I created a challenge based on one of my Google bugs worth $12,000. It is an OAuth misconf. I will drop a writeup for it soon, before that, give it a try & practice, it doesn't matter if u r capable of solving it or not, just click and start poking 🙂
https://t.co/lAW53dVyk5
@Random_Robbie I don’t think so this is the full picture tho!
Do you need admin privilege to craft the exploit? Yes (PR:H) , no (PR:N)
Tricking the admin come under UI and AC, only if admin clicks the exploit will work then and organization has only few admins then (UI:R & AC:H)
Spain is going through one of the biggest disasters in recent years.
Some Spanish bug hunters are coming together to create collaborative reports and donate the bounties. We need to stay united.
Anyone interested, please reach out to me! 🙏🏼
#dana#valencia#bugbounty
Someone DMd me asking for bug bounty advice. They said they've only found 1 valid bug in 5 years.
I asked whether they have any other income sources.
They said "yes, I teach bug bounty hunting".
That, my friends, is the state of bug bounty education.
@voorivex همه پروگرم های یس وی هک رنج دارن. یعنی یک مدیوم ۶/۹ با یک های ۷/۱ خیلی تفاوتی نداره تا با های ۸/۹. توی همه پروگرم هاشون هم همین شکلیه و کاملا مشخص تو پالیسی نوشته. معمولا بر اساس تجربه، یک کلیک اکانت تیک اور هارو روی ۷.۱ میبندن هر کاری بکنی متاسفانه :/
Does any one know in which part of hackerone can I block a trigger from reading my reports? I saw the announcements of the feature but can’t seem to find it?
Seems like h1_analyst_layla is out to find us all and ruin our reports!
#bugbounty
دولت رئیسی در موضوع توریسم فهمیده که وضعیت خرابه و باید درها را باز گذاشت، حتی راه سفر برای پورناستارها برای تزریق و تفریح باز شده
تازگیها هم دیدم آدم شدید در فرودگاه مزاحم مردم نمیشوید و سوال جواب نمیکنید که کجا بودی، جاسوس و مسافر الان همگی با هم رد میشه، خاک تو سرتون 😂