Guys i just found an xss vulnerability on a pretty high-traffic site, what should i do?

Question

Guys i just found an xss vulnerability on a pretty high-traffic site, what should i do?

Nolan Gutierrez

guys i just found an xss vulnerability on a pretty high-traffic site, what should i do?

Attached: 1539966402226.png (3840x2160, 1.61M)

February 10, 2019 - 22:18

Other urls found in this thread:

openbugbounty.org/
twitter.com/SFWRedditGifs

Charles Garcia

Post about it on Jow Forums

February 10, 2019 - 22:19

John Green

sell it

February 10, 2019 - 22:19

Ayden Bennett

Give them 30 days notice, and if they don't respond post it on a thread here.

February 10, 2019 - 22:20

Andrew Edwards

you think that if i tweet about it to them theyll notice? they have like 1.7M followers it will just get buried, and i cant send a private message

February 10, 2019 - 22:30

Camden Jones

No. Even so that's not a very responsible way to report it. Go to their site and see if you can find some real contact information.

February 10, 2019 - 22:37

Jeremiah James

just sent an email to the company who made the website, we'll see what they have to say

February 10, 2019 - 22:44

Grayson Hughes

openbugbounty.org/ Is a site where people can send notices to the owners of webpages informing them of these types of vulnerabilities. They get some time to fix it before the vulnerability is made public. It was formerly xxsposed.org

February 10, 2019 - 22:47

Dominic Peterson

will take a look at that, thanks

February 10, 2019 - 22:53

Noah Powell

How did you find the vulnerability?

February 10, 2019 - 23:30

Cameron Sanders

I was watching a live event and started to fuck with the chat during the half-time interval

February 10, 2019 - 23:59

Christian Hernandez

How did you fuck with the chat?

February 11, 2019 - 00:29

Hudson Phillips

Anonymously report via a bug bounty site or contact info from the site/WHOIS, but don't use your real info. Down here in dumbfuck Georgia, U S of A, my idiot state government is trying to let people get prosecuted for responsible disclosure.

February 11, 2019 - 00:38

Lucas Bailey

give it back Jamal

February 11, 2019 - 00:51

Joshua Phillips

I live in a third world country, they have bigger problems than me.

Doesnt apply here

February 11, 2019 - 01:19

Tyler Johnson

exploit it you dumb faggot

February 11, 2019 - 01:20

Asher Jones

How? What do you want me to do?

February 11, 2019 - 01:22

Luke Evans

html tags as usernames

February 11, 2019 - 01:23

Brayden Young

Obviously inject bitcoin miners into everyone's browser?
Might also be able to steal session tokens or something and get peoples' accounts.

February 11, 2019 - 01:25

Joshua Morgan

Rollin

February 11, 2019 - 01:28

Aiden Hughes

use it to drop javascript that makes dicks fly around on the user's screen

February 11, 2019 - 02:04

Ryan Foster

Not worth it, id be risking legal trouble for very little reward, they are gonna notice right away.

February 11, 2019 - 04:12

Luke Howard

>not mentioning if it's stored or reflected
Lots of options, need details OP.

February 11, 2019 - 04:23

Robert Young

Client dom based xss

February 11, 2019 - 07:08

1 2 3 Next

Guys i just found an xss vulnerability on a pretty high-traffic site, what should i do?

Last threads