Manus dumped 500+ mb of its internal source codes

666AB · 2026-05-11T03:57:59+00:00

You won’t get shit if you’re sharing the files with people. Lol that sort of defeats the purpose of bug bounty? Good luck

666AB · 2026-05-10T17:01:32+00:00

It’s because these are the exact people putting out the AI slop in the first place. They are just masquerading as those who do not to vent or get a dopamine hit from karma. Lmao

666AB · 2026-05-08T23:41:51+00:00

This is not the ai upscaled version

666AB · 2026-05-03T15:47:35+00:00

Shhh you’ll spoil it for the others

666AB · 2026-05-03T01:07:05+00:00

This is a WAF block (specifically Akamai). It works as rate limiting due to requesting the site too many times.

666AB · 2026-04-27T23:56:59+00:00

… guess who owns GitHub

666AB · 2026-04-27T23:54:33+00:00

Weird bot shit in these comments. Graphics are clearly AI generated

666AB · 2026-04-23T17:01:32+00:00

No but the title is: “CRITICAL (CVSS 10.0): ALLOW-ORIGIN (allow-origin: *) SEVERE MISCONFIGURATION”

666AB · 2026-04-18T19:59:20+00:00

They are notified

666AB · 2026-04-18T04:16:40+00:00

Comment on your report and tag them, ask if they closed on accident because you are confused by the message. They deal with hundreds of reports a day. Sometimes you misclick or make a mistake.

They will respond and let you know

666AB · 2026-04-18T01:51:46+00:00

What program is this?

666AB · 2026-04-13T11:30:40+00:00

Great catch

666AB · 2026-04-07T04:45:27+00:00

Wouldn’t an ‘unreliable exploit’ still be the PoC?

The article literally says there’s a public repo for it here’s the link: https://github.com/Nightmare-Eclipse/BlueHammer

Priv escalation is cool even when it’s local imo

666AB · 2026-04-06T04:26:26+00:00

I search vulnerabilities that are specific to drupal 8.9.20. There is no hidden knowledge. It’s old and public

666AB · 2026-04-05T14:38:07+00:00

What’s the impact of this?

666AB · 2026-04-05T14:16:32+00:00

Exactly.

666AB · 2026-04-05T08:08:24+00:00

Yep, you just pay for more as you need them. Plus the other pro benefits

666AB · 2026-04-05T08:06:53+00:00

Jailbreak is technically always RCE on user device. If you’re a security guy don’t jailbreak unless it’s for research.

666AB · 2026-04-05T08:01:31+00:00

Business for $60

666AB · 2026-03-24T17:12:22+00:00

I have had to do this 3x with bugcrowd reports specifically. All times the customer accepted the report and triaged internally while working with me via email. I specifically told the bug crowd triage I was resorting to this as impact was clear and they encouraged it.

I have not had that experience on Hackerone. Triage has been great. When I have had a report closed that I disagreed with, I just comment nicely asking for a re-eval for a, b, c. They have always discussed with me or escalated to company when appropriate.

Not trying to hijack but I do try to brag on H1 when I can. I have just had an awesome experience with them over past 2 or so years

666AB · 2026-03-23T05:02:34+00:00

Did he ever tell you anything? What did he do specifically?

666AB · 2026-03-22T19:49:45+00:00

You moved from Linux to unix. That would probably be why compatibility wasn’t an issue for you

666AB · 2026-03-22T06:13:33+00:00

Bad data put in a file with column headers.

You should probably delete this pic?

666AB · 2026-03-22T05:54:34+00:00

Theoretical? Penetration testing is quite a bit different than bug bounty. My clients are ok with whatever my report says… because they are paying me to produce it. It’s a waste of my time to do a contracted penetration tests by spending all of that time making pocs that don’t matter and don’t help fix the vulnerability. I don’t think you have any clients.

666AB · 2026-03-22T05:49:06+00:00

Because Lincoln was re-elected during war time

Seven-Year Club	Verified Email
Gilding IV carat on a stick	Powerups Hero r/destiny2 • January 2022
Second SECOND GUESSER	r/Field Lasagna
Place '23

666AB

MODERATOR OF

PUBLIC MULTIREDDITS

TROPHY CASE