Title: bitcointalk vulnerability Post by: k3rnel31 on May 28, 2019, 01:19:47 AM hi , i have discovered some vulnerability in bitcointalk in simple machine code , about emails & usernames , would be any bounty if i show them ?
thanks Title: Re: bitcointalk vulnerability Post by: TryNinja on May 28, 2019, 01:23:11 AM Possibly. It depends on what the vulnerability is and what it does.
Everything you need to know can be found here: Security bounties (https://bitcointalk.org/index.php?topic=309785.0) Title: Re: bitcointalk vulnerability Post by: ene1980 on May 28, 2019, 05:17:10 AM hi , i have discovered some vulnerability in bitcointalk in simple machine code , about emails & usernames , would be any bounty if i show them ? You can contact Theymos regarding that, send him a PM and see what he has to say about it or wait until he responds here and i am certain he will give you the bounty if it is a legit vulnerability.thanks Still trying to figure the last part of your post @OP. If you meant would you be able to join a bounty after you must have shown your claimed discover. I don't think that's possible you don't have the needed rank or activities to join a bounty yet https://bitcointalk.org/index.php?topic=2818350.0 He is not talking about joining any bounty mate, he wants to help the forum out and help with solving the vulnerability and if he does that is he eligible for a bounty if he reveals those vulnerability as he claims.But after showing it if it's good then you can be awarded merit which you require. Title: Re: bitcointalk vulnerability Post by: eternalgloom on May 28, 2019, 08:48:52 AM Still trying to figure the last part of your post @OP. If you meant would you be able to join a bounty after you must have shown your claimed discover. I don't think that's possible you don't have the needed rank or activities to join a bounty yet https://bitcointalk.org/index.php?topic=2818350.0 But after showing it if it's good then you can be awarded merit which you require. I laughed out loud when I read this comment :') Completely wrong context, seems that the word bounty only has one meaning for most people on this forum. OP, definitely do send a pm to Theymos, if you can. Not sure if he'd read PM's from new members, so I'd make the topic of your PM very clear. Is this a publicly known bug or is it a zero-day that you've found yourself? Edit: - 1 XAU: Find the email address of user DefaultTrust (https://bitcointalk.org/index.php?action=profile;u=122551;sa=summary) and explain in detail how you did it. No idea how to find the actual email address though. Then again, if you indeed do have access to emails & usernames, you shouldn't have a problem with that ;) Title: Re: bitcointalk vulnerability Post by: GreatArkansas on May 28, 2019, 10:32:47 AM Still trying to figure the last part of your post @OP. If you meant would you be able to join a bounty after you must have shown your claimed discover. I don't think that's possible you don't have the needed rank or activities to join a bounty yet https://bitcointalk.org/index.php?topic=2818350.0 I laughed out loud when I read this comment :') Completely wrong context, seems that the word bounty only has one meaning for most people on this forum. But after showing it if it's good then you can be awarded merit which you require. Can I report that post of Sharon121212 to the moderator? Title: Re: bitcointalk vulnerability Post by: hilariousandco on May 28, 2019, 11:11:22 AM - 1 XAU: Find the email address of user DefaultTrust (https://bitcointalk.org/index.php?action=profile;u=122551;sa=summary) and explain in detail how you did it. Title: Re: bitcointalk vulnerability Post by: LoyceV on May 28, 2019, 11:57:27 AM - 1 XAU: Find the email address of user DefaultTrust (https://bitcointalk.org/index.php?action=profile;u=122551;sa=summary) and explain in detail how you did it. Title: Re: bitcointalk vulnerability Post by: TryNinja on May 28, 2019, 12:02:03 PM So the bounty is 1 ounce of gold, worth $1283.29 (https://goldprice.org/) and paid as 0.1468BTC (http://preev.com/)? If he "finds the email address of user DefaultTrust and explain in detail how he did it", he gets 1 ounce of gold worth in BTC. That's based on what OP said about his vulnerability: "about emails & usernames"; But, he can get more based on a few factors found in the thread I linked above. Example: Root access from a regular user (8 ounces) related to a security flaw in non-PHP software used by the forum (150%) would give him 150% of 8 oz of gold = 12 oz. Title: Re: bitcointalk vulnerability Post by: eternalgloom on May 28, 2019, 01:05:46 PM Is that considered as 'off-topic' post? Can I report that post of Sharon121212 to the moderator? You can report any post you want, it doesn't mean it will be accepted though. OP, definitely give an update on whether you've received the bounty. Without disclosing the vulnerability of course ;) |