|
Title: Offering to find exploits in your website for BTC Post by: IamAGentleman on January 18, 2015, 10:23:29 PM I am offering to find exploits in your scripts or new websites. I am offering different prices depending on the severity.
Minor are exploits to get in to protected areas of your script normal are security bypasses major are xss, sql type injections to deface, steal accounts btc etc. I can view scripts or test websites, it's up to you. If you are interested then please contact me. Title: Re: Offering to find exploits in your website for BTC Post by: Gazby on January 19, 2015, 03:03:35 AM What tools would you be using?
Title: Re: Offering to find exploits in your website for BTC Post by: IamAGentleman on January 19, 2015, 10:28:24 PM What tools would you be using? My own custom made one. Title: Re: Offering to find exploits in your website for BTC Post by: Gazby on January 20, 2015, 12:40:52 AM That's not the answer people will be wanting.
A security scan is not about finding random vulnerabilities with your fancy homemade tools, but about reducing the potential for compromise. Your tool is an unknown quantity, and thus provides no assurances as to how the potential for compromise is reduced. Title: Re: Offering to find exploits in your website for BTC Post by: Vortex20000 on January 20, 2015, 12:45:24 AM That's not the answer people will be wanting. quality*A security scan is not about finding random vulnerabilities with your fancy homemade tools, but about reducing the potential for compromise. Your tool is an unknown quantity, and thus provides no assurances as to how the potential for compromise is reduced. Also, bots nowadays (or "tools") can't find good exploits. Most of the ones I've found were found through several hours of really getting into it. Title: Re: Offering to find exploits in your website for BTC Post by: Gazby on January 20, 2015, 12:59:38 AM "Unknown quantity" is a turn of phrase - a person or thing whose nature, value, or significance cannot be determined or is not yet known. Thus implying of unknown quality.
No one will disagree that bots aren't any good at finding anything original; the benefit is in patching holes that can be found in an automated fashion, thereby getting yourself out of the low-hanging-fruit camp. Title: Re: Offering to find exploits in your website for BTC Post by: b!z on February 04, 2015, 06:44:33 AM What tools would you be using? My own custom made one. So you figured out how to compile Metasploit from source. |