I went out for dinner and I took some endpoint

I went out for dinner and I took some endpoint(scarpino.dev)

46 points by ilpianista 4 years ago | 6 comments

Mo3 4 years ago |

> They politely replied that they don’t provide bug bounties and the endpoints have been patched.

Yeah. No wonder people are selling this stuff.

0xdeadb00f 4 years ago | |

At this point I feel like an anonymous platform for publicly available bugs and vulns like this would be a good thing.

Oh, you don't do a bug bounty, and you say it's fixed when it clearly isn't? Okay, then it shouldn't be a problem if I publicly name, shame and provide a POC for everyone to see.

Though, I'm sure most people would just sell it to a vulnerability broker instead and make a quick buck.

Note: Such a platform I'm invisioning here would definitely be illegal. I'm aware.

thrashh 4 years ago | | |

While I support companies having bug bounty programs, I also can’t justify why a company must be obligated to provide a bug bounty program.

It’s like obligating companies to have a user feedback program.

Mo3 4 years ago | | |

You just described any darknet market

Some of them even have „autoshops“ where you can sell cc info to the system with price limit and buyers get matched like in a financial market with an orderbook. No shit

skilled 4 years ago |

“We don’t do bug bounties, but here’s our customer data.”

g4zj 4 years ago |

orderby: "id DESC"

I sure hope the backend uses prepared SQL statements.