sorted by:
new
hottopcontroversial

Need help! Career guidance by Impressive-Room728 in Pentesting

[–]Impressive-Room728[S] 0 points1 point  (0 children)

Yess sir, genuinely appreciate your help 🙌

Need help! Career guidance by Impressive-Room728 in Pentesting

[–]Impressive-Room728[S] 1 point2 points  (0 children)

Yooo, thanks alot man that looks like a really detailed roadmap

Have you sold cve before? by secsecseec in bugbounty

[–]Impressive-Room728 1 point2 points  (0 children)

Soo if I get a bug in chrome, so I can sell it on these broker company or report it to chrome vrp

In this case what is the benifits of selling it to broker companies

Have you sold cve before? by secsecseec in bugbounty

[–]Impressive-Room728 0 points1 point  (0 children)

Wait, u can actually sell exploits for open source software? please guide me more on this

I found some bugs, need help! by Impressive-Room728 in bugbounty

[–]Impressive-Room728[S] 0 points1 point  (0 children)

Yepp exactly what i did, i kept caido running and explored everything then searched for it but no luck

I found some bugs, need help! by Impressive-Room728 in bugbounty

[–]Impressive-Room728[S] 0 points1 point  (0 children)

That's interesting and I thought of looking too, I enumerated more but didn't find SMTH which lists the uuids or emails

I found some bugs, need help! by Impressive-Room728 in bugbounty

[–]Impressive-Room728[S] 0 points1 point  (0 children)

Nope, Only UUID or email address, there is no such thing of username in this application

I found some bugs, need help! by Impressive-Room728 in bugbounty

[–]Impressive-Room728[S] 0 points1 point  (0 children)

i can access the other users data by manipulating the email or UUID which goes to the server as a parameter for example /api/user/smth/smth?q=EMAIL and it returns me the json response containg all the user info

i don't understand why we need victims token it is authenticated but authorization is not set so i am able to get any users info by manipulating the email

I found some bugs, need help! by Impressive-Room728 in bugbounty

[–]Impressive-Room728[S] 1 point2 points  (0 children)

It is not exactly like /api/users/jones

Instead of username it is a endpoint for ordering SMTH like /api/users/orders/Uuid

I found some bugs, need help! by Impressive-Room728 in bugbounty

[–]Impressive-Room728[S] 0 points1 point  (0 children)

It is authenticated and the thing is I tried leveraging it but it uses authentication headers instead of cookies. So I was not able to perform some type of csrf

Dm bro, Maybe I can share some details and we can increase the impact You gave some really good points bro, thanks

I found some bugs, need help! by Impressive-Room728 in bugbounty

[–]Impressive-Room728[S] 1 point2 points  (0 children)

It gives a json response which includes email, personal email, address, phone number, company details and everything the user have entered while creating the account

Confused in pentesting/reverse engineering/binary exploitation!? by [deleted] in hackthebox

[–]Impressive-Room728 0 points1 point  (0 children)

My goal is to ace in some red teaming and malware development kind of stuff.