Recent Posts

Pages: 1 [2]

Questions / Payment Methode ?

« Last post by Xsecure on April 30, 2023, 07:41:22 pm »

As now the only payment methode is PayPal.

We believe that PayPal offers a fast, secure, and reliable way for our customers to make online payments.

By using PayPal, we can ensure that our customers' financial information is kept safe and secure. With PayPal's encryption technology and fraud prevention measures, you can feel confident that your transactions with us are protected.

We understand that some customers may prefer other payment methods, but we have chosen to use PayPal exclusively in order to simplify the payment process and ensure the highest level of security for our customers. If you have any questions or concerns about using PayPal, please feel free to contact us and we'll be happy to help.

Thank you for choosing our website, and we look forward to serving you!

Sincerely,

BugBeat.

Questions / Is Bug Bounty Hunting Legal?

« Last post by Xsecure on April 30, 2023, 12:16:00 am »

Is Bug Bounty Hunting Legal?

Bug bounty hunting, also known as ethical hacking, is generally legal when conducted in accordance with the terms and conditions set forth by the company offering the program. In fact, many companies explicitly encourage and incentivize security researchers to search for vulnerabilities in their systems and report them through bug bounty programs.

However, it's important for bug bounty hunters to follow the rules and guidelines established by the company offering the program. This may include obtaining prior authorization before conducting any testing, refraining from accessing or modifying sensitive data, and reporting any vulnerabilities found in a responsible and ethical manner.

In some cases, bug bounty hunters may inadvertently run afoul of the law, for example by accessing systems without permission or causing damage to a company's infrastructure. This is why it's important for bug bounty hunters to thoroughly read and understand the terms and conditions of a bug bounty program before participating, and to always act in a responsible and ethical manner.

Overall, bug bounty hunting can be a legal and lucrative way for security researchers to put their skills to the test and earn rewards for their efforts. However, it's important to always stay within the bounds of the law and act in a responsible and ethical manner at all times.

Questions / Is Bug Bounty Worth It ?

« Last post by Xsecure on April 30, 2023, 12:13:49 am »

Is Bug Bounty Worth It?

Whether or not bug bounty programs are worth it depends on the individual company's needs and goals. For some companies, bug bounty programs can be an effective and cost-efficient way to identify and address vulnerabilities in their systems. By tapping into the expertise of external security researchers, companies can potentially discover vulnerabilities that may have been missed otherwise.

Bug bounty programs can also be an effective way for companies to demonstrate their commitment to security to their customers and stakeholders. By offering a bug bounty program, companies can show that they take security seriously and are willing to invest in measures to protect their systems and data.

However, bug bounty programs also come with their own set of challenges and potential drawbacks. For example, managing a bug bounty program can require significant time and resources, and companies may need to be prepared to handle a large volume of vulnerability reports. Additionally, bug bounty programs are not a replacement for other security measures, such as secure coding practices or regular security testing.

Ultimately, whether or not a bug bounty program is worth it depends on a variety of factors, including the company's budget, risk tolerance, and overall security strategy. Companies that are considering a bug bounty program should carefully weigh the potential benefits and drawbacks and develop a plan that is tailored to their specific needs and goals.

Questions / Are Bug Bounty Programs Effective ?

« Last post by Xsecure on April 30, 2023, 12:09:52 am »

Bug Bounty Programs: Are They Effective?

Bug bounty programs can be an effective way for companies to identify and remediate vulnerabilities in their systems. By incentivizing external security researchers to report bugs, companies can tap into a broader range of expertise and testing capabilities than they might have in-house. This can lead to the discovery of vulnerabilities that may have been missed otherwise.

Bug bounty programs can also be more cost-effective than traditional security testing methods, such as penetration testing or code reviews. Rather than paying a fixed price for a limited amount of testing, bug bounty programs allow companies to pay only for the bugs that are found and reported.

However, bug bounty programs are not a panacea for security. They require careful planning and execution to be effective. Companies need to set clear guidelines for what types of vulnerabilities are in scope and what rewards will be offered for their discovery. They also need to be prepared to respond quickly and effectively to any vulnerabilities that are reported.

Additionally, bug bounty programs are not a replacement for other security measures, such as secure coding practices or regular security testing. They should be seen as a complementary tool that can help to supplement existing security efforts.

In summary, bug bounty programs can be an effective way for companies to identify and address vulnerabilities in their systems, but they need to be approached with care and attention to detail.

Bugs Reports / Exploit in /mellon/logout?ReturnTo= : 50$~200$

« Last post by Xsecure on April 29, 2023, 11:36:26 pm »

Target category

Website Testing

vrt

Server Security Misconfiguration > OAuth Misconfiguration > Insecure Redirect URI

Priority

P4

Bug url

https://wwww.*******.com/mellon/logout?ReturnTo=

Description

Visiting a logout URL like this:
https://www.*******.com/mellon/logout?ReturnTo=///fishing-site.example.com/logout.html
would have redirected the user to fishing-site.example.com

With the patch, this URL would be rejected.

CVE
CVE-2021-3639

Hacker Username

@ lolamero

Pages: 1 [2]