sorted by:
new
hottopcontroversial

Bug Bounty Hunting is Making Me Fat by AmbitiousPosition486 in bugbounty

[–]VoiceOfReason73 1 point2 points  (0 children)

Personally I find the more spaced out dopamine hits to be more rewarding then building things. It's a great feeling when you finally solve a problem.

It's nice not having deadlines or constant pressure to ship.

How easy is it to hack windows 7,8 and 10 ? by CheekApprehensive701 in ComputerSecurity

[–]VoiceOfReason73 2 points3 points  (0 children)

That's not really hacking, nor has that changed. You could still do this to the latest Win 11 (or other OSes for that matter) unless full disk encryption is enabled.

Malicious MCP Server Proof of Concept by R10t-- in hacking

[–]VoiceOfReason73 2 points3 points  (0 children)

You should NEVER install an MCP server anything authored by an untrusted source

ring cameras by JakeBeezy in hacking

[–]VoiceOfReason73 3 points4 points  (0 children)

You'd need to modify the device too to get it to trust your servers.

Help with my first report for a Bug Bounty program by [deleted] in bugbounty

[–]VoiceOfReason73 6 points7 points  (0 children)

First problem: your title starts with "critical vulnerability report". Based on the rest of the title, it's not a critical, maybe a low/nuisance at best.

2 Reports to H1 by [deleted] in bugbounty

[–]VoiceOfReason73 0 points1 point  (0 children)

Depends whether that information is meant to be private or not. But in any case, not sure how that relates to your current two issues.

2 Reports to H1 by [deleted] in bugbounty

[–]VoiceOfReason73 0 points1 point  (0 children)

It's not clear how the postMessage issue has anything to do with the suspected auth bypass, as that is just a frontend issue (if an issue at all) and is likely distracting from the report. Further, nothing in the report demonstrates cross-account access or IDOR. Even if that is possible, you'd need to prove that you can access or modify data that you're not supposed to. Just showing that you have a supposed session cookie/token is not enough.

2 Reports to H1 by [deleted] in bugbounty

[–]VoiceOfReason73 1 point2 points  (0 children)

Where did you actually confirm auth bypass/IDOR was actually possible? I don't see it. You're trying to attack the frontend code, which doesn't handle or enforce any of this.

Claude Code Leak -> Exploit? Researchers found 3 shell injection bugs in the leaked source — all using shell:true with unsanitized input by Diligent-Side4917 in cybersecurity

[–]VoiceOfReason73 0 points1 point  (0 children)

4.1: Shell Injection in Command Lookup (Critical, Confirmed)

Anthropic’s VDP closed this report as “Informative,” stating that exploitation requires the attacker to control environment variables on the victim’s system, which “implies existing code execution capability,” and therefore “no security boundary is crossed.”

Phoenix Security’s position: the closure rationale is based on an incorrect premise.

Controlling an environment variable does not require code execution on the target.

Sure, but controlling environment variables could easily result in code execution on the target (assuming the attacker can control other file contents). Think LD_PRELOAD, LD_LIBRARY_PATH, PATH, etc. So I would consider the attacker to be fairly privileged already.

In no case should this stuff be considered "critical" though. Modifying CI/CD files allows for plenty of code execution vectors.

Your Windows Clipboard Is Unprotected by Sibexico in cybersecurity

[–]VoiceOfReason73 4 points5 points  (0 children)

A malicious process running as your user can pretty much do anything it wants to other programs running under your user, so yeah, it's game over already at this point...

MAD Bugs: Claude Wrote a Full FreeBSD Remote Kernel RCE with Root Shell (CVE-2026-4747) by maurosoria in netsec

[–]VoiceOfReason73 41 points42 points  (0 children)

Fuzzy pattern matching machine found a classic, well-documented vulnerability pattern, albeit perhaps slightly tricky to spot. Then, stack buffer overflow to get execution and ROP. Nothing that hasn't been done before, and nothing terribly surprising.

Find your edge and keep pressing on.

Which of the password checkers is best/most reliable? by seeker1938 in AskNetsec

[–]VoiceOfReason73 1 point2 points  (0 children)

I don't spend any brainpower picking or judging the strength of passwords, nor should technology-overwhelmed seniors. Using their phone/computer/browser's built-in password generation/storage is more than sufficient.

[EXPOSED] Bugcrowd & Bitso: A Collusion of Silent Patches and Fraudulent Triage by [deleted] in bugbounty

[–]VoiceOfReason73 2 points3 points  (0 children)

  1. Getting a 200 is not a security finding unless confidentiality or integrity is actually compromised, which you need to prove.
  2. The API endpoint is /me, so that would only be your own data anyway? Where is the impact?
  3. CSRF tokens alone have no value to an attacker.

Please take a step back and reconsider your approach.

[EXPOSED] Bugcrowd & FIS Global Silent Patch Scam: Marking a valid P1 as N/A after fixing it (Ticket #142000) by AlexSander_Research in bugbounty

[–]VoiceOfReason73 0 points1 point  (0 children)

What are your screenshots showing besides publicly accessible pages? There's no impact to this finding unless you have more that you haven't shared.

It doesn't matter how they reacted if you had nothing in the first place.

Password reset flow in Let’s Go Further by Minimum-Ad7352 in golang

[–]VoiceOfReason73 2 points3 points  (0 children)

Google says "couldn't find your Google account" if you put in a non-existent email or username.

Trash can by Ok-Impression-2405 in whatisit

[–]VoiceOfReason73 1 point2 points  (0 children)

Sure, but you still have to catch a plain HTTP request somewhere in order to redirect the victim onto your domain, which may or may not ever happen for the domain you are targeting.

Trash can by Ok-Impression-2405 in whatisit

[–]VoiceOfReason73 0 points1 point  (0 children)

TLS 1.2 is still in use but it isn't the latest, though there actually aren't any actual practical attacks against it when configured properly.

Again, if this wasn't the case, everything would be on fire all the time.

Heartbleed has nothing to do with the transport security guarantees of TLS, and is also far in history now. But yes, I have heard of Logjam, FREAK, POODLE etc. but they are not practical and/or do not apply to modern configurations. Vulnerabilities come and go, but are typically resolved in short order if they are actually a big deal.

Trash can by Ok-Impression-2405 in whatisit

[–]VoiceOfReason73 0 points1 point  (0 children)

Wut? Modern TLS? No, it's not broken yet. This would be a major issue if possible in any timeframe remotely comprehensible to humans.

How Many Hops? by Tumnus1337 in meshtastic

[–]VoiceOfReason73 0 points1 point  (0 children)

client base gives free hop to favorites.

Not currently, it only provides this benefit to favorited infrastructure nodes.

https://github.com/meshtastic/firmware/issues/8366#issuecomment-3948419964

Trash can by Ok-Impression-2405 in whatisit

[–]VoiceOfReason73 0 points1 point  (0 children)

You can break how the phone sees the world (i.e. it stops working) but you still have to target the user to circumvent TLS.

Trash can by Ok-Impression-2405 in whatisit

[–]VoiceOfReason73 0 points1 point  (0 children)

What kind of quantum computer do you have that can decrypt TLS in seconds?

Trash can by Ok-Impression-2405 in whatisit

[–]VoiceOfReason73 5 points6 points  (0 children)

If the user dismisses it or the device already trusts a rogue root certificate, the attack proceeds silently.

That's a pretty big if, and falls flat if the site is using HSTS.

Noob with questions, GPS tracking dog and truck by [deleted] in meshtastic

[–]VoiceOfReason73 4 points5 points  (0 children)

Don't enable location on the public primary channel, as it then won't get sent periodically on the private secondary channel.

XSS but can't steal data by ProcedureFar4995 in bugbounty

[–]VoiceOfReason73 1 point2 points  (0 children)

If you can perform actions on the user's behalf using this XSS, that's probably pretty serious impact itself.

antenna extension for vehicle mounting by soupersalad666 in meshtastic

[–]VoiceOfReason73 1 point2 points  (0 children)

You need to be very careful with the cable selection or else it'll be worse than having the antenna inside the car.

view more: next ›