"I've been hitting a wall with Cloudflare's latest challenges on a private program. I managed to get through using some header tricks, but I'm curious—what’s everyone using nowadays for 403 bypasses? Are simple encodings still working for you guys or are you moving to origin-IP hunting?"
I found a P2 category IDOR bug with their internal R&D credentials or their password of their employees.
When I submit the report and they call that it's a P5 information sensitive and subdomain instantly close then a complaint it says the triage. Its says it not a P5 information sensitive bug it was a my mistake. And I was say what is going happened on?
And help me what to do now when subdomain of R&D is close.