Domnul.Do Posted November 10, 2013 Report Posted November 10, 2013 Rezumat:Undeva la inceputul anului 2013 am deschis 6 incidente de securitate , deoarece nu am fost inregistrat la ei nu am primit raspuns pana acuma.Mi-au trimis zilele trecute un raspuns pentru bug bounty-ul acumulat (o suma destul de mica pentru 6 incidente de securitate) si trebuie sa completez documentele W8-BEN si Foreign Vendor Questionnaire precum si alte inforimatii personale.Email:(...)INFORMATION REQUIRED FROM INTERNATIONAL REPORTERS:v Full Name (first, middle initial and last name)v Current residence addressv Contact Phone Numberv W8-BEN FOR INTERNATIONAL REPORTERS, (attached) signed and filled out completely Note - Part IV fill out completelyv This form will need to be sent back electronically as well as hard copy (return address will be provided when we receive your electronic copy.)v Foreign Vendor Questionnaire (attached) v SWIFT Supporting DocumentationBank Letter Confirming Routing Number / SWIFT BIC NumberAccount Type checking or savingsBeneficiary Bank NameBeneficiary Account NumberBank info on Company Letterhead/InvoiceContact at Bank(...)Problema:Acuma problema este ca nu am avut tangenta cu formularul "Foreign Vendor Questionnaire" si nu stiu exact cum sa il completez , cateva informatii despre cum sa completez furnizate de catre ei:2. How do I fill out Foreign Questionnaire form? If you are an international reporter, the Foreign Questionnaire must be filled out. Please answer questions 1-3, 5, 6 (on question 6 please put AT&T Bug Bounty payout of REF: number) and question 7. Signed and dated. Cer sprijinul persoanelor care au avut tangenta pentru intocmirea corecta a formularului "Foreign Vendor Questionnaire" .Alte informatii:Foreign Vendor Questionnaire : Foreign Vendor Questionnaire.pdf - DocDroid Quote
dekeeu Posted November 10, 2013 Report Posted November 10, 2013 Deci , iti spun cum l-am completat eu (tot pentru AT&T):PART 1: 1-Nume,2-Romania,3-Nonresident...PART 2: 5-Provision of labor or personal services-Performing labor or personal services exclusively outside the United States . 6-AT&T BUG BOUNTY PROGRAM ,PART 3: 7-W8-BEN + informatiile de la sfarsitul paginii toate.Mentionez ca inca nu l-am trimis dar cred ca o voi face maine. Quote
Domnul.Do Posted November 10, 2013 Author Report Posted November 10, 2013 Deci , iti spun cum l-am completat eu (tot pentru AT&T):PART 1: 1-Nume,2-Romania,3-Nonresident...PART 2: 5-Provision of labor or personal services-Performing labor or personal services exclusively outside the United States . 6-AT&T BUG BOUNTY PROGRAM ,PART 3: 7-W8-BEN + informatiile de la sfarsitul paginii toate.Mentionez ca inca nu l-am trimis dar cred ca o voi face maine.Un like nu e destul dar o multumire publica probabil: Multumesc Toshib4! Quote
dekeeu Posted November 10, 2013 Report Posted November 10, 2013 La punctul 6 sa completezi asa cum ti-au spus ei, nu cum am scris mai sus , respectiv:AT&T Bug Bounty payout of REF: number iar number este numarul pe care il ai in mail-ul primit de la ei. (nu de alta, dar mie mi-au dat termen in care pot trimite formularul, si ar fi urat sa pierzi niste bani pentru 1 greseala minora) . Quote
Domnul.Do Posted November 10, 2013 Author Report Posted November 10, 2013 La punctul 6 sa completezi asa cum ti-au spus ei, nu cum am scris mai sus , respectiv: iar number este numarul pe care il ai in mail-ul primit de la ei. (nu de alta, dar mie mi-au dat termen in care pot trimite formularul, si ar fi urat sa pierzi niste bani pentru 1 greseala minora) .Am 6 incidente,probabil formatul o sa fie asa: AT&T Bug Bounty payout of REF:1,2,3,4,5,6Cu alte cuvinte daca nu este precizat daca sunt mai multe ref ,ma gandesc ca este la libera alegere formatul .Probabil toti care au trimis incidente vor primi un astfel de raspuns , cu un termen de trimite si bug bounty-ul ajunge undeva la sfarsitul anului (probabil sa poate inchide anul in "documente") Quote
mah_one Posted November 10, 2013 Report Posted November 10, 2013 (edited) Domnul.Do, astia de la AT&T sunt cei mai idioti, dar nu ii depasesc pe cei de la paypal (astia sunt din alta categorie).In fine, ideea e ca eu le-am trimis w8ben si tot ce mai trebuie si le-am dat iban, swift code, etc sa imi bage banii in contul bancar. Ei mi-au zis ca au nevoie de scrisoare de la banca cum ca tot ce am zis este adevart. Aia de la banca au ramas si ei uimiti de ce cereau astia de la AT&T.... Edited November 10, 2013 by mah_one Quote
Active Members akkiliON Posted November 11, 2013 Active Members Report Posted November 11, 2013 AT&T thanks you for your Report(s). While the scope of AT&T’s Bug Bounty program during this time frame was limited to our Developer API platform only we would still like to reward you a bounty. As a result of your report(s), we would like to reward you with a bounty of $ 100.00.Ce mult am primit ?i eu. Quote
Domnul.Do Posted November 11, 2013 Author Report Posted November 11, 2013 Ce mult am primit ?i eu.Dar ce sa zic de povestea mea: un XSS in main page si restul 5 (tot XSS) in subdomenii diferite si am un total de 200$ . Quote
Active Members akkiliON Posted November 11, 2013 Active Members Report Posted November 11, 2013 Dar ce sa zic de povestea mea: un XSS in main page si restul 5 (tot XSS) in subdomenii diferite si am un total de 200$ .Mda. Aiurea de tot ! Quote
mah_one Posted November 11, 2013 Report Posted November 11, 2013 eu stau cel mai bine.... am raportat un auth bypass in site-ul principal (reset password vulnerability)..... asta a fost de foarte mult timp si am luat 500$ si ma chinui de 1 an sa ii scot de la ei. Quote
Active Members akkiliON Posted November 12, 2013 Active Members Report Posted November 12, 2013 Nu în?eleg unde trebuie s? trimit datele bancare. Trebuie s? le dau un reply cu toate datele la acel mesaj care l-am primit în leg?tur? cu recompensa ? Quote
nacks Posted November 12, 2013 Report Posted November 12, 2013 Cand ati primit mail de la ei ? ... am si eu raportat cate ceva la ei, dar momentan nu am primit nimic. Am vazut doar ca m au adaugat in HOF si ... atat ... MS Quote
Active Members akkiliON Posted November 12, 2013 Active Members Report Posted November 12, 2013 Sapt?mâna trecut? am primit mesajul. Quote
nacks Posted November 12, 2013 Report Posted November 12, 2013 ... Decisions on future award payouts will be made at a later date.We apologize for any inconvenience, and we sincerely appreciate your report(s).Thank you,AT&T Bug Bounty Team Asta am primit pe 24.09.2013 si de atunci ... liniste ! Quote