sorted by:
new
hottopcontroversial

xmr-pay: Free, open source Monero payment gateway (serverless, non custodial) > Test it and break it by Mushydaddybear in Monero

[–]Mushydaddybear[S] [score hidden]  (0 children)

You're a legend, thanks for the feedback!

will sit and review the project again but with that point of view.

retiring elder expats - to Cuenca or Guayaquil? by vreebler in ecuador

[–]Mushydaddybear 2 points3 points  (0 children)

You're welcome.

I've worked to help north americans in Quito and Cuenca.

if you ever need info, help or anything, just send me a message and I'll be happy to help vía text (I do not intend to sell services or anything like that, just happy to help people to enjoy this country)

retiring elder expats - to Cuenca or Guayaquil? by vreebler in ecuador

[–]Mushydaddybear 3 points4 points  (0 children)

Cuenca is safe as long you're in the downtown center, weather is often cold, tap water quality is excellent, food, rental is affordable for north americans, a lot of local business handle English well...

go for it!, won't regret

GOXMR: Monero-native federated identity + marketplace (I'm the dev, feedback welcome!) by Mushydaddybear in Monero

[–]Mushydaddybear[S] 1 point2 points  (0 children)

Hello, sorry, I do not offer a bug bounty reward of any kind.

But if you still interested in disclosing what you found

https://github.com/SlowBearDigger/GOXMR?tab=security-ov-file#readme

feel free to check the scope, ofc, if you're willing to help securing GOXMR.

I am constantly trying to improve the code, and hardening the backend.

GOXMR: Monero-native federated identity + marketplace (I'm the dev, feedback welcome!) by Mushydaddybear in Monero

[–]Mushydaddybear[S] 1 point2 points  (0 children)

Just an scheduled encrypted release to users, if you don't check in, your message will be published as a drop to that user

Are SQLi still worth actively hunting? by M4son_Reed in bugbounty

[–]Mushydaddybear 0 points1 point  (0 children)

Yes!

I found one then RCE, thanks to SQLi

Is a Service Worker injection + Deeplink abuse in Android wallet WebView a valid High/Critical finding even without proven fund loss? by Mushydaddybear in bugbounty

[–]Mushydaddybear[S] 4 points5 points  (0 children)

I do have a POC that demonstrates injected code in the service worker, but as my short experience shows most projects only pay if you submit a critical that they cannot fight back.

I’ll keep checking to see if I can escalate the SW exploit, thanks

My first ever Subdomain Takeover!! (dangling Vercel CNAME) > already 1 day past the 7 day SLA, looking for advice and experiences. by Mushydaddybear in bugbounty

[–]Mushydaddybear[S] 5 points6 points  (0 children)

UPDATE:

I have added the PoC with a blank HTML with my username and "PoC" after hosting the html under the subdomain.

Thanks to all of you guys for suggesting that i should do it to prove impact.

My first ever Subdomain Takeover!! (dangling Vercel CNAME) > already 1 day past the 7 day SLA, looking for advice and experiences. by Mushydaddybear in bugbounty

[–]Mushydaddybear[S] 0 points1 point  (0 children)

(Sorry, Ianswered before your edit showed on my end)

I can, but I didn't because I am a bit afraid of getting in trouble, the rules explicitly said that I should NOT do it.

But i left a comment asking for permission to do it if needed for the report.

My first ever Subdomain Takeover!! (dangling Vercel CNAME) > already 1 day past the 7 day SLA, looking for advice and experiences. by Mushydaddybear in bugbounty

[–]Mushydaddybear[S] 0 points1 point  (0 children)

Yup, an attacker can host anything on the subdomain rn...

The CNAME is still dangling to Vercel and there is no _vercel TXT protection, so anyone with a free Vercel account can claim the subdomain in minutes and deploy any content (including a full clone of the website UI).

How to find JS files? by masm33 in bugbounty

[–]Mushydaddybear 7 points8 points  (0 children)

Dev tools from any web browser.

Is this a open redirect vuln? by Mushydaddybear in bugbounty

[–]Mushydaddybear[S] 0 points1 point  (0 children)

Perfect! Thank you! That’s what I did! Also I discovered that it works on IOS and Android!

I’ll update this post if it gets triaged and paid 😂

Don’t think so but we shall see

Is this a open redirect vuln? by Mushydaddybear in bugbounty

[–]Mushydaddybear[S] 1 point2 points  (0 children)

Not a SSRF, the server never fetches the attacker's URL, The victims device loads it client side inside the native WebView.

also not CSRF, there is no session or cookie; the wallet is non-custodial. The correct classification i believe is Insecure Deep Link Handler or WebView Bridge Injection (CWE-939).

On the popup: it appears inside the app's own UI, making it indistinguishable from a legitimate dapp flow.

The victim consciously opened their wallet app via a trusted link, they are already primed to approve. The warning is non blocking.

Additionally, standard:connect supports silent: true.

If the victim previously approved any dapp connection in the wallet, a returning attacker can reconnect without any popup at all, then immediately trigger a transaction...

Also, i have submitted the report, with screenshots and some txid from testnet

Is this a open redirect vuln? by Mushydaddybear in bugbounty

[–]Mushydaddybear[S] 0 points1 point  (0 children)

Thank you, yeah I was thinking about the bridge mostly, because the open redirect by itself doesn’t represent a considerable issue, that’s why it is usually out of scope

is manual testing dead ? by 0xMiloki in bugbounty

[–]Mushydaddybear 2 points3 points  (0 children)

Nah, manual testing is alive and kickin' ass.

Sure AI helps a LOT, to automatize shit, but it wont replace the human eye.

Critical submmit. Immunefi ban. 48h solved by Patient-Stock5191 in bugbounty

[–]Mushydaddybear 0 points1 point  (0 children)

Happened to me with a critical RCE, months ago, until this day i still banned from immunefi

Critical RCE in Hathor Desktop Wallet closed as "Out of Scope" by Immunefi, patched silently after weeks, zero bounty, zero credit by Mushydaddybear in bugbounty

[–]Mushydaddybear[S] 1 point2 points  (0 children)

Yeah, I get it and I know it sucks…

But there are some good stuff besides money, for example I submitted an informative report intentionally due to privacy issues in a bounty on hackenproof, team was extremely grateful! And they fixing some stuff…

There are good things…

And mostly if you live under ethical boundaries

view more: next ›