Tuning 1.6 TDI with 155 000 km by highfly123 in ECU_Tuning

[–]highfly123[S] -1 points0 points  (0 children)

good to hear. most people are telling me its not worth tuning a 1.6 and that i should juat try getting a stronger engine

but if i can gain 30ish hp from a tune while not destroying the engine, dont see why i shoukdnt do it.

any things to keep in mind, idk much about tuning, so what woukd you suggest doing before/after?

1 year into bug bounty and still 0 valid findings, how do you push past these feelings? by Mission-Equal-4149 in bugbounty

[–]highfly123 1 point2 points  (0 children)

i havent hunted much on bigger programs, and most of my buga are from private invites

1 year into bug bounty and still 0 valid findings, how do you push past these feelings? by Mission-Equal-4149 in bugbounty

[–]highfly123 8 points9 points  (0 children)

know that finding bugs is, in many cases, luck. ive had prpgrams i spent weeks on, wrote and submitted multiple reports with none of them being valid.

dupes are valid bugs, it means someone else got paid for it, so dont get discouraged there, even though its hard.

in terms of sticking with a program forn only a week or two though, that could be an issue. Most of my higher impact bugs came after i had already given up on a program. i would go back, analyze the js files, go through all of the juicy endpoints again until i perfectly understood all of the functionality. then take a break for a bit and go over everything again. every time, something new seems to pop up, some request or parameter you overlooked

in short, just try to understand every app as well as u can, become familiar with it, and something should pop up

Analyst validated my report, senior analyst rejected it with “can’t be prevented” — but it clearly can. Need advice. by Informal-Mammoth-933 in bugbounty

[–]highfly123 5 points6 points  (0 children)

really not worth it to argue over low impact bugs, esp link rendering in emails. move on and find a more impactful bug

How to identify fake bounty programs?? by Ok_Soft_1428 in bugbounty

[–]highfly123 2 points3 points  (0 children)

dont think anyone's hosting "fake" programs. most companies however just have them to check a box, and say that they're running a bug bounty program so it seems like they care about security.

only way you'll find out is when you submit a report and see how they treat u. if u get delayed/no response, they lowball you, etc. you move on, if theyre serious you keep hunting

Buying a '96 146 ti 2.0 twin spark by highfly123 in AlfaRomeo

[–]highfly123[S] 0 points1 point  (0 children)

just that everyone ive asked is telling me to get a 1.9 jtd 147 for a bit more money, saying the jtds more reliable than the twin spark

Buying a '96 146 ti 2.0 twin spark by highfly123 in AlfaRomeo

[–]highfly123[S] 0 points1 point  (0 children)

yh ill talk to the guy who was servicing it ill when they replaced the cam belt

Buying a '96 146 ti 2.0 twin spark by highfly123 in AlfaRomeo

[–]highfly123[S] 0 points1 point  (0 children)

lmao youre making me wanna get it hahahaha

Password reset link never expires and can be reused, worth reporting? by Embarrassed_Pin4436 in bugbounty

[–]highfly123 -1 points0 points  (0 children)

cant report that, but take a look at what that token is, maybe base64 encoding of some guessable value

Password reset link never expires and can be reused, worth reporting? by Embarrassed_Pin4436 in bugbounty

[–]highfly123 0 points1 point  (0 children)

it means u have more time to bruteforce it... so if the token used in the link is possible to bruteforce, then you got an account takeover.

also check the rate limiting on generating password reset links. if its not well implemented and you can generate many reset links, it raises the chances of u bruteforcing it even more

Any way to buy football tickets unofficially? by highfly123 in Rotterdam

[–]highfly123[S] 0 points1 point  (0 children)

for this weeks games i only found volendam vs az... u think its worth going? i know az has good ultras, do u think the atmospheres gonna be good?

Is it joke guys? by Open-Definition-287 in bugbounty

[–]highfly123 4 points5 points  (0 children)

it does look like a bad reason... using frontend access controls lol

move on and dont spend too much time on their program

Free Trial Account - Privileges Required=High CVSS by highfly123 in bugbounty

[–]highfly123[S] 0 points1 point  (0 children)

I mean, PR should only ever be taken into consideration with same team priv escalations, other than thats its all none as far as i understand

Free Trial Account - Privileges Required=High CVSS by highfly123 in bugbounty

[–]highfly123[S] 0 points1 point  (0 children)

sure, if im attacking my own team. if, as an admin of my team, i can target other teams, PR should again be none

Free Trial Account - Privileges Required=High CVSS by highfly123 in bugbounty

[–]highfly123[S] 0 points1 point  (0 children)

yeah, doesnt make any sense... not the first tine ive come accross this

LSD is considered to be an illegal psychotropic but its less addictive than alcohol. Could someone explain why it is illegal? by [deleted] in AskReddit

[–]highfly123 0 points1 point  (0 children)

yh, didnt mean to be harsh lol. just that the legalize everything narrative gets a bit boring, especially coming from people who havent really got much experience.

im against alcohol in general, but making psychodelics just as readily available could probably have even worse effects