tudor13mn13 Posted January 25, 2014 Report Posted January 25, 2014 (edited) Salut RST !Recent , m-am apucat sa caut vulnerabilitati in aplicatii web.1.Am un cont paypal , pe care NU am atasat nici-un card . Pot folosi contul pentru a plati online / transfera bani cuiva ?2.Am gasit o vuln in google in care apare o eroare care te pune sa dai click undeva , si downloadeaza virusul(stealer/rat/etc).Cat credeti ca se da pt asa ceva ? //edit : Eu am trimis poze cenzurate la google si le-am spus sa ma contacteze pt mai multe detalii.credeti ca ma vor baga in seama ? Edited January 25, 2014 by tudor13mn13 Quote
monstertube Posted January 25, 2014 Report Posted January 25, 2014 Noua nu ne dai poze ? Is curios ce-ai gasit Quote
Htich Posted January 26, 2014 Report Posted January 26, 2014 1) Din cate stiu , la fiecare metoda de plata cu paypal trebuie sa ai atasat cardul ( sau un card oarecare ).2) Din 10 situri gasite pe 6 au "Bugul" respectiv , o sa faci o caruta de bani .2.1) Google va detecta "bugul" si spre norocul tau te va plati.2.2)Poti sa vinzi bugul respectiv pe $ persoanelor intersate de acel bug 3) Daca nu , Bravo tie .4 ) The END ! Quote
poq Posted January 26, 2014 Report Posted January 26, 2014 Salut RST !Recent , m-am apucat sa caut vulnerabilitati in aplicatii web.1.Am un cont paypal , pe care NU am atasat nici-un card . Pot folosi contul pentru a plati online / transfera bani cuiva ?2.Am gasit o vuln in google in care apare o eroare care te pune sa dai click undeva , si downloadeaza virusul(stealer/rat/etc).Cat credeti ca se da pt asa ceva ? //edit : Eu am trimis poze cenzurate la google si le-am spus sa ma contacteze pt mai multe detalii.credeti ca ma vor baga in seama ?La Google nu trebuie sa spui sa te contacteze pentru mai multe detalii, o sa te contacteze ei oricum sa iti zica daca e ceva de reward sau nu, iar ei nu fac plata in contul de PayPal.. Quote
Active Members Fi8sVrs Posted January 26, 2014 Active Members Report Posted January 26, 2014 Salut RST !//edit : Eu am trimis poze cenzurate la google si le-am spus sa ma contacteze pt mai multe detalii.credeti ca ma vor baga in seama ?citeste asta https://rstforums.com/forum/67118-sfaturi-raport-de-vulnerabilitate.rst#post433560 Quote
tudor13mn13 Posted January 26, 2014 Author Report Posted January 26, 2014 Pana la urma nu m-am lamurit.Daca le-am trimis o poza cenzurata si am explicat ce se intampla , o sa primesc un mail inapoi , sau nici nu o sa ma bage in seama ?Si cam cat dureaza sa raspunda (cei de la google)Share Quote
poq Posted January 26, 2014 Report Posted January 26, 2014 (edited) Depinde de situatie, daca e ceva grav raspund cel mai probabil urmatoarea zi. Dar la ce adresa ai trimis email?Trebuie trimis la adresa asta security@google.com si dupa scurt timp primesti un mesaj de confirmare pe email, ceva de genul:[FONT=Helvetica Neue]Thanks for the vulnerability report.This email confirms we've received your message. We'll investigate and get back to you once we've got an update.[/FONT][FONT=Helvetica Neue]Cheers,Google Security Bot[/FONT][B]Report Details[/B][FONT=Helvetica Neue][B]Email Subject:[/B][/FONT][FONT=Helvetica Neue][B]Category: [/B][/FONT][FONT=Helvetica Neue][B]Product: [/B][/FONT][FONT=Helvetica Neue][B]Cid: [/B][/FONT] Iar atunci cand o sa il ia in vizor o sa primesti astaHey - Just letting you know that your report was triaged and we're currently looking into it. You should receive a response in a couple of days, but it might take up to a week if we're particularly busy.[FONT=Helvetica Neue]Thanks,Google Security Team[/FONT] Edited January 26, 2014 by poq Quote
tudor13mn13 Posted January 26, 2014 Author Report Posted January 26, 2014 Depinde de situatie, daca e ceva grav raspund cel mai probabil urmatoarea zi. Dar la ce adresa ai trimis email?Am trimis la security@google.com , apoi am primit un mail automat care m-a dus la form-ul unde sa completez toate alea.Pardon : Am trimis o poza necenzurata (unde se vedea linkul). Quote
poq Posted January 26, 2014 Report Posted January 26, 2014 Stai, ce form ai avut de completat?Normal cand primesti confirmarea nu ai nici un form de completat... Quote
tudor13mn13 Posted January 26, 2014 Author Report Posted January 26, 2014 Stai, ce form ai avut de completat?Normal cand primesti confirmarea nu ai nici un form de completat...Deci eu am trimis mail la security@google.com-Am primit un raspuns automat in care mi-au zis sa ma duc la https://www.google.com/appserve/security-bugs/new?rl=-Am completat acolo , unde am pus si o poza necenzurata unde se vede linkulProblema este urmatoarea:Cand o sa vada ca eu am trimis poza necenzurata , o sa ma ia de fraier si nu o sa prim. nimic , sau imi raspund , si sa ma intrebe cum sa ma rasplateasca?Uite asta: Quote
poq Posted January 26, 2014 Report Posted January 26, 2014 (edited) A, ai trimis email direct catre security@google.com, am uitat sa mentionez ca trebuie sa completezi aici goo.gl/vulnz.O sa iti raspunda ei, indiferent daca e ceva sau nu.Tu ai primit asa pentru ca ai trimis email direct si nu prim form.[FONT=Helvetica Neue][B]*** IMPORTANT - PLEASE READ ***[/B][/FONT][FONT=Helvetica Neue][B]Hello[/B][/FONT][FONT=Helvetica Neue][B]If you are reporting a security vulnerability in one of our products, we strongly urge you to [URL="https://www.google.com/appserve/security-bugs/edit?rl=i7nnn46n988ainrhwsnyozxq"]click here[/URL] to provide us with some additional information needed to process and prioritize your report. You will be able to expedite urgent or high-severity reports.[/B][/FONT][FONT=Helvetica Neue][B][U]NOTE[/U]: If you are not reporting a legitimate security vulnerability in one of our services, you won't receive a response and we'll be unable to take action on your message.[/B][/FONT][FONT=Helvetica Neue][B]Solutions to common non-vulnerability problems:[/B][/FONT][LIST][*][B]For account hijackings, please go [URL="http://www.google.com/support/youtube/bin/answer.py?answer=76187"]here for Youtube[/URL], and [URL="http://www.google.com/support/accounts/bin/answer.py?answer=117219"]here for Google Accounts[/URL] (including Gmail).[/B][*][B]For other problems with account security in [URL="http://mail.google.com/support/bin/topic.py?topic=12784"]Gmail[/URL], [URL="http://www.google.com/support/youtube/bin/topic.py?topic=13044"]Youtube[/URL] or [URL="http://checkout.google.com/support/bin/answer.py?answer=42821&topic=8942"]Checkout[/URL].[/B][*][B]For requests to remove content in [URL="http://www.google.com/support/bin/topic.py?topic=360"]Search[/URL], [URL="http://www.google.com/help/maps/streetview/privacy.html"]Streetview[/URL], [URL="http://maps.google.com/support/bin/answer.py?answer=98014"]Maps[/URL], [URL="http://www.google.com/support/youtube/bin/answer.py?answer=178909"]Youtube[/URL], [URL="http://help.orkut.com/support/bin/answer.py?answer=57444&topic=10310"]Orkut[/URL], [URL="http://www.google.com/support/blogger/bin/answer.py?topic=12468&answer=76315"]Blogger[/URL], or [URL="http://www.google.com/security.html"]any other product[/URL].[/B][*][B]To report [URL="http://www.google.com/safebrowsing/report_badware/"]malware[/URL] or [URL="http://www.google.com/safebrowsing/report_phish/"]phishing[/URL] sites, or [URL="http://adwords.google.com/support/aw/bin/request.py?display=feedback"]inappropriate or malicious advertisements[/URL].[/B][*][B]For [URL="http://www.google.com/support/accounts/bin/topic.py?topic=14146"]scams[/URL], including fake lotteries and job offers.[/B][/LIST][B][FONT=Helvetica Neue]For anything else, please go to our [/FONT][URL="http://www.google.com/support/"]Google Support[/URL][FONT=Helvetica Neue] page as our team won't be able to help you.If you do not wish to complete our online form, simply ignore this message to have your original email entered into our system without additional details. This option is not recommended and may lead to delays in processing your report.[/FONT][FONT=Helvetica Neue]Regards,Google Security Team[/FONT][/B] Dar acum ca ai completat acolo e ok, asteapta sa iti raspunda. Edited January 26, 2014 by poq Quote
tudor13mn13 Posted January 26, 2014 Author Report Posted January 26, 2014 A, ai trimis email direct catre security@google.com, am uitat sa mentionez ca trebuie sa completezi aici goo.gl/vulnz.O sa iti raspunda ei, indiferent daca e ceva sau nu.Tu ai primit asa pentru ca ai trimis email direct si nu prim form.[FONT=Helvetica Neue][B]*** IMPORTANT - PLEASE READ ***[/B][/FONT][FONT=Helvetica Neue][B]Hello[/B][/FONT][FONT=Helvetica Neue][B]If you are reporting a security vulnerability in one of our products, we strongly urge you to [URL="https://www.google.com/appserve/security-bugs/edit?rl=i7nnn46n988ainrhwsnyozxq"]click here[/URL] to provide us with some additional information needed to process and prioritize your report. You will be able to expedite urgent or high-severity reports.[/B][/FONT][FONT=Helvetica Neue][B][U]NOTE[/U]: If you are not reporting a legitimate security vulnerability in one of our services, you won't receive a response and we'll be unable to take action on your message.[/B][/FONT][FONT=Helvetica Neue][B]Solutions to common non-vulnerability problems:[/B][/FONT][LIST][*][B]For account hijackings, please go [URL="http://www.google.com/support/youtube/bin/answer.py?answer=76187"]here for Youtube[/URL], and [URL="http://www.google.com/support/accounts/bin/answer.py?answer=117219"]here for Google Accounts[/URL] (including Gmail).[/B][*][B]For other problems with account security in [URL="http://mail.google.com/support/bin/topic.py?topic=12784"]Gmail[/URL], [URL="http://www.google.com/support/youtube/bin/topic.py?topic=13044"]Youtube[/URL] or [URL="http://checkout.google.com/support/bin/answer.py?answer=42821&topic=8942"]Checkout[/URL].[/B][*][B]For requests to remove content in [URL="http://www.google.com/support/bin/topic.py?topic=360"]Search[/URL], [URL="http://www.google.com/help/maps/streetview/privacy.html"]Streetview[/URL], [URL="http://maps.google.com/support/bin/answer.py?answer=98014"]Maps[/URL], [URL="http://www.google.com/support/youtube/bin/answer.py?answer=178909"]Youtube[/URL], [URL="http://help.orkut.com/support/bin/answer.py?answer=57444&topic=10310"]Orkut[/URL], [URL="http://www.google.com/support/blogger/bin/answer.py?topic=12468&answer=76315"]Blogger[/URL], or [URL="http://www.google.com/security.html"]any other product[/URL].[/B][*][B]To report [URL="http://www.google.com/safebrowsing/report_badware/"]malware[/URL] or [URL="http://www.google.com/safebrowsing/report_phish/"]phishing[/URL] sites, or [URL="http://adwords.google.com/support/aw/bin/request.py?display=feedback"]inappropriate or malicious advertisements[/URL].[/B][*][B]For [URL="http://www.google.com/support/accounts/bin/topic.py?topic=14146"]scams[/URL], including fake lotteries and job offers.[/B][/LIST][B][FONT=Helvetica Neue]For anything else, please go to our [/FONT][URL="http://www.google.com/support/"]Google Support[/URL][FONT=Helvetica Neue] page as our team won't be able to help you.If you do not wish to complete our online form, simply ignore this message to have your original email entered into our system without additional details. This option is not recommended and may lead to delays in processing your report.[/FONT][FONT=Helvetica Neue]Regards,Google Security Team[/FONT][/B] Dar acum ca ai completat acolo e ok, asteapta sa iti raspunda.Multumesc.Dar tot nu m-ai lamurit Daca le-am dat poza necenzurata , si daca vad linkul o repara si nu primesc nimic ? Sau imi raspund si imi multumesc si ma platesc?Si , dau in paypal ? Quote
poq Posted January 26, 2014 Report Posted January 26, 2014 Dac? este cu adev?rat o problema acolo o sa iti r?spund?, stai lini?tit ca nu se joaca ei sa repare si sa nu iti r?spund?. Chiar daca nu este o problema tot o sa iti zica de ce nu te-ai calificat pentru reward. Daca o sa iti zica "Hi ****,Nice catch! I’ve filed a bug and will update you once we’ve got more information.Regards,*****, Google Security Team"atunci esti pe drumul cel bun deocamdat?.Ei nu trimit banii prin paypal, doar transfer bancar. Quote
BlitzKrieg Posted January 29, 2014 Report Posted January 29, 2014 Da-ne ma si noua bug-ul ! Faci pe desteptul il trimiti tu la google sa iti dea aia bani asa milog esti iti dau eu bani pe el daca e bun posteaza-l aici sa il vedem si noi. Ce te astepti sa te angajeze aia la ei sau sa iti dea cateva mii asa ca ai gasit tu un bug?Ba ai dreq sunt romanii astia ca natie...Pune-l aici ca tot cu noi faci treaba ! Quote
