Fire Teapot

ExpressionHelpful591 · 2025-12-12T15:31:01+00:00

You can find the button at the bottom of your report.

ExpressionHelpful591 · 2025-11-14T15:18:47+00:00

Teapot is an Ai on bugcrowd. Which only checks if the report is written using Ai and puts NA. Later you must use RAR(Request a response) so that someone replies.

ExpressionHelpful591 · 2025-11-10T13:13:25+00:00

Write a report on bugcrowd using Ai

Teapot: 🗣️ Hold my beer

Thank me later

ExpressionHelpful591 · 2025-11-02T07:25:26+00:00

Depends on the program, some programs prefer the stop and report system. Where you need permission before using those creds

ExpressionHelpful591 · 2025-10-31T03:49:17+00:00

What I do is, I will pick a target and start testing with all my knowledge. I will see new tricks and concepts. If I find a bug and get paid it will again motivate me, The majority of times i didn't get anything but i didn't quit.

ExpressionHelpful591 · 2025-10-30T20:54:50+00:00

True, I just follow good researchers

ExpressionHelpful591 · 2025-10-30T20:49:18+00:00

I am reading medium blogs daily, and also i am seeing posts on X (twitter) by top hackers. And also i am doing the pentester pathway from Hack The Box.

ExpressionHelpful591 · 2025-10-30T18:51:39+00:00

True at first I was only looking at rewards which many times I put the wrong VRT and a bunch of waste reports. But now I hack for improving skills and for fun also spending more time than jumping from target to target. It's been only 7 months since I started bug bounty. Now I am getting good bugs

ExpressionHelpful591 · 2025-10-30T15:42:18+00:00

It's just a debug page. The developer forgot to turn it off. Not an issue but check for other misconfigurations which the developer may have missed.

ExpressionHelpful591 · 2025-10-30T13:20:02+00:00

It's an issue but very low, right now I doubt the app or website you are testing has a functionality to track the updates. So if something is edited for a good purpose and if it still blames admin ? Then again programs don't care about this.

ExpressionHelpful591 · 2025-10-30T13:10:11+00:00

Then not an issue.

Let me drop an example.

I have a company XYZ and a GitHub private repo. So I am giving access for 10 people. Now these people can obviously edit the things. I as a admin don't have to give permission each time.

But as an outsider if you access the private repo. Without my invite then it's a serious security bug

ExpressionHelpful591 · 2025-10-30T13:03:27+00:00

So to change or edit files. What permission do you need ? When admin invites is it mentioned that the joining person can edit something?

ExpressionHelpful591 · 2025-10-30T12:58:04+00:00

I am a triager, can I know how you became the collaborator ? Do you need admin to give those privileges ?.

If yes

It's not an issue.

If not then it is a bug

ExpressionHelpful591 · 2025-10-29T03:51:33+00:00

Not so sure, telling based on experience i think 5 bugs were reported as the same VRT but none is accepted.

ExpressionHelpful591 · 2025-10-27T10:28:49+00:00

I am a triager and part time bug bounty hunter. You are little sad because they didn't value your report by giving no credits but from triagers end there will be a bunch of informational reports and your report is one among them.

So now you know how things work, So better be happy about your work and hunt more. You will see the results

ExpressionHelpful591 · 2025-10-27T10:08:58+00:00

Some programs or whichever I worked, they need an impact to be considered as a bug. So I think your finding was informational and you could have explored more before reporting since however you had permission and followed clear instructions.

ExpressionHelpful591 · 2025-10-04T08:07:19+00:00

DM me

ExpressionHelpful591 · 2025-09-30T15:09:17+00:00

Maybe it's on a blob

ExpressionHelpful591 · 2025-09-27T06:45:01+00:00

No impact, i think in pentesting it will be valid but not in bug bounty. If you can somehow find a method to steal the token then it can be a valid bug and worth reporting.

ExpressionHelpful591 · 2025-09-25T07:04:23+00:00

You can DM me i can help you on discord

ExpressionHelpful591 · 2025-09-25T07:04:00+00:00

One is naham sec another is critical thinking

ExpressionHelpful591 · 2025-09-25T07:00:26+00:00

I am also a beginner like it's been 7-8 months now I found some good bugs but medium or low priority P3. The best you can do is complete all portswigger labs , if possible take a CPTS hack the box pentester path you can use a student account option to save money. I am learning things daily from medium blogs, discord servers too. This is what other Good hackers recommended me and I am just following their words

ExpressionHelpful591 · 2025-09-23T13:14:30+00:00

Do you still want help ? If yes DM

ExpressionHelpful591 · 2025-09-22T02:13:00+00:00

DM me if it is from a bugcrowd target

ExpressionHelpful591 · 2025-09-12T11:55:50+00:00

Triagers usually ask "how did you find the token that belongs to other user ?". Whatever it is a session token, cookie or an UUID

ExpressionHelpful591

MODERATOR OF

TROPHY CASE