tromfil Posted July 30, 2011 Report Posted July 30, 2011 To qualify for a bounty, you must:Adhere to our Responsible Disclosure Policy:... give us a reasonable time to respond to your report before making any information public and make a good faith effort to avoid privacy violations, destruction of data and interruption or degradation of our service during your research ...Be the first person to responsibly disclose the bugReport a bug that could compromise the integrity or privacy of Facebook user data, such as:Cross-Site Scripting (XSS)Cross-Site Request Forgery (CSRF/XSRF)Remote Code InjectionReside in a country not under any current U.S. Sanctions (e.g., North Korea, Libya, Cuba, etc.)Our security team will assess each bug to determine if qualifies.RewardsA typical bounty is $500 USDWe may increase the reward for specific bugsOnly 1 bounty per security bug will be awardedhttps://www.facebook.com/whitehat/bounty/ Quote
tiodr Posted July 30, 2011 Report Posted July 30, 2011 pentru unii oameni (ca mine) daca ar gasesc o vulnerabilitate ar prefera sa o raporteze si sa ia minim 500 de dolari decat sa o tina si sa se uite la ea ca nu au habar sa profite de ea si sa scoata sa zicem 2.000 dolari Quote
symboss Posted July 30, 2011 Report Posted July 30, 2011 De cele mai multe ori,nu se mai ajunge la recompensarea baneasca.Am intilnit foarte putine cazuri,totusi daca as gasi vreon bug,as cauta cumparatori seriosi care ar vrea sa exploteze vulnerabilitatea ,daca nu gasesc,si vad ca nici eu nu prea am ce face cu ea,atunci ii anunt.Plus ca s-ar putea sa gaseasca altu acelasi bug,si oricum ii va anunta. Quote
ROFL Posted July 30, 2011 Report Posted July 30, 2011 pentru unii oameni (ca mine) daca ar gasesc o vulnerabilitate ar prefera sa o raporteze si sa ia minim 500 de dolari decat sa o tina si sa se uite la ea ca nu au habar sa profite de ea si sa scoata sa zicem 2.000 dolariLe trimiti vulnerabilitatea, ei o rezolva si iti trimit raspuns ca a mai fost raportata sau nu iti raspund deloc. Deci raspunsul e NU. Quote
lns Posted July 30, 2011 Report Posted July 30, 2011 si cei de la yahoo au avut prin mai o asemenea "campanie" la bucuresti parca, insa ei au pus la dispozitie vulnerabilitati ca sa vada daca se pot exploata, insa toti cei care vroiau sa participe erau chemati la bucuresti si intr-un laborator de info le-au dat sansa de exploatareLE: openhackeu2011.eventbrite.com/ Quote
wildchild Posted July 30, 2011 Report Posted July 30, 2011 ... give us a reasonable time to respond to your report before making any information public and make a good faith effort to avoid privacy violations, destruction of data and interruption or degradation of our service during your research ......you idiot!give us a reasonable time to patch the bug in order to show you the middle finger Quote
totti93 Posted July 30, 2011 Report Posted July 30, 2011 De ce sa fiu White Hat? Am mai reportat vulnerabilitati la alte site-uri, dar s-au p*sat pe mine.. L-au rezolvat 1-2, fara sa-mi zica "Mersi"... Quote
XandZero Posted July 30, 2011 Report Posted July 30, 2011 Daca as avea o vulnerabitate si as putea sa scot mai mult de 500$ , nu as trimiteodaca nu as putea scoate nimic , cu mare drag as trimiteo .. Totti93 bine zici tu acolo , si eu am raportat la nush cate primarii , sti ce am primit ?Urmatoarea zi fixata vulnerabitatea , nimica . Quote
GarryOne Posted July 30, 2011 Report Posted July 30, 2011 eu sa gasesc o vulnerabilitate si sa o raportez si sa-si bata asa joc de mine, intru in casa peste iei cu toporul. Quote
GarryOne Posted July 30, 2011 Report Posted July 30, 2011 pe o suma ? ce siguranta ai tu ca aia iti dau banii, nu ai citit in posturile anterioare cum baietii si-au luat-o Quote
Stranger Posted July 30, 2011 Report Posted July 30, 2011 imi da banii, apoi le dau, daca nu, nu. Quote
poq Posted July 31, 2011 Report Posted July 31, 2011 Dai ma dracu,am raportat un XSS si ei pula.Ma asteptam macar la un multumesc din partea lor. Quote
symboss Posted July 31, 2011 Report Posted July 31, 2011 Anul trecut am gasit XSS activ pe Orange.md i-am anuntat,apoi am primit un mesaj "Sesizarea dvs. a fost receptionata,foarte curind o vom remedia",nici urma de recunostinta.Acel XSS,chiar ar fi valorat ceva.Cu 2 luni in urma am gasit SQLi la Banca de Economii(MD),i-am anuntat,si aceeasi situatie.O problema cred ca ar fi ca mesajul nu ajunge la cine trebuie,ajunge la un angajat simplu de relatii cu clientii,ala zice la sefu' departamentului tehnologic,si ala nu zice mai sus,ca de problema data sint vinoveti tot ei.Si aici se opreste toata povestea.Morola:Nu prea are sens sa-i anunti. Quote
Moderators Dragos Posted July 31, 2011 Moderators Report Posted July 31, 2011 Nu are rost sa raportati vulnerabilitatile. Gasisem si eu admin bypass la o librarie, i-am sunat si nici pana astazi nu mi-au raspuns si nici nu au reparat vulnerabilitatea. Quote
