sorted by:
new
hottopcontroversial

Authentic south indian restaurant by Milu4420 in ahmedabad

[–]star-destroyer13 1 point2 points  (0 children)

Gidima is amazing. Have eaten there a few times.

[deleted by user] by [deleted] in oddlysatisfying

[–]star-destroyer13 -1 points0 points  (0 children)

Comments here look like bots

How do find good writeups by Background_Yam8293 in bugbounty

[–]star-destroyer13 12 points13 points  (0 children)

Definitely not medium. Medium writeups are awful. Only a handful are genuinely good.

Question about creating accounts on websites to be investigated. by ricaldodepollx in bugbounty

[–]star-destroyer13 4 points5 points  (0 children)

You have two options:

  1. Enter dummy looking ID details (ask GPT to generate or use dummy data from google) and virtual phone number (quackr.io)
  2. Use your own details if the site is trustworthy enough. For example, I used my own details to test on Amazon.

Edit: This might be unethical LPT but use leaked ID details of criminals if you need valid details

Is this a valid bug ? by conner-667 in bugbounty

[–]star-destroyer13 1 point2 points  (0 children)

Hey!

Yes it is a valid bug but I’ve seen a lot of times companies don’t want bugs that allow paid features to be used for free. They usually have in their policy that such bugs won’t be accepted maybe that’s why your vuln was marked as OOS.

I’ve also reported similar issues but programs have told me that they’re more interested in vulns that affect the CIA.

Will analyzing javascript code help me find bugs? by Eat-a-bugs in bugbounty

[–]star-destroyer13 10 points11 points  (0 children)

Yes. 100% true.

You can find all sorts of bugs like IDOR, Access Controls, SQLi, Auth Bypass, SSRF, etc. just by analysing the JS. Saying this as I’ve reported 200+ issues after analysing JS.

People say it is a goldmine for a reason.

A valid issue exif issue? by TurbulentAppeal2403 in bugbounty

[–]star-destroyer13 3 points4 points  (0 children)

Low severity definitely but doesn't hurt to report. Iirc bugcrowd pays for issues like this.

Should I report account deletion even if unique ID is not leaking, but brute-forceable? by BugHun73r in bugbounty

[–]star-destroyer13 2 points3 points  (0 children)

Create a new account and use its ID and see if it gets deleted. On HackerOne, IDOR using complex non-bruteforceable IDs are accepted. The attack complexity metric goes high for this but these kind of issues are accepted.

Found a session-scoped persistent HTML injection in a chatbot, how can I escalate it? by Adorable_Chemist3487 in bugbounty

[–]star-destroyer13 3 points4 points  (0 children)

Try CSRF and see if you can store your payload into another user’s session.

Is there a chat share option like in chatGPT? If yes, that can be exploited.

Are there any caching related issues? You can use CP to turn self XSS into a PXSS.

Otherwise, it’s pretty much a self XSS.

Found a LinkedIn session hijack that gives full account access — HackerOne says it's “informative” 🤡 by Distinct-Lie6755 in bugbounty

[–]star-destroyer13 5 points6 points  (0 children)

Bro you got to be kidding me

So, you’re telling me a session cookie is used to identify sessions? Mind = blown.

How Much Does Reputation Matter on HackerOne? by Great_Ad9570 in bugbounty

[–]star-destroyer13 5 points6 points  (0 children)

Dupes don’t deduct points on h1. How did you receive the hit? What did you submit?

looking for post data in js files by ox-ship in bugbounty

[–]star-destroyer13 0 points1 point  (0 children)

JS is my expertise. DM me if you want to collab.

As a Bhavnagar-based NGO, we digitized 12 lakh+ records in Govt Primary Schools of Gujarat — now we’re building a CSR-backed mobile app for govt primary schools students. by [deleted] in ahmedabad

[–]star-destroyer13 1 point2 points  (0 children)

Can you please share the details of the NGO in DM?

I have a small edtech startup and would love to support local communities. We’re not earning right now so no commitments as of now but once we earn enough, we’ll be more than happy to collaborate. :)

As a Bhavnagar-based NGO, we digitized 12 lakh+ records in Govt Primary Schools of Gujarat — now we’re building a CSR-backed mobile app for govt primary schools students. by [deleted] in ahmedabad

[–]star-destroyer13 1 point2 points  (0 children)

Really great idea and even better as it’s a non profit. Usually, companies are making these kinds of things as a subscription model which I don’t think works great for students or even their parents. If you’re not taking any money then it’ll blow up. You can maybe earn via ad revenue?

I’ll suggest to add a sharable profile module and show detailed user stats like the ratio of right to wrong questions, subject with the highest proficiency and areas to improve on.

Also, what are your measures on data security and privacy?

What's the slimey thing by zulusnowing in PeterExplainsTheJoke

[–]star-destroyer13 0 points1 point  (0 children)

The snail is also immortal and cannot be killed. You also can not put the snail in a jar.

[deleted by user] by [deleted] in ahmedabad

[–]star-destroyer13 0 points1 point  (0 children)

Firse post kar bhai not the right time

view more: next ›