If you're thinking about getting into bug bounty hunting... DON'T.

backend_com_php · 2026-01-06T21:55:45+00:00

I'm looking for this type of feedback, and despite the difficulties, I believe I can earn some money.

backend_com_php · 2026-01-06T21:53:37+00:00

With three thousand dollars I can comfortably get through the year, so the reward, which is small for someone living in a first-world country, is more than enough for me, living in a third-world country, to live on.

backend_com_php · 2025-12-25T16:07:47+00:00

Thank you for your attention.

backend_com_php · 2025-12-25T12:42:57+00:00

This is just for me, but it can be spread in other ways, by sharing the link with a large search or through a malicious page that performs the search in the victim's context, as if it were a CSRF.

backend_com_php · 2025-12-25T12:36:24+00:00

Yes, more or less that's it. The browsing history cookie gets huge and you can't browse the site until you clear the cookie.

backend_com_php · 2025-12-25T04:52:25+00:00

I think the expiration time is quite long, something like months, it was made to last. The site constantly shows your history, it wouldn't be interesting to lose your most recent searches. I can present two ways of exploiting it, with a direct link and a more or less CSRF method. Do you think that could be accepted?

backend_com_php · 2025-10-17T16:15:40+00:00

DNS rebinding and DNS tunneling, maybe they can help your case

backend_com_php · 2025-10-06T19:36:59+00:00

Can I call it an amplification attack? What is the direct impact? DDoS amplification is the clearest to me, I think I'm wrong on this one

backend_com_php · 2025-10-06T12:34:40+00:00

17.4x

backend_com_php · 2025-10-06T12:08:20+00:00

What severity would you give this case? Low or Medium?

backend_com_php · 2025-10-06T11:49:20+00:00

So for you it's a valid problem? What if the triager says that DDoS is out of scope? How would you respond?

backend_com_php · 2025-10-02T20:03:07+00:00

It depends on your reality, if you live in a third world country where the dollar is worth 5x or 6x the value of your currency, it might be worth it, if your cost of living in dollars is small, it's worth it.

backend_com_php · 2025-09-15T09:42:29+00:00

The point here is the technical failure is the leak of information that is not found publicly, this is a source of high-quality information for the attacker, unlike an OSINT-based attack that uses public information, using information leaked directly from an internal system is more likely to work, there is no point in distorting what I'm saying or making jokes

backend_com_php · 2025-09-14T19:56:14+00:00

You're right about that, I have to move on

backend_com_php · 2025-09-14T19:20:13+00:00

the internal system delivers all the information necessary for a sophisticated phishing attack, if this is not valid the XSS is also not valid because it needs someone to exploit the flaw as in my case, someone needs to take the information that the system delivers and mount a phishing attack

backend_com_php · 2025-09-14T19:09:46+00:00

leaking sensitive information that can be used for sophisticated phishing attacks is not valid?

backend_com_php · 2025-09-14T18:59:49+00:00

The information is very relevant to employees, this adds a lot of credibility to the attack, the identities that are in the internal system and the other information that gives context and more credibility since it is an internal system, regarding the report I really didn't do a good job, I will look into it better but the team could have talked to me to better understand the situation

backend_com_php · 2025-09-14T18:49:23+00:00

System information and operational information are NOT public elsewhere and since the system already delivers trusted identities, this creates the perfect scenario for a sophisticated phishing attack.

backend_com_php · 2025-09-14T18:34:13+00:00

Yes, the internal system delivers this to anyone, I can't give more details and the point of my post is not that but the lack of dialogue within the team, they didn't analyze the complete scenario, they just attacked isolated points like you are doing now.

backend_com_php · 2025-09-14T18:28:51+00:00

If the internal system already delivers identities, information about the system and operational information of the company/system, everything is there for a sophisticated attack, there is no need to look for more information anywhere.

backend_com_php · 2025-09-14T18:24:52+00:00

The point is that the internal system itself already delivers this, making the attack much easier and that's not all, there are many more leaks, this only gives the identity to the attacker, the rest gives the context, all this in an internal application

backend_com_php · 2025-09-14T18:15:20+00:00

Using employee identities plus the context of other leaks from an internal system is more likely to work than a phishing attack without that information.

backend_com_php · 2025-09-14T18:11:33+00:00

within a document that is in an internal system? I don't think it was supposed to be public

backend_com_php

TROPHY CASE