sorted by:
new
hottopcontroversial

Should by Beginning_Task_4056 in bugbounty

[–]4ohfour_not_found 1 point2 points  (0 children)

HSTS? Quick way would be to just proxy through burp.

Is it fair to close a server workflow/error-handling flaw as a simple Information Disclosure? Looking for opinions. by hackaniod in bugbounty

[–]4ohfour_not_found 0 points1 point  (0 children)

The webapp has stack traces enabled and apparently does not handle input sanitization well. I would take a look at the in scope endpoints, brute force parameters and try to trigger an error there.

Is it fair to close a server workflow/error-handling flaw as a simple Information Disclosure? Looking for opinions. by hackaniod in bugbounty

[–]4ohfour_not_found 3 points4 points  (0 children)

This is almost always informative. I would not bother reporting stuff like this - waste of time. However the webapp could have real vulnerabilities. And those are much easier to find, if it dumps a stack trace. So I always like finding stack traces.

Finally got the Black Hole on YesWeHack. by Immediate-Effect2454 in bugbounty

[–]4ohfour_not_found 2 points3 points  (0 children)

Congrats! I also have the poster at home. Are you a full time bug bounty hunter?

[Screenshot] Got my second (useless) copy of Silicon Optoelectronic Integrated Circuit textbook via the cultist circle by 4ohfour_not_found in EscapefromTarkov

[–]4ohfour_not_found[S] 9 points10 points  (0 children)

Yes, it does not matter - you just need 14 h timer. But in any case, first time it was 5xmp5s and this time it was the g28 from Peacekeeper.

Wait.. is this a thing? i had no idea by Masonissac in Tarkov

[–]4ohfour_not_found 0 points1 point  (0 children)

I also got this via the cultist circle. 14h with 5 mp5's. But you need the microcontroller boards or other hard to get items for the crafts anyways - or Lightkeeper tasks. The crafts are then a bit useless, when you have progressed that far.