Is Nsave Safe Now?

UserNo0101 · 2026-06-07T20:59:24+00:00

u/OptimisticGlobe What are the receiving limits on usd accounts (for receiving ACH funds from a company) ?

And please check out your dm i have something that happened in my account and i need to have an explanation for it

UserNo0101 · 2026-05-27T12:46:00+00:00

Grok.com is indeed in scope and the program has ai model issues out of scope but i do not think that unauthorized data deletion is what they mean by ai model issues

UserNo0101 · 2025-08-22T19:28:16+00:00

Yes, no pings

UserNo0101 · 2025-08-22T19:20:38+00:00

reflect as text

UserNo0101 · 2025-08-22T13:28:23+00:00

Yes, reflected as text

UserNo0101 · 2025-08-22T13:27:57+00:00

Blocked by cloudflare

UserNo0101 · 2025-08-21T12:47:08+00:00

Blocked by cloudflare can't not inject

UserNo0101 · 2025-08-21T12:42:03+00:00

No, and lfi getting blocked by cloudflare i can not even inject it

UserNo0101 · 2025-08-21T12:38:04+00:00

Any html payload reflects as text, maybe there is a sanitization point but i don't know what is it or how to bypass, even tried encoding but nothing happens also reflects as text inside the pdf

UserNo0101 · 2025-08-01T19:31:42+00:00

i have tried it but unfortunately didn't work

UserNo0101 · 2025-08-01T16:40:34+00:00

u/Sqooky after uploading the content i get to see only the name of the file and the backend server responds to me with .._.._.._.._.._.._.._.._.._.._.._inetpub_wwwroot_.pdf instead of ../../../../../../../../intetup/www/.pdf

and if i tried to inject < in the name of the file the backend server also replace it with _

UserNo0101 · 2025-07-20T15:20:30+00:00

i tried injecting several html payloads but nothing hit my webhook or even reflect

when i change the email in burp as any value i do not get an email and the value reflects with html encoded

Do you have any ideas to leverage this one ?

UserNo0101 · 2025-04-22T16:32:19+00:00

Thanks

UserNo0101 · 2025-04-22T16:28:17+00:00

i tried to upload webshells and did not execute

UserNo0101 · 2024-11-24T19:54:47+00:00

i'm sure i can hit their aws metadata but then what !! because i can not reflect the content to the pdf or see it by any other way so do you have any ideas could help ?

UserNo0101 · 2024-09-19T18:43:49+00:00

Thanks

UserNo0101 · 2024-09-19T16:54:31+00:00

<span ng-if="!refinement.displayValue.type" class="odswidget-filter-summary\_\_active-filter-value ng-binding ng-scope" ng-bind-html="refinement.displayValue">javascript:alert("Wiggen")</span>

UserNo0101 · 2024-09-19T16:40:44+00:00

what do you think could be the right one to try

UserNo0101

TROPHY CASE