@NightmaresUwUL@Hacker0x01 try to prove more impact and try to reopen it, rce ≠ direct impact (especially when its sandboxed like u said) , try to escape the sandbox or do something more impactful with it
Pleased to publish a browser-related research paper (w/@inzo____) titled:
One trigram at a time: XSLeak via Universal CSS Injection and DoS in Opera (GX)
The title speaks for itself. Enjoy the read!
https://t.co/b7JNGW5Nhm
@Bugatsec@hetmehtaa there's no point from hunting on that program, they received like 1000 reports in the last 90 days, my 4 reports with them took more than 2 months to get triaged, and one took 3 months to get resolved, and they dont even pay good its pointless to hunt there
@Hacker0x01 A report about a very critical issue has been sitting untriaged for 20+ days. Mediation was requested 14 days ago and I got nothing meanwhile the program is active and resolving reports. this has to be fixed immediately, support ticket #655766, private managed program
Super excited to release our latest Broken Access Control (BAC) Masterclass on @hackinghub_io with 2 hours of content and almost 20 labs. I'm giving away 3 free seats to anyone who comments, reposts, and replies to this post. Drop a 🔥 below!
More info 👉🏼 https://t.co/g8gwo5vYGN
SQL Injection without these special chars [' "()\/%*&\`] possible?
Yep, me and @or4nge16hehe did it.
Using only: [ a-z, 0-9, dot, @+- ]
Write-up soon
#BugBounty#infosec
couldn't find a name for the article, I was going to name it "Chronicle of Vaga", but accidentally published the paste before doing so, I won't waste it.