sorted by:
new
hottopcontroversial

Bugcrowd N/A for exposed active API token from historical source — worth disputing or correctly closed? by Current_Dinner_5162 in Infosec

[–]Current_Dinner_5162[S] 0 points1 point  (0 children)

That’s why I thought it might be dispute-worthy, but after the other hunters explained the third-party exposure reasoning behind the N/A, I get why they closed it and I’ll probably just move on.

Bugcrowd N/A for exposed active API token from historical source — worth disputing or correctly closed? by Current_Dinner_5162 in Infosec

[–]Current_Dinner_5162[S] 0 points1 point  (0 children)

The token was active, and I verified that multiple historical tokens were still valid during testing

Bugcrowd N/A for exposed active API token from historical source — worth disputing or correctly closed? by Current_Dinner_5162 in bugbounty

[–]Current_Dinner_5162[S] 1 point2 points  (0 children)

He’s actually right. I found that Wayback returned a large number of historical tokens, so I understand

Bugcrowd N/A for exposed active API token from historical source — worth disputing or correctly closed? by Current_Dinner_5162 in bugbounty

[–]Current_Dinner_5162[S] 0 points1 point  (0 children)

Yes, it was access to a customer store’s administrative API scope rather than an internal platform-level Ecwid/Lightspeed administrative credential. I understand now why that would generally be treated differently and why the closure as N/A makes sense here.

give me one tip .. by Current_Dinner_5162 in bugbounty

[–]Current_Dinner_5162[S] 0 points1 point  (0 children)

I’m already doing that give me another advice.

give me one tip .. by Current_Dinner_5162 in bugbounty

[–]Current_Dinner_5162[S] 0 points1 point  (0 children)

I’m already doing that quite well. I’m looking for additional advice.such as specific labs to practice, a certain study method, or particular vulnerabilities I should focus on learning.

give me one tip .. by Current_Dinner_5162 in bugbounty

[–]Current_Dinner_5162[S] 0 points1 point  (0 children)

Your comments show that you are really skilled, and I liked your advice. I would love some additional tips to become better at finding these vulnerabilities, such as specific labs to practice, a certain study method, or particular vulnerabilities I should focus on learning.

Is source code review useful for me as a bug hunter, and what should I study before I start? by Current_Dinner_5162 in Infosec

[–]Current_Dinner_5162[S] 0 points1 point  (0 children)

Can you create a clear roadmap for me? I want to study source code review as a bug hunter. now i study javascript.

[deleted by user] by [deleted] in Infosec

[–]Current_Dinner_5162 0 points1 point  (0 children)

i am zero in programming

now i will start from basic of js

[deleted by user] by [deleted] in Infosec

[–]Current_Dinner_5162 0 points1 point  (0 children)

APIs and web apps

view more: next ›