1. With an XSS you only need to show an alert on document.domain and you are good to go. If they have turned down the second report, is because they have misread your report most of the time. What platform is btw? Because I would suggest to go through mediation

  2. Often, you have to PoC and execute other action for an XSS to increase your impact and your bunty.

  3. Only if you have to demonstrate an ATO where the HttpOnly flag is not set. But in this case most of the time the severity it's still rated as Medium, it depends on the platform.

  4. I use to think like you when I started a year and a half ago. I'm a software engineer who liked security and like you I was into thm, htb and some other kind of ctf.

  5. How much time do you spend per day/week/month on average to get that kind of money?

  6. It's not so easy to say because being my side job, I put it all the time I can but only when I can. But what can I say for sure, is that bb it's not only technical skills. It's also getting a sense of what and when to search, tapping new programs, be able to polite disagree with triagers and program manager, I mean, there is a lot of soft skills involved.

  7. In that case, you are bypassing content restrictions and that should be enough. Show them you can put Pornhub on it.

  8. Impact: spam, best case scenario they close it as informative

  9. I always thought the Donna idea was about music and payments... So something related to Napster o some older version of Spotify... But it's intended to be blurred, so we can only guess

  10. Ti consiglierei "Lontano dal pianeta silenzioso" di C.S Lewis. È scritto nel 1938 quindi devi un po' contestualizzarlo all'epoca, ma offre degli spunti davvero interessanti. Anche Perelandra e Quell'orribile forza, i due libri che completano la trilogia sono molto belli, ma c'è meno azione.

  11. I think the OP referred to Kindle as exemplification of an ereader, it's not about which one, but paperback vs ereader. And I actually agree. I would also add that Kindle helped me to read more. That's because I use the Kindle app on my phone, and that's a good alternative to start randomly scrolling when you have only the phone with you and some minutes to spend

  12. The telegram bot still looks to be working

  13. It's valid, but it doesn't mean it would be accepted by bb platforms. As far as I know, intigriti has it between his standard OOS vuln, like self XSS and so on. Also H1 normally set as NA on managed programs.

  14. I've started at 37, after a full decade of been a full stack software engineer. Do your math ;)

  15. Beautiful! The only problem at the end of the day with a setup like that, is that I would read no more than 2 pages and then I'm already dreaming

  16. Same issue, also tried a Server from my own country, but nothing

  17. It’s very good!! Very different from the others though, but very good!

  18. Perelandra looks to me a little "still", too many dialogues compared to the first one. What are your thought about that?

  19. Yeah, I think I know what you mean. It was hard for me to get through. I really encourage you to push through it though because That Hideous Strength is so good and exciting!

  20. I'll do it for sure, almost finished the second one!

  21. You are addressing a huge topic because it's the methodology behind almost every vulnerability, but basically it's all about the response.

  22. The new update broke the thing. As it's mentioned by other users, if you physically upload the book via USB, it is fixed by Calibre itself. If you are attempting to upload it via email, you should know that Amazon suggests uploading it as EPUB, but the cover got lost in the conversion. (It's important to consider that Kindle doesn't support epub, so basically it converts to azw3 format when you send it via email).

  23. https://book.hacktricks.xyz/welcome/readme

  24. Try to find UUID from waybackurl or GAU tool✌️

  25. Exactly! The best way to find it is to fire gau and see if the UUID is leaking somewhere. Also check other endpoints, it has happened to me that it was a UUID, but there was another endpoint which showed the profile image of other users and the UUID was there.

  26. I was just checking this other news about that:

Leave a Reply

Your email address will not be published. Required fields are marked *

News Reporter