From 16ef65acdb4fb2e240b852132fe68208e2a5423a Mon Sep 17 00:00:00 2001 From: Alpastx Date: Tue, 3 Feb 2026 01:18:57 +0530 Subject: [PATCH 1/2] docs: add summary for OTC CatchUp #267 : added config --- summary/sessions/267/attendees.adoc | 15 +++++++++++++++ summary/sessions/267/content.adoc | 24 ++++++++++++++++++++++++ 2 files changed, 39 insertions(+) create mode 100644 summary/sessions/267/attendees.adoc create mode 100644 summary/sessions/267/content.adoc diff --git a/summary/sessions/267/attendees.adoc b/summary/sessions/267/attendees.adoc new file mode 100644 index 0000000..77b8c1c --- /dev/null +++ b/summary/sessions/267/attendees.adoc @@ -0,0 +1,15 @@ +==== Attendees + +. link:https://twitter.com/KartikSoneji_[Kartik Soneji^] +. link:https://x.com/Alpastx[Alpesh Bhagwatkar^] +. Chirag Nayyar +. Jaden Furtado +. Krishna Gadia +. Swapnil Borkar +. Ishan Sharma +. Ayush Shukla +. Janvi Matani +. Parag Soneji +. Rehan S. +. Shlok Bagwe +. Shubhranil Paul diff --git a/summary/sessions/267/content.adoc b/summary/sessions/267/content.adoc new file mode 100644 index 0000000..0b60c42 --- /dev/null +++ b/summary/sessions/267/content.adoc @@ -0,0 +1,24 @@ +Date: 20-12-2025 + +Duration: 2 hrs 15 mins + +==== Topics Discussed + +* Rehan S. and Kartik Soneji discussed various web security vulnerabilities and attack vectors. + ** They talked about reflected XSS (Cross-Site Scripting) vulnerabilities and how attackers can inject scripts through reflected parameters. + ** The discussion covered cookie injection attacks and how vulnerabilities can be exploited through reflected access points. + ** They explored scenarios where companies might dismiss bug bounty reports, claiming vulnerabilities are outdated or not exploitable, even when they can be demonstrated. +* Kartik shared experiences with SQL injection attacks and Denial of Service (DoS) scenarios. + ** He mentioned testing SQL injection vulnerabilities and how injecting payloads could cause sites to freeze or crash. + ** Kartik discussed an incident where cookie injection led to their EngineX server going down, though it recovered within a couple of minutes. + ** The group discussed how some companies respond to security reports, sometimes dismissing them as false positives or claiming they're not exploitable. +* Alpesh Bhagwatkar shared his experience with responsible disclosure and company responses to security vulnerabilities. + ** He discussed an incident involving a large real estate company where he discovered and dumped their entire database. + ** After reporting the vulnerability, the company responded with legal threats instead of acknowledging the security issue. + ** Alpesh noted that the vulnerability still exists, highlighting challenges in responsible disclosure when companies respond defensively rather than addressing security concerns. +* The group discussed the challenges and frustrations of bug bounty programs. + ** They talked about how companies sometimes dismiss valid security findings or respond with legal threats instead of fixing vulnerabilities. + ** The conversation touched on the importance of proper vulnerability reporting and the need for companies to take security reports seriously. +* Discussion about an upcoming tech event at Nesco, Mumbai. + ** The group discussed whether the event was worth attending, with some members noting it was scheduled for a weekend. + ** Alpesh mentioned sharing an Amazon link in the OTC group related to the event. From 4e730e89d5c1997aff590570e0a02a0cb739f5af Mon Sep 17 00:00:00 2001 From: Alpastx Date: Tue, 3 Feb 2026 01:33:42 +0530 Subject: [PATCH 2/2] docs: add summary for OTC CatchUp #267 : added configv2 --- summary/sessions/267/config | 1 + 1 file changed, 1 insertion(+) create mode 100644 summary/sessions/267/config diff --git a/summary/sessions/267/config b/summary/sessions/267/config new file mode 100644 index 0000000..1a3209e --- /dev/null +++ b/summary/sessions/267/config @@ -0,0 +1 @@ +catchup_config_noimage=1