[tech layman] found a way to see the “seen” status on instagram messenger even if the person hid it hi, i’m not into coding or anything, but i found a way that one can very easily check if a instagra 谷歌翻译: [技术门外汉] 找到了一种方法，即使用户隐藏了 Instagram Messenger 上的“已读”状态，也可以看到它 嗨，我对编码之类的不感兴趣，但我找到了一种方法，可以非常轻松地检查 Instagram DM 是否被看到。这真是个愚蠢的事情，只需几 原文地址

Why don't people make their reports public on Google VRP leaderboard? I was checking out https://bughunters.google.com/leaderboard On both leaderboard an 谷歌翻译: 为什么人们不将他们的报告公开在 Google VRP 排行榜上？我查看了 [https://bughunters.google.com/leaderboard](https://bughunters.google.com/leaderboard)，在排行榜和荣誉提名中，与可见的用户相比，我看不到很多报告。您可以点击报告列标题两次， 原文地址

Exploit nginx 1.24.0 ? Hi guys! I am searching for exploit version 1.24.0 so guys can U help me ?? 谷歌翻译: 利用 nginx 1.24.0？大家好！我正在寻找利用版本 1.24.0 的漏洞，大家能帮我吗？ 原文地址

vulnerable library i found a website using bootstrap 3.4.1 which is deprecated and no longer supported can i just report that or do i have to actually exploit it? 谷歌翻译: 易受攻击的库我发现一个使用 bootstrap 3.4.1 的网站，它已被弃用并且不再受支持，我可以报告它吗，还是必须真正利用它？ 原文地址

i am beginner in bug bounty I want a partner who can tell me about it in detail 谷歌翻译: `` 原文地址

Company mentioned having a Bug Bounty on their website, but after submission via Bugcrowd, found it’s actually a VDP – Is this normal? Hey everyone, I came across a company that mentioned they have a 谷歌翻译: `` 原文地址

Update on My HackerOne Report Marked as Duplicate But the actual question is why don't they fix it already ? 谷歌翻译: 关于我的 HackerOne 报告标记为重复的更新但实际问题是他们为什么不修复它？ 原文地址

Phantomjs with sudomy I'm currently facing an issue while running Sudomy, where it fails to start PhantomJS properly, leading to incomplete scan results and missing screenshots. It seems like PhantomJ 谷歌翻译: Phantomjs 与 sudomy 我目前在运行 Sudomy 时遇到一个问题，无法正确启动 PhantomJS，导致扫描结果不完整且缺少屏幕截图。似乎 PhantomJS 未按预期启动，并且 Sudomy 无法在扫描期间截取屏幕截图。我已经安装了 phantomjs 所需的所有库，请 原文地址

JavaScript for web pentesters Hello hunters just a quick advise because i am too confused for JavaScript in web penteration testing do we really need a very long course like a bootcamp or just the bas 谷歌翻译: 面向 Web 渗透测试人员的 JavaScript 你好，各位猎手，我只想提个建议，因为我对 Web 渗透测试中的 JavaScript 感到很困惑，我们真的需要像训练营一样的很长的课程吗？还是只需要一些带有 oop 概念的基础知识，以及一些 leet code 和 原文地址

SQL for Bug Bounty Hunting How much knowledge is required of SQL for Bug Hunting.....please reply keeping in mind im just a beginner....in this long and hard journey ️ 谷歌翻译: 用于 Bug Bounty Hunting 的 SQL 用于 Bug Hunting 需要多少 SQL 知识.....请回答，记住我只是个初学者....在这段漫长而艰难的旅程中☺️ 原文地址

I wanna your advice ! I am planning to take my eWPTX and CBBH certificates, but yesterday I came across an offer for eWPT. Do you advise me to take it? 谷歌翻译: 我需要您的建议！我打算参加 eWPTX 和 CBBH 证书考试，但昨天我偶然发现了 eWPT 的优惠。您建议我参加吗？ 原文地址

Bug bounty programs Hi y’all! I work at an open source company and we are looking at bug bounty providers to search for security vulnerabilities in our software. We worked with huntr.dev but they swi 谷歌翻译: 漏洞赏金计划 大家好！我在一家开源公司工作，我们正在寻找漏洞赏金提供商来搜索我们软件中的安全漏洞。我们曾与 huntr.dev 合作，但他们转向了 AI/ML。由于是开源软件，我们无法提供巨额赏金，因此我们需要一些有效但价格 原文地址

Where can I practice api hacking ? Hi, there looking for some platform to practice api hacking , Thankyou 谷歌翻译: 我可以在哪里练习 API 黑客攻击？嗨，正在寻找一些平台来练习 API 黑客攻击，谢谢 原文地址

Is AI the reason for the high volume of report submissions? !img 谷歌翻译: 人工智能是报告提交量高的原因吗？ ![img](lyp3bisufv2e1) 原文地址

Found a critical vulnerability in a program in openbugbounty I found a critical vulnerability in a openbugbounty program Should I expect getting paid? The vulnerability makes me able to buy anything 谷歌翻译: 在 openbugbounty 程序中发现了一个严重漏洞 我在 openbugbounty 程序中发现了一个严重漏洞 我应该得到报酬吗？这个漏洞让我能够免费从商店购买任何东西并免运费 原文地址

Need help with SSRF in PDF weird scenario i have a customer service chat that after ending can be transcript and sent to my email as pdf (or to any email btw) all the html tags i inject in the chat 谷歌翻译: 需要帮助解决 PDF 中的 SSRF 问题 奇怪的情况下我有一个客户服务聊天结束后可以记录下来并以 pdf 格式发送到我的电子邮件（或任何电子邮件）我在聊天中注入的所有 html 标签在 pdf 中反映正常但是当我尝试注入任何 iframe 或嵌入 原文地址

self-managed bug bounty program owners is there any self-managed bug bounty program owner ,is struggling with high fees about third party fees, and trying to make your own bounty program work, look f 谷歌翻译: 自我管理的漏洞赏金计划所有者是否有任何自我管理的漏洞赏金计划所有者，正在为高额的第三方费用而苦苦挣扎，并试图使自己的赏金计划发挥作用，寻求沟通或合作。 原文地址

Shopify.com Is This a Vulnerability ?? I am a new bug hunter. I have a question regarding my recent finding. I changed some parameters in shopify login url login url and everytime i login through that 谷歌翻译: Shopify.com 这是一个漏洞吗？我是一个新的漏洞猎人。我对我最近的发现有一个疑问。我更改了 shopify 登录网址中的一些参数，每次我通过该网址登录时都会自动创建一个新商店。我试过很多次了。我想听听你的建议，这是一个漏 原文地址

How long does it takes to reviewed and accepted the tax forms on Hackerone and Bugcrowd? Recently added Payment Methods to the platforms but Don't have any idea when the tax forms are going to get ac 谷歌翻译: Hackerone 和 Bugcrowd 上审核和接受税务表格需要多长时间？最近在平台上添加了付款方式，但不知道税务表格何时会被接受。您的情况需要多长时间？ 原文地址

Does laser focusing on a specific topic like API Sec a good starting point in a career in bug bounty? Hello! Newbie here. As the title suggests, I plan to embark on the bug bounty journey with the sol 谷歌翻译: 专注于 API Sec 这样的特定主题是否是漏洞赏金职业生涯的良好起点？你好！我是新手。正如标题所示，我计划踏上漏洞赏金之旅，唯一的目的是学习和赚钱。那么正如之前所问，这是一个有效的选择吗？背景：我对正在使用的 We 原文地址

is this a security issue? I was hunting on a facial recognition system used for login on an website so here is the bug: I am able to login into my brother's account with my face, we don't have same fa 谷歌翻译: 这是一个安全问题吗？我正在寻找一个用于网站登录的面部识别系统，所以这里是错误：我可以用我的脸登录我兄弟的帐户，我们没有相同的脸，但我们有一些相同的面部特征。这就是为什么我认为这是安全的，因为它允许我（未经授权的用户）登录我兄弟的帐户，这也是一个隐私问题。我猜它会在低到中等之间。 原文地址

is this a security issue? I was hunting on a facial recognition system used for login on an website so here is the bug: I am able to login into my brother's account with my face, we don't have same fa 谷歌翻译: `` 原文地址

RIOT needs your help, any white-hat hackers out there. (fixing DDoS for $100k and more) 谷歌翻译: RIOT 需要你们以及任何白帽黑客的帮助。（修复 DDoS 需要 10 万美元甚至更多） 原文地址

Is it a security issue if I can register usernames like "Administrator" or "root" I discovered I can create user accounts with names like Administrator, root, and system in an app/platform.I can't act 谷歌翻译: `` 原文地址

Need your Views on: The server allows multiple successful password changes using the same token. 谷歌翻译: `` 原文地址

Help Hey, actually i dont have student main and I wanna explore azure but my card if of Rupay I can't sign in as azure only accept visa and mastercard and I can create a azure account without any cha 谷歌翻译: `` 原文地址

A lot of nginx on my target ? !img Yo, I was just scanning the port when i saw those opened with nginx service behind. I don't understand what would be the purpose of it 谷歌翻译: 我的目标上有很多 nginx 吗？ ![img](vg0nms8qd43e1) 哟，我刚刚扫描端口时看到那些端口打开了，后面还有 nginx 服务。我不明白这样做的目的是什么 原文地址

question about setting up an automated system that runs on a massive list of targets hello, is there any useful resource to read or watch on how to build an automated system where i can feed it for e 谷歌翻译: `` 原文地址

Why to inform about bugs? Honest curious question... why would a person inform about a bug in an app or website if they could just exploit without being noticed? 谷歌翻译: 为什么要报告漏洞？老实说，我很好奇...如果一个人可以利用漏洞而不被人注意，为什么还要报告应用程序或网站上的漏洞呢？ 原文地址

Is this a security issue? If my cousin is able to trigger webcam LED on while the screen is locked in macOS, is this a security issue? 谷歌翻译: 这是一个安全问题吗？如果我的表弟能够在 macOS 屏幕锁定时触发网络摄像头 LED 灯亮起，这是否是一个安全问题？ 原文地址

This is why you should not reveal any data of a pvt program Few days ago I have submitted a valid auth bypass bug on a private program and they awarded me a insane amount of money but I have posted ab 谷歌翻译: 这就是为什么你不应该泄露任何私人程序的数据 几天前，我提交了一个关于私人程序的有效身份验证绕过漏洞，他们给了我一大笔钱，但我在 r/hacking 上发布了这个消息，因为这是我的第一个严重漏洞，而且我错误地泄露了私人 原文地址

New to Bug Bounty, Need Advice on Where to Start with Real-World Testing Hi everyone, I’m new to bug bounty hunting and have only done labs on web hacking so far (like those offered by PortSwigger e 谷歌翻译: `` 原文地址

is AI going to replace hunters? I’m not talking right now or even next year, i believe it is possible that in say 10 years AI will completely replace bug bounty hunters. I ask this because i’m lookin 谷歌翻译: 人工智能会取代赏金猎人吗？我说的不是现在，甚至不是明年，我相信人工智能有可能在 10 年后完全取代漏洞赏金猎人。我问这个问题是因为我想更认真地对待这个问题，但我现在面临这个问题。你怎么看？ 原文地址

iOS pentesting Gonna ask here because y’all know what your talking about. Just getting into iOS pentesting wanting to know the difference between viewing an apps files through filza tweak or using fr 谷歌翻译: iOS 渗透测试 我在这里问，因为你们都知道你们在说什么。刚开始接触 iOS 渗透测试，想知道通过 filza tweak 查看应用程序文件和使用 frida 转储应用程序的 ipa 之间的区别。我能否通过使用 frida 从内存中转储 ipa 来查看更多信息？ 原文地址

IS WSL2 enough for BBH? Ive read people complain about wsl2 having limitations but i wanted to know if those extend to BBH and or WEB HACKING in general 谷歌翻译: WSL2 对 BBH 来说够用吗？我读过有人抱怨 wsl2 有局限性，但我想知道这些局限性是否延伸到 BBH 或一般的网络黑客 原文地址

weshlient: A simple tool to interact with web shells and command injection vulnerabilities 谷歌翻译: weshlient：一个与 Web Shell 和命令注入漏洞交互的简单工具 原文地址

How much did you make out of bounties The last 3 months 谷歌翻译: 过去 3 个月你从赏金中赚了多少钱 原文地址

What’s your mental or physical checklist (technical, not just an overview) 谷歌翻译: 您的心理或身体检查清单是什么（技术性的，而不仅仅是概述） 原文地址

After recon how do you choose a subdomain to hack? Do you just go thru every subdomain 1 by 1? how do you choose. I feel overwhelmed with the amount of subdomains there are after recon. 谷歌翻译: 侦查后，您如何选择要破解的子域名？您是否只是逐个检查每个子域名？您如何选择。侦查后，我对子域名的数量感到不知所措。 原文地址

Help Its been 4 months since I created an account on H1, reported 3 bugs but all of them were dupes, yet to find my first valid bug. I have do recon and thoroughly use burp suite active scan++ but 谷歌翻译: 帮助 自从我在 H1 上创建帐户以来已经 4 个月了，报告了 3 个错误，但都是重复的，但尚未找到我的第一个有效错误。我已经进行了侦察并彻底使用了 burp suite active scan++，但到目前为止还没有找到一个合适的错误，需要提示和帮 原文地址

Career Switch Hi, Currently, i'm residing in UAE working full time as a Retail sales assistant and also studying a Bsc Computing. So now i wanted to switch my career from retail to IT but it's really 谷歌翻译: 职业转换 嗨，目前，我居住在阿联酋，全职担任零售销售助理，同时还在攻读计算机学士学位。所以现在我想将我的职业从零售业转到 IT 行业，但 IT 领域的入门级工作确实很难找到。那么，我该如何顺利地将我的职业从零售业 原文地址

Please need help in this! Trying to do some brute force attacks but the website blocked me and i tried changing ip address and user agent too and it didnt worked although in my phone it is working if 谷歌翻译: `` 原文地址

What exactly to look for when analyzing JavaScript code for bugs? Hey guys! I see a lot of researchers recommending "analyzing JavaScript code to find bugs", but recently they explained what to look f 谷歌翻译: 分析 JavaScript 代码中的错误时究竟要寻找什么？大家好！我看到很多研究人员建议“分析 JavaScript 代码以查找错误”，但最近他们解释了要寻找什么以及在哪里寻找。在现代应用程序中，有数千个 JavaScript 文件，分析它们全部需 原文地址

sql enumeration hello, what are some useful resources to read or watch about enumerating sql and manually testing for sql in modern web apps (modern is the key word here) thank you in advance all 谷歌翻译: `` 原文地址

looking for a partner to hunt with who’s down to hunt together we can split findings 50/50 two brains are always better than one 谷歌翻译: 寻找一个愿意一起狩猎的伙伴，我们可以平分狩猎成果，三个臭皮匠总比一个好 原文地址

Need help, Same bugs on main web and dev web. Lads, During my testing, I have found multiple bugs on main website, but during recon, I have found dev website of the main website and found some sam 谷歌翻译: 需要帮助，主网站和开发网站上有相同的错误。伙计们，在我测试期间，我在主网站上发现了多个错误，但在侦察期间，我发现主网站的开发网站也发现了一些相同和新的错误。那么我该怎么办，我应该单独报告还是合并到一份 原文地址

Is there any way to scan find all bugs / issues in custom android OS like oxygen OS, auto scan etcetera for software and hardware issue? Automation etc,i do it manually but its very hard vs ai, but id 谷歌翻译: 有没有办法扫描发现自定义安卓系统（如氧气系统）中的所有错误/问题，自动扫描软件和硬件问题等？自动化等，我手动完成，但与人工智能相比非常困难，但我不知道如何让人工智能参与查找错误。请帮帮我 🥲🫠 原文地址

Found a big problem, don't know how to deal with it. Hello I'm a "software developer" and I'm no hacker but I found an important bug in a medium-big sized AI company. The bug allow users to access one 谷歌翻译: `` 原文地址

New to this and have questions about finding Most questions related to reporting and ethics. I started playing around with some GitHub tools I found for exploitations. In turn I found a vulnerability 谷歌翻译: 刚接触这个，对查找有疑问 大多数问题都与报告和道德有关。我开始使用我发现的一些用于漏洞的 GitHub 工具。反过来，我在一家公司的网站上发现了一个漏洞。小公司。我想向他们报告，看看我是否能得到一些报酬，哪怕只有 原文地址

Found Backup Database Files via Shodan.io with a Payload! Hey everyone, I recently stumbled upon something interesting while using Shodan.io for a security investigation. I found 谷歌翻译: `` 原文地址