pl0x_plox_chiken_p0x
7 posts
@stephenlacy I can confirm that I own the server if you'd like.
Sorry for ruining the party,
X
English
this is a mere bugbounty effort. no harm done. report will be released.
English
@stephenlacy The 5 fakes with npm packages in them are just GitHub copies. Not published to npm, original repos intact.
English
pl0x_plox_chiken_p0x@Pl0xP
@stephenlacy Hi Stephen, I'm sorry to rain on your parade, but what you've uncovered in GH is a bb effort. I've discovered a problematic behavior in GH and was exploiting it for bounty (affected companies were contacted responsibly). This is why I only exfiltrated the env variables.
QME
pl0x_plox_chiken_p0x@Pl0xP
@stephenlacy Hi Stephen, I'm sorry to rain on your parade, but what you've uncovered in GH is a bb effort. I've discovered a problematic behavior in GH and was exploiting it for bounty (affected companies were contacted responsibly). This is why I only exfiltrated the env variables.