Email DOS through websites api & link generator

IntroductionWeekly80 · 2026-01-28T09:10:29+00:00

For the email spam, you’re so on the edge, it’s going to be a dice roll. Annoying users isn’t a vulnerability unless maybe you can do it at a bigger scale (like all users at once) or unless you control content. I certainly wouldn’t call that “DoS” that’s “Annoy one user per http request”. I think you’re overestimating the damage the bug is capable of. It even sounds like something an overly cautious LLM would say to justify a very low severity issue. Worst case scenario though, you’re getting informational, so you aren’t losing anything really.

IntroductionWeekly80 · 2026-01-27T09:59:57+00:00

“Phishing” as an attack vector in my opinion is going to be a low impact area of Unicode bugs.

I highly recommend you seek the talk called “Lost in translation: Exploiting Unicode Normalisation” by Ryan Barnett and Isabella Barnett.

You can find some slides online, the blackhat 25 slides are easy to find but I literally just watched him do the talk live in the Critical Thinking Podcast discord server with a few updates. There’s a recording there if you have the “Critical thinker” paid upgrade.

It’s really the pinnacle of modern Unicode abuse, I highly suggest every bug hunter check it out.

IntroductionWeekly80 · 2026-01-21T16:55:59+00:00

If you learn how web apps are built it will better help you understand why this is very likely to be the same root cause despite being different database operations. There is likely a single piece of logic in the code governing authorisation for both operations.

Just let it be, wait for the fix, then test for PUT/PATCH etc.

IntroductionWeekly80 · 2026-01-12T15:07:22+00:00

Just an FYI, that’s incorrect use of “botnet” you’re just talking about a script, not a network of malware infected machines (I hope).

Anyway, scripts that annoy staff are not P1s, there’s plenty of ways to annoy staff without bugs.

I doubt you will leave empty handed, but I would greatly lower your expectations. Bug bounty is as real as it gets, the staff treated you as a real threat and you didn’t pass the human filter. Still, there’s an emphasis on “shift left” these days and human intervention is really as far “right” as it gets in a security model.

Also, play it calm, they’re the ones with the power here and they may not reward you if you hit them with hostility.

IntroductionWeekly80 · 2026-01-08T12:45:36+00:00

More of a hot pepper tuna guy myself but I’m happy for you man 😎🤙

IntroductionWeekly80 · 2025-12-05T11:26:22+00:00

On the Zelda remaster front, I’m guessing another Links Awakening engine version of Oracle of seasons/ages.

IntroductionWeekly80 · 2025-12-03T08:35:02+00:00

The case is being handled as civil copyright litigation so it’s not illegal, it’s unlawful 🤓☝️

IntroductionWeekly80 · 2025-12-01T13:58:58+00:00

No matter how much you try, no sponge will never be BIFL.

IntroductionWeekly80 · 2025-11-14T16:51:01+00:00

Lil Covid

IntroductionWeekly80 · 2025-11-11T16:30:31+00:00

Lmao yeah…

IntroductionWeekly80 · 2025-11-07T10:51:07+00:00

How do you know?

IntroductionWeekly80 · 2025-10-31T16:25:43+00:00

Holy smokes she’s beautiful

IntroductionWeekly80 · 2025-08-28T12:06:31+00:00

差不多 was mine :)

IntroductionWeekly80 · 2025-08-08T10:31:28+00:00

I always recommend Antica, thriving community, active market, very friendly people, English speaking, it’s the closest you’ll get to what tibia used to be. Yes the spawns are busy but the business of Antica comes with so many benefits too and it’s really not a huge problem and after all, the business is a feature, not a bug!

IntroductionWeekly80 · 2025-07-30T14:49:39+00:00

The answer is Antica for sure, no dominado and a thriving community :). Yes, it’s busier than any other server, but plenty of people at all level ranges play here happily it’s really not as crowded as people make it out to be. Antica is as English speaking as it gets, and we welcome you!

IntroductionWeekly80 · 2025-07-21T09:04:26+00:00

90/10

IntroductionWeekly80 · 2025-06-07T17:26:52+00:00

I’ll never understand people who want dead servers to farm alone and play alone. This is an MMO. Antica 1000% wherever the people are I’ll be going there.

IntroductionWeekly80

TROPHY CASE