Those are the real bug bounty tricks nobody talks about :P Faking bugs!!! Jokes aside, that's not the end of the story! A fellow hunter asks some clarifying questions. Browser cache? Server side cache? Or maybe even a service worker? - ThreadSky

About ThreadSky

liveoverflow.bsky.social • 44 days ago

Those are the real bug bounty tricks nobody talks about :P Faking bugs!!!

Jokes aside, that's not the end of the story!
A fellow hunter asks some clarifying questions. Browser cache? Server side cache? Or maybe even a service worker?

Comments

liveoverflow.bsky.social•44 days ago

OP clarifies it's not the browser cache. Server-side cache would still be exploitable, right?

But no... OP explains that it's not exploitable, because an attacker cannot guess the random cache key parameter :(

liveoverflow.bsky.social•44 days ago

This is the kind of issue where you need to change your perspective. If you are stuck with "we as the attacker want to directly access cached data", you will miss the obvious.

Turns out, we can control the cache parameter, by forcing the victim to visit the link with our value!!

liveoverflow.bsky.social•44 days ago

This was really a good conversation!

1. OP is capable to self-reflect and be humble
2. Commenters are knowledgable and they asked the right questions
3. And OP genuinely engaged with the responses

Source: https://www.reddit.com/r/bugbounty/comments/1i8dbi1/should_i_refund_the_payment_for_my_report/

blotz.dev•44 days ago

Respect for coming out with it! I would have been mortified if I found out I submitted a false bug

Posting Rules

Be respectful to others
No spam or self-promotion
Stay on topic
Follow Bluesky's terms of service

Comments

Posting Rules

Reply