Jump to content
Nytro

Lista site-urilor care au un program Bug Bounty

Recommended Posts

1800$ pentru RCE/SQLi si 100$ pentru un xss, haha ....

Probabil, nu ai v?zut companii care nu-?i ofer? nimic, sau mai r?u, te amenin?? cu judecata?! În fine, fiecare companie ofer? exact atât cât crede de cuviin??, iar utilizatorii singuri aleg — $2k/lun? de la Google sau $9k într-o singur? zi de la o companie necunoscut?.

Share this post


Link to post
Share on other sites

Nu e vorba de asta dar programul lor e total ambiguu. Nu poti cataloga un xss de exemplu la fel de important ca un open url redirect.

Sau pentru o metoda de bypass la `Two-factor authentication` sa dai 4000$, unde pana la urma grupul tinta de utilizatori in vederea unui atac e destul de mic, iar la un SQLi sa dai 1000$ cu care poti extrage toata baza de date cu toti utilizatorii .

Share this post


Link to post
Share on other sites
Nu e vorba de asta dar programul lor e total ambiguu. Nu poti cataloga un xss de exemplu la fel de important ca un open url redirect.

Sau pentru o metoda de bypass la `Two-factor authentication` sa dai 4000$, unde pana la urma grupul tinta de utilizatori in vederea unui atac e destul de mic, iar la un SQLi sa dai 1000$ cu care poti extrage toata baza de date cu toti utilizatorii .

Îmi cer scuze, îns? nu am în?eles din start mesajul t?u. Totu?i, „dup? culise” se vede mai bine — po?i oferi chiar ?i $9000k pentru un SQL-injection atunci când ?tii c? aplica?ia ta salveaz?/cite?te datele doar în/din fi?iere text.

Share this post


Link to post
Share on other sites
Ceva oficial cu .yahoo.com in coada ?
Update - 2 October 2013:

Yahoo has now rushed forward its plans to reward researchers: "So rather than wait any longer, we’ve decided to preview our new vulnerability reporting policy a bit early." There are five main areas to the new policy: improved reporting, improved validation, improved remediation, the implementation of a 'hall of fame' – and a reward scheme paying between $150 - $15,000. The small print on the new policy hasn't been finalised, and the scheme will be formally launched on October 31, 2013.

posibil sa apara pe 31 oficial

https://www.htbridge.com/news/what_s_your_email_security_worth_12_dollars_and_50_cents_according_to_yahoo.html

====================================================================

Google:

On October 9, 2013, we announced a new, experimental program that rewards proactive security improvements to select open-source projects. This effort complements and extends our long-running vulnerability reward programs for Google web applications and for Google Chrome.

https://www.google.com/about/appsecurity/patch-rewards/

Edited by Fi8sVrs

Share this post


Link to post
Share on other sites

So I’m the guy who sent the t-shirt out as a thank you. | Yahoo! Developer Network

The small print on the revised policy isn’t quite final. We will release the new policy by October 31, 2013. In the meantime, the benefits of the policy will be implemented retroactively back to July 1, 2013. If you submitted something to us and we responded with an acknowledgement (and probably a t-shirt) after July 1st, we will reconnect with you about this new program. This includes, of course, a check for the researchers at High-Tech Bridge who didn’t like my t-shirt.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...