At this point I feel like an anonymous platform for publicly available bugs and vulns like this would be a good thing.
Oh, you don't do a bug bounty, and you say it's fixed when it clearly isn't? Okay, then it shouldn't be a problem if I publicly name, shame and provide a POC for everyone to see.
Though, I'm sure most people would just sell it to a vulnerability broker instead and make a quick buck.
Note: Such a platform I'm invisioning here would definitely be illegal. I'm aware.
Some of them even have „autoshops“ where you can sell cc info to the system with price limit and buyers get matched like in a financial market with an orderbook. No shit
7 comments
[ 4.5 ms ] story [ 30.0 ms ] threadYeah. No wonder people are selling this stuff.
Oh, you don't do a bug bounty, and you say it's fixed when it clearly isn't? Okay, then it shouldn't be a problem if I publicly name, shame and provide a POC for everyone to see.
Though, I'm sure most people would just sell it to a vulnerability broker instead and make a quick buck.
Note: Such a platform I'm invisioning here would definitely be illegal. I'm aware.
It’s like obligating companies to have a user feedback program.
Some of them even have „autoshops“ where you can sell cc info to the system with price limit and buyers get matched like in a financial market with an orderbook. No shit
I sure hope the backend uses prepared SQL statements.