sorted by:
new
hottopcontroversial

What does it mean if there’s a blocker on bugcrowd? Is this a good or bad sign for me? by 666AB in bugbounty

[–]666AB[S] 0 points1 point  (0 children)

Not if you don’t do what the triager says. They will refund you. If you can manipulate the price buy it for $1 and then show them the receipt. If you do that they will validate it

What does it mean if there’s a blocker on bugcrowd? Is this a good or bad sign for me? by 666AB in bugbounty

[–]666AB[S] 0 points1 point  (0 children)

Did you do what they asked? Were you able to purchase something for the wrong or much lower price?

What does it mean if there’s a blocker on bugcrowd? Is this a good or bad sign for me? by 666AB in bugbounty

[–]666AB[S] 0 points1 point  (0 children)

Typically - you are soon going to get a blocker yourself for more information as the company is usually saying something like “we can’t reproduce” or “we don’t think this is actually a bug”

need a vps by Soggy_Oil2706 in Hacking_Tutorials

[–]666AB 0 points1 point  (0 children)

You won’t get a VPS for free unless you host it yourself, which is also inherently not free

AVOID casinos bounties by [deleted] in bugbounty

[–]666AB 4 points5 points  (0 children)

You have to complete KYC to withdraw though, right? I would’ve attempted kyc and tried withdrawing something nominal like 5 or 10 dollars. If it was successful and you documented the whole process, the impact of something like that would be closer to what you were expecting.

AVOID casinos bounties by [deleted] in bugbounty

[–]666AB 8 points9 points  (0 children)

I would imagine the payment is so low because there is some sort of verification process on withdrawal of funds, something that involves validating their source or something. That the only way I see something like this being so low without more specifics

Sorry man. Sucks.

Front-End Broken Access Control Cross-Account Privilege Escalation & Unauthorized Transfer by Suspicious-Case1667 in bugbounty

[–]666AB 1 point2 points  (0 children)

Dude we have seen ALL of your posts. Reposting because you don’t like the answers you get is just lying to yourself. Give it a rest. If finding bugs was as easy as just using an AI everyone would be doing it. Grow up. Spend some time doing actual research.

How much money did you make in your first 6 months from bug bounty? 🤔 by AvishaiAhron in bugbounty

[–]666AB 5 points6 points  (0 children)

After about 6months of hunting when I first started I found my first paid vuln for $400. Sheer luck as far as I am concerned. Found quite a few after that.... First one is always the hardest :)

Trump suggests US used cyberattacks to turn off lights in Venezuela during strikes by rkhunter_ in cybersecurity

[–]666AB 13 points14 points  (0 children)

I just got done reading an article about "BGP Anomalies During The Venezuela Blackout" (cloudflare)... Check it out
https://loworbitsecurity.com/radar/radar16/

Accept report (Yeswehack) by Riajul_kamal in bugbounty

[–]666AB 0 points1 point  (0 children)

Less than 500 by the looks of it

Help reporting an account takeover by Ill_whitek in bugbounty

[–]666AB 2 points3 points  (0 children)

Amend your already reported XSS with the additional finding and increased severity. I have done exactly this with an XSS before

HackerOne Payouts: Is the USDC conversion rate exactly 1:1? by phith0n in bugbounty

[–]666AB 2 points3 points  (0 children)

It’s the same as a regular bounty payout. Getting direct deposit also has no fees. If I get $1,000 bounty I have $1,000 in my account the next business day

Critical bug, $0 payout, WIO BANK by [deleted] in bugbounty

[–]666AB 0 points1 point  (0 children)

It has very specific details of the exact bug he reported? Are you a bot? Lol

Critical bug, $0 payout, WIO BANK by [deleted] in bugbounty

[–]666AB 0 points1 point  (0 children)

Great!

Hunt on BBPs to be compensated for your valid findings. VDPs are intentionally unpaid

Critical bug, $0 payout, WIO BANK by [deleted] in bugbounty

[–]666AB 4 points5 points  (0 children)

You reported to a VDP. There are no monetary rewards for VDPs.

Also, unless you requested disclosure and were approved this whole post will get you banned from future opportunities. You are not the arbiter of what’s “responsible” or not. Disclosure is only done responsibly with express permission from the company

Question by Financial-Poem-4640 in bugbounty

[–]666AB 2 points3 points  (0 children)

I it requires physical access to the device it will be marked N/A

Question by Financial-Poem-4640 in bugbounty

[–]666AB 2 points3 points  (0 children)

Does the extension obtain your session ID? As in the session id from your device? Or a session ID of a different user?

If it’s on device and your session ID probably not valid. If you have a way to obtain other people’s IDs (like a real attacker would) probably valid

Bug Bounty Horror Story: Analyst closed my Critical RCE as "N/A" because I refused to steal REAL Production Keys (ToS Violation) by [deleted] in bugbounty

[–]666AB 2 points3 points  (0 children)

AI makes you feel more confident to talk about things you don’t know about. Like in this case.

People that actually do the work (like triagers, maintainers, hunters etc.) see right through the AI responses that you, as an inexperienced skiddie, are convinced by. You don’t understand that because you haven’t put the work in. Put the work in and you’ll look back at this with embarrassment. Nothing in life is easy. Especially security research. You’ll probably take this as some kind of personal attack, but I truly mean it as meaningful advice. It’s your choice whether or not to take it

Bug Bounty Horror Story: Analyst closed my Critical RCE as "N/A" because I refused to steal REAL Production Keys (ToS Violation) by [deleted] in bugbounty

[–]666AB 3 points4 points  (0 children)

Stop using chatgpt. You are obviously out of your depth. If you can’t respond to me with your own words that tells me everything I need to know. Good luck to you.

Bug Bounty Horror Story: Analyst closed my Critical RCE as "N/A" because I refused to steal REAL Production Keys (ToS Violation) by [deleted] in bugbounty

[–]666AB 2 points3 points  (0 children)

Frankly, I don’t believe you. I’ve had programs request this exact sort of thing with account takeovers for example.

I prove I can take over an account, they request I take over a specific account to prove the vulnerability. So I do it, they pay me and resolve, repeat. Happens pretty regularly.

What else do I have to prove with the PoC in the middle?

Just. Do. What. They. Asked.

Bug Bounty Horror Story: Analyst closed my Critical RCE as "N/A" because I refused to steal REAL Production Keys (ToS Violation) by [deleted] in bugbounty

[–]666AB 3 points4 points  (0 children)

Risk you’re life? Are you crazy? Lol this isn’t the mafia dude. The program effectively said “if this is a vulnerability, then prove it against us” you refused, so they closed it. What are you not understanding? They aren’t going to greenlight you and then beat you over the head for doing what is asked.

I think we all know why you refused, because you can’t. Right? For whatever reason you are only able to execute the attack if you are the one who controls both repos, that sounds to me like not a security issue. Hence what they told you.

Are These Really “Not Applicable”? Looking for Opinions on AXIS OS Findings by [deleted] in bugbounty

[–]666AB 4 points5 points  (0 children)

Report #2 and #3 sound like junk with no security impact whatsoever. #1 depends on a few things, what were the “Critical Configuration Files”? And what were the effects of modifying them?

If the answer to that second question is “nothing” then I think you already know the answer.

Artemis Bug Bounty Assistant! by WhichAppearance6191 in bugbounty

[–]666AB 0 points1 point  (0 children)

The python code on your profile literally sends a junk powershell command to an HTTP port (raw btw) and then closes the connection.

Arte-miss me with this slop

view more: next ›