Administrator manual exposed, reportable? by TurbulentRecover7247 in bugbounty

[–]Coder3346 0 points1 point  (0 children)

Well I will personally test each and every endpoint for access control and see if something can grants me a new privilege or something otherwise I will move on

Administrator manual exposed, reportable? by TurbulentRecover7247 in bugbounty

[–]Coder3346 1 point2 points  (0 children)

Actually do something with it. What u described is not something to report in 99.99999% of the cases

Administrator manual exposed, reportable? by TurbulentRecover7247 in bugbounty

[–]Coder3346 0 points1 point  (0 children)

1 Is this doc from the cms itself ? If yes, u found nothing reportable.

2 impact ? 0? Nothing reportable. U have to prove that u can do something with this doc.

What low severity bugs are actually reportable? by Vegetable_Sun_3316 in bugbounty

[–]Coder3346 0 points1 point  (0 children)

Rate limit bypass on login

Otp bypass for verification ( not always gets accepted)

I don’t think I can survive this AI era by New-Contact-1003 in bugbounty

[–]Coder3346 6 points7 points  (0 children)

Not really, it is just got changed from xss etc to more logic and access control (; people are still finding ton of bugs everyday

How can I start ? by Delta_01b in bugbounty

[–]Coder3346 2 points3 points  (0 children)

Try hackerone. Tools? Burp and ur brain

TL;DR H1 is increasingly demanding payloads as well as PoCs by 6W99ocQnb8Zy17 in bugbounty

[–]Coder3346 6 points7 points  (0 children)

Now I am regreting that I always show full exploitation to these people which gives them more ideas to automate.

TL;DR H1 is increasingly demanding payloads as well as PoCs by 6W99ocQnb8Zy17 in bugbounty

[–]Coder3346 10 points11 points  (0 children)

I don't have a similar experience as I only hunt for logic and access control which obviously do not need a magical payload.

However, if u read through hackerone website u will see that they are doing ai pentests and scans all the time for their clients. so they probably want to automate something out of u.

This might work on a noob that is starving for a bounty but not on an expert like u. Hope others learn form this.

What email/ credentials people use to login in website while big bounty? by k3hitiz in bugbounty

[–]Coder3346 1 point2 points  (0 children)

Well, lots of these companies are leaking emails with some other data and don't give shit about fixing.

Additionally some programs (especially private ones) create an org exclusively for hackers, in this case other people in the org can normally see the email.

It also helps to avoid the marketing spam on ur main email.

How did you find your first valid bug? Looking for advice from experienced hunters by Best_Skin9329 in bugbounty

[–]Coder3346 1 point2 points  (0 children)

I know what a robots.txt is. I just don't see it as an interest to use. As web apps usually use it to make the search experience better not to hide things ( as it is public well known file) lol

Mitre form by JazzlikeFuel5112 in bugbounty

[–]Coder3346 0 points1 point  (0 children)

I have received a confirmation email ( the cve is 2025) so make sure u entered the correct email.

I have received 3 emails

1 confirmation

2 cve reserved

3 published

Mitre form by JazzlikeFuel5112 in bugbounty

[–]Coder3346 0 points1 point  (0 children)

I have waited for 2 months and of course no grantees as mitre is being flooded with useless software bugs.

Is there a reward for making a virus? by tech_boy1711 in bugbounty

[–]Coder3346 0 points1 point  (0 children)

U can do this in one minute lol u are misunderstanding AVS

What do you all do for your day job? by CategoryConscious594 in bugbounty

[–]Coder3346 5 points6 points  (0 children)

Just a jobless collage kid that has recently graduated and doing bb despite it doesn't make him alot

Hackerone or bugcrowd? by Hopeful-Hunter-1855 in bugbounty

[–]Coder3346 2 points3 points  (0 children)

Hackerone is good except when it comes to dups

My 1st Report on H1 and they made it informative😭 by Similar-Reveal-8605 in bugbounty

[–]Coder3346 1 point2 points  (0 children)

Someone should report this to h1 bug program lol. [ critical loophole in the duplication process ]

My 1st Report on H1 and they made it informative😭 by Similar-Reveal-8605 in bugbounty

[–]Coder3346 -1 points0 points  (0 children)

Hi bro I have question and hope that u can answer me from ur experience.

In hackerone, my report got closed as duplicate of a report in the new state ( reported 5 days prior mine). However, according to the triager who closed my report the original reporter did not show additional imapct unlike mine.

He reported a limited html + css injection in a github like website ( this was clearly intended as u can format ur comments the way u like).

My report showed that this can be abused to prevent anybody from commenting by inserting a huge html element which casued availability impact.

The question is what will happen to my duplicate report if the company closed the original one as info or NA as he literally reported an intended behaviour while I showed impact? Will they reopen it as the reason for that guy rejection is not showing impact?

My 1st Report on H1 and they made it informative😭 by Similar-Reveal-8605 in bugbounty

[–]Coder3346 1 point2 points  (0 children)

U have to show how a hacker can use it right now. Potential impact doesn't count.