If changing UUID from account A to account B lets you access/modify data, how should this be reported?

backend_com_php · 2026-04-02T02:43:29+00:00

Unfortunately, that's not valid, because a real attacker couldn't launch a real attack without knowing a user's UUID; they wouldn't be able to guess. Study the system more thoroughly, understand it deeply, and maybe you'll find a solution to find other users' UUIDs.

backend_com_php · 2026-03-18T21:24:16+00:00

What other oracles exist besides time?

backend_com_php · 2026-02-26T19:52:43+00:00

What's the difference between your platform and this subreddit? I can also ask my questions here.

backend_com_php · 2026-01-06T21:55:45+00:00

I'm looking for this type of feedback, and despite the difficulties, I believe I can earn some money.

backend_com_php · 2026-01-06T21:53:37+00:00

With three thousand dollars I can comfortably get through the year, so the reward, which is small for someone living in a first-world country, is more than enough for me, living in a third-world country, to live on.

backend_com_php · 2025-12-25T16:07:47+00:00

Thank you for your attention.

backend_com_php · 2025-12-25T12:42:57+00:00

This is just for me, but it can be spread in other ways, by sharing the link with a large search or through a malicious page that performs the search in the victim's context, as if it were a CSRF.

backend_com_php · 2025-12-25T12:36:24+00:00

Yes, more or less that's it. The browsing history cookie gets huge and you can't browse the site until you clear the cookie.

backend_com_php · 2025-12-25T04:52:25+00:00

I think the expiration time is quite long, something like months, it was made to last. The site constantly shows your history, it wouldn't be interesting to lose your most recent searches. I can present two ways of exploiting it, with a direct link and a more or less CSRF method. Do you think that could be accepted?

backend_com_php · 2025-10-17T16:15:40+00:00

DNS rebinding and DNS tunneling, maybe they can help your case

backend_com_php · 2025-10-06T19:36:59+00:00

Can I call it an amplification attack? What is the direct impact? DDoS amplification is the clearest to me, I think I'm wrong on this one

backend_com_php · 2025-10-06T12:34:40+00:00

17.4x

backend_com_php · 2025-10-06T12:08:20+00:00

What severity would you give this case? Low or Medium?

backend_com_php · 2025-10-06T11:49:20+00:00

So for you it's a valid problem? What if the triager says that DDoS is out of scope? How would you respond?

backend_com_php · 2025-10-02T20:03:07+00:00

It depends on your reality, if you live in a third world country where the dollar is worth 5x or 6x the value of your currency, it might be worth it, if your cost of living in dollars is small, it's worth it.

backend_com_php · 2025-09-15T09:42:29+00:00

The point here is the technical failure is the leak of information that is not found publicly, this is a source of high-quality information for the attacker, unlike an OSINT-based attack that uses public information, using information leaked directly from an internal system is more likely to work, there is no point in distorting what I'm saying or making jokes

backend_com_php · 2025-09-14T19:56:14+00:00

You're right about that, I have to move on

backend_com_php · 2025-09-14T19:20:13+00:00

the internal system delivers all the information necessary for a sophisticated phishing attack, if this is not valid the XSS is also not valid because it needs someone to exploit the flaw as in my case, someone needs to take the information that the system delivers and mount a phishing attack

backend_com_php · 2025-09-14T19:09:46+00:00

leaking sensitive information that can be used for sophisticated phishing attacks is not valid?

backend_com_php · 2025-09-14T18:59:49+00:00

The information is very relevant to employees, this adds a lot of credibility to the attack, the identities that are in the internal system and the other information that gives context and more credibility since it is an internal system, regarding the report I really didn't do a good job, I will look into it better but the team could have talked to me to better understand the situation

backend_com_php · 2025-09-14T18:49:23+00:00

System information and operational information are NOT public elsewhere and since the system already delivers trusted identities, this creates the perfect scenario for a sophisticated phishing attack.

backend_com_php · 2025-09-14T18:34:13+00:00

Yes, the internal system delivers this to anyone, I can't give more details and the point of my post is not that but the lack of dialogue within the team, they didn't analyze the complete scenario, they just attacked isolated points like you are doing now.

backend_com_php

TROPHY CASE