Jump to content
Domnul.Do

[Review BugBounty] Marktplaats.nl

Recommended Posts

Posted (edited)

Marktplaats.nl este o adresa web care recent detine un program de Bug Bounty.

Informatie despre bounty:

Rewards

A typical bounty is a 350 EURO PayPal voucher.

We may increase the reward for specific security vulnerabilities reported, but the final amount is determined at Marktplaats' discretion.

Only 1 bounty per security vulnerability report will be awarded.

Am decis sa deschid acest thread pentru a vedea care este mentalitate lor in acest "program":

Data:11.07.2013

Am trimis un raport unde am atentionat ca sunt vulnerabili la XSS in structuri diferite

Data:12.07.2013

Am primit:

Dear [x],

Thank you for responsibly disclosing a security issue. Our engineers will look into the reports and fix the issue. I expect that this will be planned within the next 6 weeks.

We would like to offer you our eBay Classifieds branded 'WhiteHat' as a token of appreciation; if you send me your address details we will ship it. Again, thank you for bringing this to our attention.

Thanks,

Pieter Vlasblom

La care am cerut mai multe informatii despre acest token.

Data: 16.07.2017

Primesc raspunsul:

Dear [x],

It's a White Hat having the eBay classifieds logo on its side, we handle shipping.

Best Regards,

Pieter Vlasblom

Daca altcineva a avut tangenta cu ei sunt invitati sa faca un reply la acest thread,voi continua sa fac update-uri "in drum spre final".

Update #1:

Data 16.07.2013 (Multumesc Toshib4 de intrebare)

Am trimis:

-daca acel token se trimite de fiecare data cand se trimite un raport sau o singura data pe persoana

-confirmarea bounty-ului se face in procesul de remediere sau la final.

Edited by Domnul.Do
Update #1
Posted (edited)
Nu ziceau acolo ca dau vouchere de 350$ ?

Ala este bounty-ul dupa remedierea problemei.

Probabil acesta este doar un gift , deoarece nu zice nimic de un token in "Responsible Disclosure"-ul lor.

Daca tot am deschis acest thread,ce intrebari sa le mai trimit?

Edited by Domnul.Do
Posted

Si eu am patit acelasi lucru, pe un authorization bypass imi vor da un eBay Classifieds branded 'WhiteHat'.

Ba mai mult, pe un al doilea problem report, tot authorization bypass, mi-au zis ca imi vor da 350$, iar ei zic ca "A typical bounty is a 350 EURO PayPal voucher."

Sunt foarte neseriosi, chestia interesanta este ca dau feedback de pe un email @ebay.com

Posted (edited)
Si eu am patit acelasi lucru, pe un authorization bypass imi vor da un eBay Classifieds branded 'WhiteHat'.

Ba mai mult, pe un al doilea problem report, tot authorization bypass, mi-au zis ca imi vor da 350$, iar ei zic ca "A typical bounty is a 350 EURO PayPal voucher."

Sunt foarte neseriosi, chestia interesanta este ca dau feedback de pe un email @ebay.com

Pana acuma am ajuns oarecum unde ai ajuns si tu,dar dupa cate vad la tine o precizat de cei 350 EURO si la mine nu.

Au email de @ebay.com deoarece aici scrie:

(...) In 2004, Marktplaats.nl joined eBay. (...)

Presupun ca cei de la ebay au organizat programul de BugBounty

Si o alta informatie ciudata:

"These Marktplaats Security Vulnerability Policies are governed by Dutch law."

Edited by Domnul.Do

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...