guys i just found an xss vulnerability on a pretty high-traffic site, what should i do?
Guys i just found an xss vulnerability on a pretty high-traffic site, what should i do?
Other urls found in this thread:
Post about it on Jow Forums
sell it
Give them 30 days notice, and if they don't respond post it on a thread here.
you think that if i tweet about it to them theyll notice? they have like 1.7M followers it will just get buried, and i cant send a private message
No. Even so that's not a very responsible way to report it. Go to their site and see if you can find some real contact information.
just sent an email to the company who made the website, we'll see what they have to say
openbugbounty.org
will take a look at that, thanks
How did you find the vulnerability?
I was watching a live event and started to fuck with the chat during the half-time interval
How did you fuck with the chat?
Anonymously report via a bug bounty site or contact info from the site/WHOIS, but don't use your real info. Down here in dumbfuck Georgia, U S of A, my idiot state government is trying to let people get prosecuted for responsible disclosure.
give it back Jamal
I live in a third world country, they have bigger problems than me.
Doesnt apply here
exploit it you dumb faggot
How? What do you want me to do?
html tags as usernames
Obviously inject bitcoin miners into everyone's browser?
Might also be able to steal session tokens or something and get peoples' accounts.
Rollin
use it to drop javascript that makes dicks fly around on the user's screen
Not worth it, id be risking legal trouble for very little reward, they are gonna notice right away.
>not mentioning if it's stored or reflected
Lots of options, need details OP.
Client dom based xss