting subdomain takeover vulnerablity can anyone help me to confirm this vulnerability

Bug bounty chat

14 Jan 2025 12:51

is anyone good with cookies/jwt?

Bug bounty chat

12 Jan 2025 15:44

AMAZING bookmark trick

Bug bounty chat

12 Jan 2025 14:07

I'm looking for the apk that are used by scammers to hack people and steal otp.. wana reverse engineer it.. does someone have a latest app that a scammer sent them

Bug bounty chat

12 Jan 2025 12:33

https://level-level.com/wp-login.php?redirect_to=https%3A%2F%2Flevel-level.com%2Fwp-admin%2F&reauth=1

Bug bounty chat

12 Jan 2025 08:19

Start from basics of network and its concepts. There are few fundamentals to learn

Bug bounty chat

11 Jan 2025 23:37

https://www.youtube.com/watch?v=r0aYzvfZWHI&t=2s

Bug bounty chat

11 Jan 2025 08:28

thanks brother donwloaded and in working condition also subscribed your channel

Bug bounty chat

11 Jan 2025 06:08

or anyway to dowload the professional version of the burpsuite without getting paid

Bug bounty chat

10 Jan 2025 20:00

https://www.youtube.com/watch?v=1FO3TQx75J0&t=4s

Bug bounty chat

10 Jan 2025 13:52

luvvoice its called online

Bug bounty chat

15 Jan 2025 17:29

ok bro now verifying it

Bug bounty chat

15 Jan 2025 17:28

uptimerbot is vulnerable

Bug bounty chat

15 Jan 2025 16:23

and other one is uptimerobot

Bug bounty chat

15 Jan 2025 12:40

share poc to check and confirm

Bug bounty chat

15 Jan 2025 07:19

Yes I can help with jwt

Bug bounty chat

12 Jan 2025 19:58

hello, can anyone help me with a bug on a site?

Bug bounty chat

12 Jan 2025 15:44

https://www.youtube.com/watch?v=X64c_-dh3rs

Bug bounty chat

12 Jan 2025 12:33

Is there any way I can bypass this admin login by SQL injection or any other methods?

Bug bounty chat

12 Jan 2025 08:20

https://pauljerimy.com/security-certification-roadmap/

Bug bounty chat

12 Jan 2025 02:32

Hi everyone, I’m an 18 year old, just got into computer science, and I’m really passionate about finding loopholes, bugs in websites and applications, software systems, jailbreaking. I’ve got knowledge in coding. I was hoping you guys could suggest material to learn as a start, pdfs, books, YouTube videos white hacker 101, stuff like that, everything much appreciated.

Bug bounty chat

11 Jan 2025 14:44

thanks for the support <3

Bug bounty chat

11 Jan 2025 07:07

https://youtu.be/g8vpREI8Fno?si=x8tJeXq1nCcSW5TO

Bug bounty chat

11 Jan 2025 06:08

hey anyone here, is there any other way to find out of band sql injection with tools other than burpsuite since it requires professional i was completing my portswigger sql injection the last three labs

Bug bounty chat

10 Jan 2025 19:59

https://youtu.be/D6ke5mi1Q6I

Bug bounty chat

10 Jan 2025 13:51

What AI do you use to make the voice in the video?