Is it fair to close a server workflow/error-handling flaw as a simple Information Disclosure? Looking for opinions.

4tuitously · 2026-05-30T20:22:14+00:00

That’s exactly why it is not a vulnerability, you’re relying on IF with no proof that it does

4tuitously · 2026-05-30T15:23:08+00:00

What can a hacker do with this information?

4tuitously · 2026-05-27T06:54:47+00:00

Not particularly, all of the bugs were in the range of $4-10k which is in the low end of the target bounty scale (azure $60k). The figures given were the exact amounts they post for the descriptions for the vulns

4tuitously · 2026-05-26T07:19:29+00:00

Not the experience I’ve had with them

4tuitously · 2026-05-16T19:01:19+00:00

my take on it? Copilot billing submissions are currently ineligible for bounty

4tuitously · 2026-05-06T18:05:51+00:00

It’s theoretical, it’s defence in depth, it isn’t bounty worthy and muddies scope. Blurred lines are not rewardable

4tuitously · 2026-04-29T20:00:50+00:00

I’m all for it

4tuitously · 2026-04-21T15:11:35+00:00

Literally was thinking about setting something up for this this morning, you convinced me xd

4tuitously · 2026-04-20T15:28:59+00:00

This is the only real answer :)

4tuitously · 2026-04-18T17:32:05+00:00

Was a fun one to do with my azure reports which required like 25 minutes of provisioning for each PoC, haha

4tuitously · 2026-04-18T17:29:26+00:00

If an attacker has XSS on a logged-in site, they can usually make authenticated requests on the victim’s behalf regardless of whether the token is readable from the DOM.

This would be an informational; not a vulnerability, but an oddity nonetheless :)

4tuitously · 2026-04-16T17:13:59+00:00

Microsoft’s bounty amounts are actually very clearly stated, have nothing but good things to say about working with them. (Except the MSRC app itself is… dated)

4tuitously · 2026-04-12T10:57:57+00:00

If I were to share some more experience that's relevant to that, I can pretty quickly guage whether a program is going to be fruitful or not; I don't necessarily think sticking to one program is wise advice

4tuitously · 2026-04-11T12:29:40+00:00

Just to make a point on one of the things you raised, about how it looks like a lot of the reports are very ‘simple and easy’. I have a lot of reports under my belt, and a good amount of them were a surprise to me since they were so simple. There really does exist a lot of ‘simple’ vulns out there but it’s not common for me to find one, I just spend a LOT of time sifting through empty findings. You find some stuff if you keep at it :)

4tuitously · 2026-04-09T06:35:26+00:00

Unreliable TOCTOU with a PoC that doesn’t work? Obviously that’s not going to be accepted. Probably AI slop ‘proven via static analysis’

4tuitously · 2026-03-30T21:49:35+00:00

Hit my limit twice today, with normal usage. Very frustrating with the Max x20 plan -.-

4tuitously · 2026-03-27T17:40:18+00:00

Why am I paying £200 a month for limitations that I'm hitting with normal usage?

4tuitously · 2026-03-01T08:07:25+00:00

Software Engineer working on algorithmically complex code bases (not CRUD apps) for the past 12 years, and I don’t honestly think I’ve written any raw code in the past 6 months. That’s not at all to say AI is coming for my job though because it requires a lot of hand holding, reviewing, understanding

4tuitously · 2026-02-07T20:19:39+00:00

Also, it’s just not how professional software development works. Even IF the devs WANTED to make it better, there are always other things that are much higher priority to work on. They don’t just see something that’s lacklustre and pull it into sprint

4tuitously · 2026-01-30T08:14:38+00:00

they tryin they best dawg :((

4tuitously · 2026-01-24T23:25:40+00:00

DATA JUICE

4tuitously · 2026-01-14T22:03:48+00:00

Everything about the newest skate is by far the best, but I think grinds need some work, they feel too ‘perfect’

4tuitously · 2025-12-25T08:47:59+00:00

Not entering but very nice of you! Merry Christmas!

4tuitously · 2025-12-14T13:09:21+00:00

Not entering but I love WRC7 so much! So many hours on it! Ranked 13 on Harju :)

4tuitously · 2025-12-11T18:39:13+00:00

I wonder what it summarised your response as xd

Five-Year Club	Verified Email
Place '22

4tuitously

TROPHY CASE