a1234

Rofl, nothing can bypass chrome with 1 get variable under "normal circumstances" as with any filter nowadays (IE,noscript,chrome). Anyway it's another method, not public. That vector will be used to solve my level 2 xss challenge i posted . So i can't do it "write".

When are you going to stop acting like you're tinkode or someshit? I remember you asking in chat how to do a simple GET csrf, get the fuck out of here you dumb skid.

@ToGays Broski i just don't want to send my vector . Now stop acting stupid and add me to solvers list, it doesn't really matter anyway everyone including you knows i solved it.

This xss is completely useless and not even his own work. He just tried the same method used in the disclosed thread over@intern0t in another place. Anyway that method listed by Nytro is in no way applicable to this method without another xss.

I don't need to pm you my vector, the proof is the video. Whole purpose is proving it's legit, providing a video with a stopwatch is just another alternative to sending a pm.

Here's the proof lol:Download proof xss challenge free server.wmv from Sendspace.com - send big files the easy way.

No point, you won't solve it either way . The speed is good for a free hosting service .

Nice cruce bro, but i don't see where they list "cruce" in the bug bounties. Maybe darkb0t can explain to us.

http://12342.site11.com/challenges.html To solve either of them you need to pm me the syntax. Solvers:

Lesson to learn, acunetix makes you a millionaire.

Acunetix really does pay off .

Just a note, *.google.com would qualify for a reward if not in a sandboxed sub-domain, *.google*.com will surely not.

Yes this is fake. You can tell the https: and google are the same colors. With actual https it's lighter gray.

Why did you even "work" with vulnerability lab? You could of just reported it yourself and take full credit+bug bounty. Before reporting a vulnerability like that you should verify it on various account types (verified/unverified) with balance or not as POC for evidence so you can tell if they're bullshitting or not.

Nice find, but next time you find such a critical vulnerability, don't report it to them. Sell it in the "black market" you'll make a lot more money and not get bullshit from paypal.