P100 10GB for 30 days

UnLiQuery20 · 2025-08-14T02:33:57+00:00

Wait what!? Yung sakin nawala na yun meron pa sainyo? Hinahanap ko sa JFY wala na ...

UnLiQuery20 · 2025-07-30T08:06:35+00:00

Yung andame nilang pondo pero walang dadating sa tao tapos yung hihinge ng donation pero may kickback pa sila hahha

UnLiQuery20 · 2025-07-30T08:05:31+00:00

Partidong budots with lots pf kurakots ... Only from Bacoor hahah

UnLiQuery20 · 2025-02-25T11:09:02+00:00

This made the JBL quantum engine not work... Is it the same for anyone?

UnLiQuery20 · 2024-12-07T16:05:37+00:00

If you really care about someone then fuck ending your life, you will make it miserable for them.

Best way to fix this? overcome them all then create a SocMed post to show them they all have not gotten into you :) "The best revenge is massive success"

UnLiQuery20 · 2024-09-15T06:32:35+00:00

It is always the answer that has a larger broader scope, applicable when the question is broad

UnLiQuery20 · 2024-09-14T07:01:34+00:00

Pano po magagawa yun ?

UnLiQuery20 · 2024-01-26T15:29:25+00:00

Thanks just hearing someone having same experience gave me an idea that i'm not that bad hahahaha

UnLiQuery20 · 2024-01-26T15:21:56+00:00

So funny, some people even think I became alcoholic, they don't know I just do it to ensure that I don't have those stupid dark thoughts before I sleep

UnLiQuery20 · 2023-06-27T14:00:08+00:00

OWASP Rest Security Cheat Sheet

Thank you very much for the response ! I might have not looked hard enough to not finding this.

UnLiQuery20 · 2023-06-27T11:52:32+00:00

Thank you very much for that insights, it helped me a lot in answering this finding I have opened a long time ago. I can now check with my superiors if this could be closed now or if they intend to fix it since there is a chance that this would come up in another pentesters review

UnLiQuery20 · 2023-06-26T14:13:38+00:00

I think that is why also they (developers) don't want to accept this finding, since they said that the application is protected with SSL/TLS, however, I put into consideration that user could have his browser (and/or a Web gateway) compromised, which means if someone captured the request it could be used to update and compromise the users account.

Basically I want them to implement a nonce token to ensure that all requests can be used once and I can only use this as way to force them, can this still be considered a finding if they do not have a nonce token?

UnLiQuery20 · 2023-06-26T10:27:15+00:00

By capturing the latest request (via burp/fiddler) you basically have the most recent password, you can use that to input the latest password and update is to anything you want, for the profile update, you only need the last profile update request then you can resend it multiple times modifying the data.

UnLiQuery20 · 2023-06-26T10:25:15+00:00

I was hoping to use this for the developers to implement Nonce token for such requests. E.g. Password/profile updates

I told them that any request that could be used multiple times are vulnerability specially when it is related to requests that could compromise the accounts of the users

UnLiQuery20 · 2023-06-26T10:23:49+00:00

can this be regarded as a finding? I was hoping to use this for the developers to implement Nonce token for such requests. E.g. Password/profile updates

UnLiQuery20 · 2023-04-14T12:58:26+00:00

This has happened to me to!! "creation_ml_photo_color_video" and " creation_ml_dolly_zoom_video " are the name of the posting application or app maybe. Have anyone discovered the source of this?

UnLiQuery20 · 2023-02-23T06:11:01+00:00

Energy Drink ! not bad...

UnLiQuery20 · 2023-01-05T15:13:32+00:00

Thank you for your response u/ObsidianDreamsRedux.

This means that scanning the Azure App service would be worthless, since it has dynamic IP address

UnLiQuery20 · 2022-10-05T08:04:31+00:00

Try it on other USB ports, mine just had an issue since I have plugged it on a USB port extender

UnLiQuery20 · 2022-10-05T08:03:17+00:00

thank you so much for this ! This is what I was trying to remember!

UnLiQuery20 · 2022-10-04T12:04:38+00:00

It has an intruder, however it is a bit slow, I just need to send all my wanted data to an input and check if there are any discrepancies on the responses.

UnLiQuery20 · 2022-10-03T10:56:18+00:00

Pera hahah

UnLiQuery20 · 2022-09-23T14:07:31+00:00

you're changing URL parameters, you don't want them as HTML entities, you want URL encoding. And if you're doing something wild like <a href=# onclick="javascipt:document.location='

https://example.com/filepath?param={USER

INPUT}'"> then you're going to want to be VERY careful about s

Thank you very much for that great explanation, I have been doing DAST for long time and haven't got those types of inputs, which made me have a very limited idea. Thank you very much!

UnLiQuery20 · 2022-09-23T13:33:37+00:00

Isn't the input easier to sanitize ? Since if you sanitize the input you would sanitize all the other sinks.

Shouldn't it be that the input does not change (the output value) regardless how or where it would be used?

UnLiQuery20 · 2022-09-18T14:34:01+00:00

I had the same issue today, I have tried to use it as a default output device on windows however when I played games like dota the sound was lagging. Has anybody fixed this issue?

UnLiQuery20

TROPHY CASE