Bug Bounty Latest Topics

rstforums vulnerabil iarasi

Fri, 26 Sep 2025 03:08:48 +0000

https://rstforums.com/?|{___/{../
https://rstforums.com/?.{}__/../+1-2

vedeti mai baieti ca trebuie schimbata tema. va zic ceva dar sa nu va suparati. din informatiile mele is niste probleme cu db. cineva a vandut baza de date. nu stiu daca nu e proces pe rol sa va inchida. aveti multi dusmani. sifonari diicot mai oameni.

rstforums path traversal & remote command execution

Thu, 25 Sep 2025 06:55:17 +0000

https://rstforums.com/forum/?|{___/{../

nu stiu ce e cu tema, puteti sa ma injurati dar eu va zic sincer ca cineva a vandut baza de date din informatiile mele. nu e bine.

arhi - zoso si cyberfolks pwned

Tue, 12 Aug 2025 16:46:40 +0000

https://arhiblog.ro/a-murit-ion-iliescu/?ID?+1+2___/|../|

https://zoso.ro/best-posts/?ID___/../

https://cyberfolks.ro/hosting-pentru-e-commerce/?ID___/|../|

ro [dot] stripchat [.] com

Wed, 02 Jul 2025 11:03:59 +0000

https://ro.stripchat.com/|/+-*___/

Nu filtreaza, e 404 e ok, e path traversal ca mai mult nu pot scoate.

Am intrat pe site-ul festivalului... si site-ul m-a invitat în back(END)stage

Thu, 03 Apr 2025 14:14:20 +0000

Le-am trimis un heads-up organizatorilor—sper să repare bug-urile înainte să devină cap de afiș .

Note: Ei au spus ca au rezolvat...eu zic ca nu , din acest motiv o sa cenzurez anumite lucruri.

kavspersky path traversal & remote command execution

Wed, 02 Apr 2025 11:44:13 +0000

Au fost postate 4 bug-uri in Kavspersky.Rezolvat!

yahoo mail path transveral & rce

Mon, 10 Feb 2025 10:59:51 +0000

https://mail.yahoo.com/d/folders/1?reason=../___/+1+2

donte for more !

15xxNpfQEEa7G8ypzFVS681xGkKzJRmaJE

https://dnsc.ro

Tue, 04 Feb 2025 08:13:29 +0000

https://dnsc.ro/contact?=___/|../++

for red bull

15xxNpfQEEa7G8ypzFVS681xGkKzJRmaJE

netbet [dot] ro

Sun, 02 Feb 2025 03:14:06 +0000

https://ajutor.netbet.ro/hc/ro-ro/?=){../]{___/

eu ce sa le fac daca au interzis siteurile straine de betting.e monopol..

donate for hell 15xxNpfQEEa7G8ypzFVS681xGkKzJRmaJE

sie . ro

Sun, 02 Feb 2025 03:05:58 +0000

deja filtreaza...

donate for beer.

3GGpsTMZ9j2Ua8L5Y3TZESeHagR3RoNSCA

https://edition.cnn.com

Sun, 02 Feb 2025 02:56:16 +0000

https://edition.cnn.com/?./../___/1+2+3

donate for red bull here

15xxNpfQEEa7G8ypzFVS681xGkKzJRmaJE

betano pwned

Sun, 02 Feb 2025 01:47:57 +0000

https://ro.betano.com/?.+-0../___/

https://ro.betano.com/?=___/|../++

ce sa fac daca intorc pariurile si te fac de bani.nu is pe hackerone ori bugcrowd sa descriu ca e 3 dimineata, dar las un link de donate daca mai vreti si alte bug-uri, in alte siteuri.

btc

15xxNpfQEEa7G8ypzFVS681xGkKzJRmaJE

niste jegosi de la bugcrowd

Wed, 29 Jan 2025 12:57:40 +0000

mi au respins prima data 3 bug-uri ca is false pozitive si apoi le au patchuit.

link scos banuti buni !

asta e cadou.eu nu mai am sqlmap, metaspolit.dar e sqli, e lfi, e shell.

MSRC - 2023 Most Valuable Security Researchers

Tue, 08 Aug 2023 20:09:20 +0000

Blog: https://msrc.microsoft.com/blog/2023/08/congratulations-to-the-msrc-2023-most-valuable-security-researchers/

Quote

Our 2023 Top 100 MVRs will receive an MSRC swag box and digital badges to share their accomplishments on social media and professional portfolios. Researchers will be receiving an email from msrcmvr@microsoft.com in the coming month to claim their swag and badges.

Leaderboard (2023 MVR): https://msrc.microsoft.com/leaderboard

Mai sunt doua persoane pe lista si sunt membrii RST: @Zatarra @adiivascu.

V-am salutat:

SNSC si contractori individuali / Bug Bounty pe infrastructura Romania?

Tue, 01 Aug 2023 13:50:26 +0000

Fiecare initiativa are ca punct de prezentare un site wordpress care ramane neupdatat ani de zile. (fiipregatit.ro, politialocala*x*.ro, universitatii, etc)

Potrivit legii, exista undeva, cumva, vreo metoda tip bug bounty?

Honestly m-am saturat sa vad "operation romania" cu RCE pe wordpress 1.0 ./exploit si un deface sau un stored xss, sunt atat de low hanging fruits care pot fi remediate atat de usor

ex: in prezent daca faci un request la transport public [oras romania] in api cu un startdate din anul 0001, dai shutdown la api timp de ~1h (ce opreste toate serviciile si 3rd party app din functionare din orasu respectiv) nu mai zic nimic

cum ne putem implica ca cetateni in asa ceva, si also sa primim ceva la schimb (bani/diplome/etc)

ps: Sugestii tip "sparge si da-le mail" nu prea functioneaza pentru ca nu stii peste ce dai, si chiar si sa nu dai peste nimic, egal de intenti nu ai autorizatie

pana si SuperBet are program de bug bounty ?

Backgroundu meu sa nu fiu prea specific

Certificari Securitate
Facultate pe domeniu
Experienta de munca ce m-ar considera medium in securitate partea Red Team

XSS Reflected - Zendesk

Wed, 29 Mar 2023 15:39:10 +0000

Un XSS reflected care a afectat multe companii. Cei de la Zendesk au program bug bounty, dar din pacate am luat duplicat pe aceasta problema.

XSS Reflected - www.apple.com

Tue, 31 Jan 2023 20:27:40 +0000

Un XSS Reflected in www.apple.com. Raportul a fost acceptat. Nu sunt sigur daca o sa primesc vreo recompensa, dar am sa va zic.

Issues eligible for public acknowledgment.

We review all issues reported to us, and all legitimate services issues are eligible for public acknowledgement. While we request that you report all issues, the following issues are eligible for bounty reward payments only if they’re evaluated as novel or high impact based on Apple’s discretion.

Open Redirects
Reflected or Self XSS
Bugs requiting exceeding unlikely user interaction
Cross-site request forgery vulnerabilities where the only impact is logout
Banner Grabbing or Service Versions without a vulnerability or PoC
Rate Limiting unless credentials are able to be guessed
External and Public Credential Dumps
Denial of Service vulnerabilities
Username enumeration unless some personal identifiable information is disclosed like email or phone number
Report from automated tools or scanners where the vulnerability is not proven
Expired Certificates
DMARC/SPF Misconfiguration concerns
Social engineering
Properties that are not owned or operated by Apple

Link: https://security.apple.com/bounty/categories/

XSS Stored - Microsoft Teams

Tue, 31 Jan 2023 09:40:07 +0000

Raportat. Astept sa vedem ce si cum.

Lista site-urilor care au un program Bug Bounty

Sat, 13 Apr 2013 07:28:09 +0000

Vom mentine aici o lista cu site-urile care au un program bug bounty.

Google

http://www.google.com/about/appsecurity/reward-program/

Facebook

https://www.facebook.com/whitehat/bounty

Mozilla

http://www.mozilla.org/security/bug-bounty.html

Paypal

https://www.paypal.com/us/webapps/mpp/security/reporting-security-issues

Secunia

http://secunia.com/community/research/svcrp/

Etsy

http://codeascraft.etsy.com/2012/09/11/announcing-the-etsy-security-bug-bounty-program/

Barracuda

http://www.barracudalabs.com/bugbounty/

----------------------------------------------------------------------------------------------

Site-uri care vor mentiona persoanele care le raporteaza vulnerabilitati:

Adobe

http://www.adobe.com/support/security/alertus.html

Twitter

https://twitter.com/about/security

EBay

http://pages.ebay.com/securitycenter/ResearchersAcknowledgement.html

Microsoft

http://technet.microsoft.com/en-us/security/ff852094.aspx

Apple

http://support.apple.com/kb/HT1318

Dropbox

https://www.dropbox.com/security

Reddit

http://code.reddit.com/wiki/help/whitehat

Github

https://help.github.com/articles/responsible-disclosure-of-security-vulnerabilities

Ifixit

http://www.ifixit.com/Info/responsible_disclosure

37 Signals

http://37signals.com/security-response

Twilio

http://www.twilio.com/blog/2012/03/reporting-security-vulnerabilities.html

Constant Contact

http://www.constantcontact.com/about-constant-contact/security/report-vulnerability.jsp

Engine Yard

http://www.engineyard.com/legal/responsible-disclosure-policy

Lastpass

https://lastpass.com/support_security.php

RedHat

https://access.redhat.com/knowledge/articles/66234

Acquia

https://www.acquia.com/how-report-security-issue

Zynga

http://company.zynga.com/security/whitehats

Owncloud

http://owncloud.org/security/policy

Tuenti

http://corporate.tuenti.com/en/dev/hall-of-fame

Soundcloud

http://help.soundcloud.com/customer/portal/articles/439715-responsible-disclosure

Nokia Siemens Networks

http://www.nokiasiemensnetworks.com/about-us/responsible-disclosure

Yandex Bug Bounty

http://company.yandex.com/security/hall-of-fame.xml

Lista originala: List of Bug Bounty program for PenTesters and Ethical Hackers - E Hacker News

Lista este in curs de actualizare. Daca aveti ceva de completat, postati in acest topic si vom actualiza si aici.

XSS DOM Based - www.intel.com

Tue, 03 Jan 2023 22:17:57 +0000

Un XSS Dom Based in www.intel.com. Din pacate, nu ofera bani pentru aplicatiile web.

https://app.intigriti.com/programs/intel/intel/detail

Quote

Intel's Web Infrastructure, i.e.*.intel.com
Intel’s web infrastructure, i.e., website domains owned and/or operated by Intel, fall Out of Scope. These reports are not eligible for rewards of any kind.
Please send security vulnerability reports against intel.com and/or related web presence to external.security.research@intel.com

Vulnerabilitatea a fost raportata.

XSS reflected - outlook.[].com & [].live.com

Sat, 01 Oct 2022 19:13:59 +0000

Salut. Am gasit doua vulnerabilitati XSS in aplicatiile detinute de cei de la Microsoft. Una este in Outlook, iar a doua intr-o alta aplicatie folosita si cunoscuta de multi... nu pot da detalii momentan deoarece nu a fost rezolvata nici una pana acum... Cel putin, nu am primit duplicat pe rapoartele trimise. ?

1. XSS reflected (without user interaction) - [*].live.com:

2. XSS reflected (user interaction required) - Outlook:

Am observat ca si domeniile acestea sunt vulnerabile: office365.com si live.com.

XSS Pcfarm.ro

Sun, 02 Oct 2022 16:00:05 +0000

https://imgur.com/yw1Yi3H

Raportat.

Gls.ro IDOR

Tue, 08 Mar 2022 18:27:05 +0000

Daca tot n-au bug bounty, plm have fun .

Linkul ar veni ceva gen "https://dm.mygls.ro/Account/Login?parcelNumber=11111111111&pin=11af"

Daca gasesti valorile potrivite, poti sa intrii in comanda respectiva si sa modifici adresa de livrare + numar de telefon

Enjoy!

XSS Reflected - https://www.xoom.com (PayPal)

Thu, 17 Jun 2021 20:22:33 +0000

O vulnerabilitate pe care am descoperit-o in https://www.xoom.com/. Aplicatia este detinuta de cei de la PayPal. Este o problema mai veche. Recompensa: 5,300$

Bug Bounty Resources

Sun, 07 Nov 2021 07:32:43 +0000

Write-ups of All types Bugs
Bug Bounty Writeups and exploit‘s resource

Bug Bounty Latest Topics

rstforums vulnerabil iarasi

rstforums path traversal & remote command execution

arhi - zoso si cyberfolks pwned

ro [dot] stripchat [.] com

Am intrat pe site-ul festivalului... si site-ul m-a invitat în back(END)stage

kavspersky path traversal & remote command execution

yahoo mail path transveral & rce

https://dnsc.ro

netbet [dot] ro

sie . ro

https://edition.cnn.com

betano pwned

niste jegosi de la bugcrowd

MSRC - 2023 Most Valuable Security Researchers

SNSC si contractori individuali / Bug Bounty pe infrastructura Romania?

XSS Reflected - Zendesk

XSS Reflected - www.apple.com

Issues eligible for public acknowledgment.

XSS Stored - Microsoft Teams

Lista site-urilor care au un program Bug Bounty

XSS DOM Based - www.intel.com

XSS reflected - outlook.[*].com & [*].live.com

XSS Pcfarm.ro

Gls.ro IDOR

XSS Reflected - https://www.xoom.com (PayPal)

Bug Bounty Resources

XSS reflected - outlook.[].com & [].live.com