While the time in bug bounty has been fun, I think it's time to re-evaluate my opportunities a bit. I enjoy finding critical vulnerabilities in websites but really I'll attack anything you got. H1 profile in my bio as a resume if your org could use a test or full timer.
Let's talk manual testing for IDORs. I have pasted a payload from a redacted T-Mobile API below. It does not have a bug (that I am aware of) on it, I want to use this for educational purposes because its a great teaching opportunity. A: This is a URI path parameter representing…
Bro is solo carrying Bug Bounty twitter rn
Classic IDOR, but lets talk SSRF: /pdfEngine/v2/prepaidStatement?consNo={consumer}&month=April&year=2025 One of the things I've been seeing more (not less) of, is developers passing parameter values like this {consumer} into back end paths. So lets assume this, on the back…
Just had a crit downgraded and paid out as high due to the employee "accidentally" triggering the blind xss payload. Idk about y'all but generally speaking employees don't purposely go around triggering XSS payloads so I'm not sure what that has to do with anything.
Man do some fuck shit bingo bango bongo bish bash bosh
Doth all the critical vulns be fixed but doth all the bounties be unpaid
i’ve started rejecting all cookies instead of accepting them. idek what it means but i’ve had enough
United States Trends
- 1. #SmackDown 23.5K posts
- 2. Caleb Wilson 2,762 posts
- 3. Lash Legend 2,012 posts
- 4. #TheLastDriveIn N/A
- 5. #OPLive N/A
- 6. Darryn Peterson 1,790 posts
- 7. Kansas 22.5K posts
- 8. Nia Jax 1,888 posts
- 9. Georgetown 3,024 posts
- 10. Tiller 4,103 posts
- 11. Reed Sheppard N/A
- 12. Giulia 7,191 posts
- 13. Dizzy 12.2K posts
- 14. #MutantFam N/A
- 15. Vesia 6,158 posts
- 16. Tar Heels N/A
- 17. #kubball N/A
- 18. End of 1st 1,830 posts
- 19. Bill Self N/A
- 20. Oakland 3,273 posts
Something went wrong.
Something went wrong.