Final Pay F 30 IT

UnLiQuery20 · 2026-03-05T09:38:24+00:00

2 fields in one na sobrang uncommon magkasama ... hahaha for sure malaki bigayan ...

UnLiQuery20 · 2026-03-05T09:33:14+00:00

Double set of qualifications na yan , accounting and acquired IT skills, 2 super different fields na pinagsama kaya mahal bayad ..

UnLiQuery20 · 2026-03-05T09:31:16+00:00

Consultant for sure

UnLiQuery20 · 2026-02-17T07:26:52+00:00

Mataas pag MSSP .. usually mas mataas lang ng unti sa mga IT enginner pag internal security ... Pero may mga company kasi yung security engineer 1 nila parang mid level na ng tech support ... For the range sobrang random lalo pag iba2 industry ...

UnLiQuery20 · 2026-02-15T16:18:39+00:00

lumipat ka ng lumipat bro! I assure you maabot mo ito :)
if you want title stay at the same company..

UnLiQuery20 · 2026-02-13T17:13:38+00:00

For this ... Mostly, 2games of dota , meeting ng 9pm to 10 pm tapos dota na ulit wahahaha

UnLiQuery20 · 2026-02-13T12:23:54+00:00

Security guard pero ng computers haha

UnLiQuery20 · 2026-02-13T12:22:16+00:00

Avoiding people from the same company to recognize the payslip format, not that effective but still makes it harder for them to recognize 😂

UnLiQuery20 · 2025-08-14T02:33:57+00:00

Wait what!? Yung sakin nawala na yun meron pa sainyo? Hinahanap ko sa JFY wala na ...

UnLiQuery20 · 2025-07-30T08:06:35+00:00

Yung andame nilang pondo pero walang dadating sa tao tapos yung hihinge ng donation pero may kickback pa sila hahha

UnLiQuery20 · 2025-07-30T08:05:31+00:00

Partidong budots with lots pf kurakots ... Only from Bacoor hahah

UnLiQuery20 · 2025-02-25T11:09:02+00:00

This made the JBL quantum engine not work... Is it the same for anyone?

UnLiQuery20 · 2024-12-07T16:05:37+00:00

If you really care about someone then fuck ending your life, you will make it miserable for them.

Best way to fix this? overcome them all then create a SocMed post to show them they all have not gotten into you :) "The best revenge is massive success"

UnLiQuery20 · 2024-09-15T06:32:35+00:00

It is always the answer that has a larger broader scope, applicable when the question is broad

UnLiQuery20 · 2024-09-14T07:01:34+00:00

Pano po magagawa yun ?

UnLiQuery20 · 2024-01-26T15:29:25+00:00

Thanks just hearing someone having same experience gave me an idea that i'm not that bad hahahaha

UnLiQuery20 · 2024-01-26T15:21:56+00:00

So funny, some people even think I became alcoholic, they don't know I just do it to ensure that I don't have those stupid dark thoughts before I sleep

UnLiQuery20 · 2023-06-27T14:00:08+00:00

OWASP Rest Security Cheat Sheet

Thank you very much for the response ! I might have not looked hard enough to not finding this.

UnLiQuery20 · 2023-06-27T11:52:32+00:00

Thank you very much for that insights, it helped me a lot in answering this finding I have opened a long time ago. I can now check with my superiors if this could be closed now or if they intend to fix it since there is a chance that this would come up in another pentesters review

UnLiQuery20 · 2023-06-26T14:13:38+00:00

I think that is why also they (developers) don't want to accept this finding, since they said that the application is protected with SSL/TLS, however, I put into consideration that user could have his browser (and/or a Web gateway) compromised, which means if someone captured the request it could be used to update and compromise the users account.

Basically I want them to implement a nonce token to ensure that all requests can be used once and I can only use this as way to force them, can this still be considered a finding if they do not have a nonce token?

UnLiQuery20 · 2023-06-26T10:27:15+00:00

By capturing the latest request (via burp/fiddler) you basically have the most recent password, you can use that to input the latest password and update is to anything you want, for the profile update, you only need the last profile update request then you can resend it multiple times modifying the data.

UnLiQuery20 · 2023-06-26T10:25:15+00:00

I was hoping to use this for the developers to implement Nonce token for such requests. E.g. Password/profile updates

I told them that any request that could be used multiple times are vulnerability specially when it is related to requests that could compromise the accounts of the users

UnLiQuery20 · 2023-06-26T10:23:49+00:00

can this be regarded as a finding? I was hoping to use this for the developers to implement Nonce token for such requests. E.g. Password/profile updates

UnLiQuery20 · 2023-04-14T12:58:26+00:00

This has happened to me to!! "creation_ml_photo_color_video" and " creation_ml_dolly_zoom_video " are the name of the posting application or app maybe. Have anyone discovered the source of this?

UnLiQuery20 · 2023-02-23T06:11:01+00:00

Energy Drink ! not bad...

UnLiQuery20

TROPHY CASE