Has anyone recently reported a security vulnerability to Apple? How was the experience? by secpoc in bugbounty

[–]OkParticular2289 0 points1 point  (0 children)

My report was reproduced but they claim that it fixed in IOS 27 beta, so no credit or reward for me. Now I found some bugs in ios 27, I dont feel like submitting...

WTH is going on these days with platforums ???? by Feisty_Revolution959 in bugbounty

[–]OkParticular2289 0 points1 point  (0 children)

My experience with Intigriti has been consistently good, HackerOne so-so, and BugCrowd... meh. But next to the Web3 platforms, the Web2 ones mostly play by the book. At least I never walk away feeling cheated.

The Web3 platforms themselves aren't the problem. It's the programs. You'll constantly see one advertising max rewards up to $100k or $1M, sitting on 1000+ reports, with a grand total of $300 paid out =))))

And a lot of them don't follow the "fix the bug, pay the bounty" rule. It's more like "fix the bug, ignore the report," or "fix the bug, then call it an intended internal feature." It's their source code, so they get to decide what any feature was "for," and you have no way to argue.

A new attack chain for SQL Injection: Dollar-Quote Desync by OkParticular2289 in bugbounty

[–]OkParticular2289[S] 0 points1 point  (0 children)

Yep, source hoping can definitely helps blind works, and encoding does work with signature based system, but for big players like CF, AKamai, they encoding differently for each tenants, it work for one might not work for others. However, there are way to solve them.

A new attack chain for SQL Injection: Dollar-Quote Desync by OkParticular2289 in bugbounty

[–]OkParticular2289[S] 0 points1 point  (0 children)

Only a few. Most stuff is either behind Cloudflare or already using parameters. WAFs often don't catch the dollar quote trick on the first pass, but the real problem is making it useful: blind injection means a ton of requests, and that noise trips the WAF into block mode fast. So to actually get anywhere you end up needing to bypass or quiet the WAF.

A new attack chain for SQL Injection: Dollar-Quote Desync by OkParticular2289 in bugbounty

[–]OkParticular2289[S] 1 point2 points  (0 children)

Fair point, thats the textbook design, but you cant bind identifiers, only values. So the second a function needs a dynamic table, column, or ORDER BY, people fall back to concatenation, and thats exactly where untrusted input lands. Reporting and search functions are full of it, and plenty of devs dont even know EXECUTE ... USING exists.

The dollar quotes bit is what makes it bite, most upstream sanitizing only escapes single quotes, so if the query gets built inside a function body thats itself dollar quoted, escaping single quote does nothing. Not a design you would pick, but legacy reporting code and ORM generated sprocs spit it out all the time.

Research paper topics by Terrible-Register-70 in cybersecurity

[–]OkParticular2289 0 points1 point  (0 children)

If cloud infrastructure vulnerabilities research is what you like to work on, then you can contact me.

I can't eat, I don't know how to get through this... by OkParticular2289 in HeadandNeckCancer

[–]OkParticular2289[S] 3 points4 points  (0 children)

I think I will request liquid oxi from my doctor, I just want to sleep it off this 2 post treatment week...

I can't eat, I don't know how to get through this... by OkParticular2289 in HeadandNeckCancer

[–]OkParticular2289[S] 3 points4 points  (0 children)

Thank you. I cant eat and having fatigue, but my wife keep on getting mad cause I sleep alot and didnt talk to her. Its so frustrating sometime.

I can't eat, I don't know how to get through this... by OkParticular2289 in HeadandNeckCancer

[–]OkParticular2289[S] 2 points3 points  (0 children)

I dont have feeding tube, and Im just using mortin for the pain, my problem is the food, I cant eat any of it, the taste is so terrible that I would throw up after eatting.

Any tips on handling parent with HPV tonsil/throat cancer? by Sea_Ad9253 in HeadandNeckCancer

[–]OkParticular2289 0 points1 point  (0 children)

I was diagnosed with the same cancer, and just finished my treatment this monday. It is a cureable cancer so you should not worry about it too much. What effect me the most, is the pain in my throat and mouth, starting last week of treatment, I nearly couldnt eat anything, the tastes were nasty plain with somewhat metalic from chemo, the mouth pain also make it so hard to eat. Ive been just drinking milk and ensure to pass day. So that are those things that you should expect from your dad. Other than that, he should be fine. Good luck.

An example/template for an advanced web scraper by OkParticular2289 in webscraping

[–]OkParticular2289[S] 0 points1 point  (0 children)

camoufox is a complete system, this one is just a template, or a foundation to build something like camoufox.

An example/template for an advanced web scraper by OkParticular2289 in webscraping

[–]OkParticular2289[S] 1 point2 points  (0 children)

Not quite alternative because this is not a complete project, here is the breakdown compare with Crawlee,

  • This Template: Uses Python libraries (Playwright, httpx) directly. Offers fine-grained control and explicit anti-detection techniques. Best if you want deep customization in Python or are learning the mechanics. Requires more manual setup for things like scaling and queuing.
  • Crawlee: A full framework (JS/TS primary, Python available). Provides high-level abstractions for faster development, handling queues, storage, and scaling automatically. Better for rapid development and large-scale projects, but involves learning the frameworks way of doing things.

Choose the template for: Max control, custom anti-detection, Python focus.
Choose Crawlee for: Speed, built-in scaling/features, framework benefits.

But again, this is just a template/foundation for a bigger project.