Mass disclosure leaking tax documents that include everything under the sun (including passport numbers and drivers licenses) set to High from Critical by H1 triage. What’s the point in the platform standards if they get ignored anyway?

docs.hackerone.com/en/articles/83…

💡 Scanning for vulnerabilities should be a communal effort

Security can't be hidden behind a paywall, it needs to be something anyone can implement.

Found an old site which most likely has a bunch of vulnerabilities, but at registration, the captcha breaks showing: 'ERROR for site owner: Invalid domain for site key'. Does anyone know of a trick to bypass this? Or a way to get the correct key? Maybe a match and replace trick?

Does anyone have a good way to get all URLs returned from a dork? I've tried a couple github tools but they are quite unreliable.

how on earth does this man not have more followers after multiple extremely impactful research posts

Apparently this was the ultimate one

Anyone on here good with Python threading? I've been going at this for hours...

Burp has been giving me so many issues recently. The suggestion box for the search stays open even after closing the search. It just stops intercepting traffic for hosts added with the advanced scoping halfway through a project.

Should've appreciated how nice it worked before...

I'm still looking for an F5 bypass for XSS, in both reflected and URI forms. If either of these are found multiple reports can be submitted.

Please save me from having to submit these as HTML injections $

If you find a SQLi and need a sandbox to play with some queries, instead of a local install, try sqlfiddle.com.

I wish I found this sooner.

Anyone have a working F5 waf bypass? $

Any good SSRF hackers for an escalation? Payload must start with “//“ and HTTP outbound is blocked. Tried finding internal IPs and hosts to no avail. Should be full read SSRF if I can find a host to prove it.