Discussion on "$9240 Bounty in 30 days Hunt Challenge"

Omid Rezaei · 2023-10-21T17:19:14.768Z

Intro Hello, I'm Omid, a 22-year-old enthusiast diving into the world of web application hacking for nearly a year and a half now. I'm currently hunting for the Voorivex team, a group of people like me who have the same interests. You can read my fir...

brother I've submitted 12 vuln so far 5 min BBP and 7 in VDP all of them being N/A/ dup risk accepted, informative

this blog act as a motivation for me to keep going

Hi, you started your 30-day challenge in a public or private bbp and also was that a new asset? just curious.

The 2FA Bypass with Grant Access section is not very clear. The redirect must be victim@gmail.com. If the redirect is to victi.m@gmail.com, the user is a new user, and 2FA is not enabled

However, if you are signing up for a new user victi.m@gmail.com, the link must also go to victi.m@gmail.com, so it is impossible to bypass 2FA at victim@gmail.com

verry helpful for me ty for mohandes rezaee =D

I got several motivation from your blog. Thanks

Keep going bro , You are awesome

from where do you learn all these bugs and techniques?

Greet work bro. If you don't mine guide us also bro

Same here, the struggle is real. Reported more than 20 bugs as of now, only 1 paid. All other duplicates and N/As. Also no response from program most of the time.

In "2FA bypass with GrantAccess" If an attacker sends the invitation to victim.m@gmail.com . The invitation mail will still be delivered to victim@gmail.com right? So how is the attacker able to access that link?

excellent, Keep going strong!!!

Discussion

$9240 Bounty in 30 days Hunt Challenge

Responses(10)

Recent in Forum

Search Hashnode

$9240 Bounty in 30 days Hunt Challenge

Responses(10)

Recent in Forum