Mass disclosure leaking tax documents that include everything under the sun (including passport numbers and drivers licenses) set to High from Critical by H1 triage. Whatโs the point in the platform standards if they get ignored anyway?
Found an old site which most likely has a bunch of vulnerabilities, but at registration, the captcha breaks showing: 'ERROR for site owner: Invalid domain for site key'. Does anyone know of a trick to bypass this? Or a way to get the correct key? Maybe a match and replace trick?
Burp has been giving me so many issues recently. The suggestion box for the search stays open even after closing the search. It just stops intercepting traffic for hosts added with the advanced scoping halfway through a project.
Should've appreciated how nice it worked before...
Any good SSRF hackers for an escalation? Payload must start with โ//โ and HTTP outbound is blocked. Tried finding internal IPs and hosts to no avail. Should be full read SSRF if I can find a host to prove it.