Silenz

Only Do Shit you Believe in

@fwrnr Gotcha

It is a vulnerability if it was actually imposed by the architecture of the application, and isn't just a private URL that got leaked, but is intended to be persistent secret transmission over GET (with link sharing being implied by the architecture). I've reported the architectural bug before.

There are two sides XD

@sin99xx Yeah ik this point i am talking about triage team have same message for any submission if you use any third party

@silenz404 That’s pretty much my point from the start: some programs treat third-party exposure as NA, others accept it. So we’re not disagreeing on the core issue.

@sin99xx Additionally i added some other ways to get jwt tokens but he saw web archive word he close it NA immediately

@silenz404 The triager literally acknowledged the token exposure and explained it likely came from third-party indexing (VirusTotal/cache). Maybe read the response before doing analysis on Twitter, kid "Reading comprehension is a useful skill in security"

@sin99xx This submission was about exposed jwt token in url lead to access user profile and modify his data so there is no impact here?!!!!

@silenz404 the ahmed guy is dumb, nd you too!!! some programs award leaked credentials nd most do not so stop this rat race nd learn real vulnerabilities

@0xbartita السيناريو ده بالذات عمره ما اتقبل مني tal مستنيني بالرساله كوبي 😂

@silenz404 Keep going.

@0xAsad_Eldin @the_IDORminator الف مبروك يا اخويا ربنا يوفقك يا رب

اَلْحَمْدُ لِلَّهِ وَحْدَهُ، نَصَرَ عَبْدَهُ، وَأَعَزَّ جُنْدَهُ، وَهَزَمَ الْأَحْزَابَ وَحْدَهُ، وَالصَّلَاةُ وَالسَّلَامُ عَلَى مَنْ لَا نَبِيَّ بَعْدَهُ. Chllange is done ✅ Tip: follow this man @the_IDORminator his tips are amazing #bugbountytip #BugBounty #infosec

@AhmedMa07846126 انا بستلم من ywh علي dukascopy

بالنسبة لحوار الحساب البنكى في YESWEHACK للمصريين دا ردهم ياشباب من اخر لازم تعمل حساب دولارى ولازم يكون نفس الاسم الفى باسبور بالحرف يعنى خانة firstname مثلا ahmed و خانة last name تكتب فيه باقى اسمك كله فحوار 😅

فاستدركوا رحمكم الله ما بقى من الايام .

Inside Combolists: How Hackers Build Stolen Credential Data - DeXpose dexpose.io/inside-comboli…

@Shari7a0X مدمنها بقالي فتره

@Shari7a0X Arc raiders

مفيش لعبه الواحد يلعبها ترجع الشغف انه يلعب جيمز تاني

@vagtesahar yes

@silenz404 Private program??

الواحد لسه راجع للهانت اللي مستنيني:

@M_hammedX لا انا متعود اصلا علي كده

@7lpu6iLt It was a warm up

@silenz404 They wasted bro’s time

@MuhannadK24 اخره الغدر

@silenz404 عشان من غيري

@696e746c6f6c Congrats bro really a respectable team 3>

First bounty by Epic Games. Even if it’s low, it’s still good. As this is my first time trying out on this program. Hopefully more and better bounties will happen!