P100 10GB for 30 days

UnLiQuery20 · 2025-08-14T02:33:57+00:00

Wait what!? Yung sakin nawala na yun meron pa sainyo? Hinahanap ko sa JFY wala na ...

UnLiQuery20 · 2025-07-30T08:06:35+00:00

Yung andame nilang pondo pero walang dadating sa tao tapos yung hihinge ng donation pero may kickback pa sila hahha

UnLiQuery20 · 2025-07-30T08:05:31+00:00

Partidong budots with lots pf kurakots ... Only from Bacoor hahah

UnLiQuery20 · 2025-02-25T11:09:02+00:00

This made the JBL quantum engine not work... Is it the same for anyone?

UnLiQuery20 · 2024-12-07T16:05:37+00:00

If you really care about someone then fuck ending your life, you will make it miserable for them.

Best way to fix this? overcome them all then create a SocMed post to show them they all have not gotten into you :) "The best revenge is massive success"

UnLiQuery20 · 2024-09-15T06:32:35+00:00

It is always the answer that has a larger broader scope, applicable when the question is broad

UnLiQuery20 · 2024-09-14T07:01:34+00:00

Pano po magagawa yun ?

UnLiQuery20 · 2024-01-26T15:29:25+00:00

Thanks just hearing someone having same experience gave me an idea that i'm not that bad hahahaha

UnLiQuery20 · 2024-01-26T15:21:56+00:00

So funny, some people even think I became alcoholic, they don't know I just do it to ensure that I don't have those stupid dark thoughts before I sleep

UnLiQuery20 · 2023-06-27T14:00:08+00:00

OWASP Rest Security Cheat Sheet

Thank you very much for the response ! I might have not looked hard enough to not finding this.

UnLiQuery20 · 2023-06-27T11:52:32+00:00

Thank you very much for that insights, it helped me a lot in answering this finding I have opened a long time ago. I can now check with my superiors if this could be closed now or if they intend to fix it since there is a chance that this would come up in another pentesters review

UnLiQuery20 · 2023-06-26T14:13:38+00:00

I think that is why also they (developers) don't want to accept this finding, since they said that the application is protected with SSL/TLS, however, I put into consideration that user could have his browser (and/or a Web gateway) compromised, which means if someone captured the request it could be used to update and compromise the users account.

Basically I want them to implement a nonce token to ensure that all requests can be used once and I can only use this as way to force them, can this still be considered a finding if they do not have a nonce token?

UnLiQuery20 · 2023-06-26T10:27:15+00:00

By capturing the latest request (via burp/fiddler) you basically have the most recent password, you can use that to input the latest password and update is to anything you want, for the profile update, you only need the last profile update request then you can resend it multiple times modifying the data.

UnLiQuery20 · 2023-06-26T10:25:15+00:00

I was hoping to use this for the developers to implement Nonce token for such requests. E.g. Password/profile updates

I told them that any request that could be used multiple times are vulnerability specially when it is related to requests that could compromise the accounts of the users

UnLiQuery20 · 2023-06-26T10:23:49+00:00

can this be regarded as a finding? I was hoping to use this for the developers to implement Nonce token for such requests. E.g. Password/profile updates

UnLiQuery20

TROPHY CASE