Bitcoin Forum
November 19, 2024, 11:06:32 AM *
News: Check out the artwork 1Dq created to commemorate this forum's 15th anniversary
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: I found an exploit. Where to sell?  (Read 1812 times)
PremiumCodeX (OP)
Hero Member
*****
Offline Offline

Activity: 1204
Merit: 531


Metaverse 👾 Cyberweapons


View Profile
December 30, 2016, 08:45:49 PM
 #1

It is NOT that I want to sell the exploit itself in this forum. Let us say, I found an exploit in a library that alot of crypto products use and cannot handle in their code. Again, I do not want to destroy them by selling what I found itself.

So, what are my options to HELP people with this knowledge AND still make PROFIT?

I have my doubts that releasing a public thread about it would mean any help and reporting it individually may not reach the desired impact especially if the developers have less sophisticated English communication skills and the discussion ends up in confusion as I experienced a few times in the past.

[TUTORIAL] How to steal $350 000?
Best OS for recovering stolen BTCs.
Visit our FREE Bitcointalk thread.
poesjesvanger
Full Member
***
Offline Offline

Activity: 154
Merit: 100


View Profile WWW
December 30, 2016, 08:46:33 PM
 #2

Sell it to 1 person on this forum?

PremiumCodeX (OP)
Hero Member
*****
Offline Offline

Activity: 1204
Merit: 531


Metaverse 👾 Cyberweapons


View Profile
December 30, 2016, 08:51:18 PM
 #3

Sell it to 1 person on this forum?

Yes, I could sell it to someone who I keep trusted and think that he would use it only within certain limits (without causing harm to others) for his own education, but can I truly trust someone with this?

[TUTORIAL] How to steal $350 000?
Best OS for recovering stolen BTCs.
Visit our FREE Bitcointalk thread.
UGMZ
Newbie
*
Offline Offline

Activity: 14
Merit: 0


View Profile WWW
December 30, 2016, 08:53:07 PM
 #4

You should head over to here mate.

https://www.exploit-db.com/

I would also do a full disclosure to who ever made the code give them 30 days to fix it then release it on the DB. Unless they fix it..

You might also get a bug bounty from them if its serious enough.

I would really like to know a bit more about this. I do a lot of pen-testing and debugging, So this is right up my street!

It all depends on what color hat you dawn my friend! White, Black, Grey Smiley there are many places to sell exploits if you have the right contacts and access to the right markets.


freebutcaged
Hero Member
*****
Offline Offline

Activity: 588
Merit: 541


View Profile
December 30, 2016, 08:55:23 PM
 #5

Sell it to 1 person on this forum?

Yes, I could sell it to someone who I keep trusted and think that he would use it only within certain limits (without causing harm to others) for his own education, but can I truly trust someone with this?
Can I suggest something? just first use it widely for everyone to see the impacts and then you have your proof after that you could bargain about a deal with devs and demand a large amount to safeguard your future if it is something critical otherwise don't trust anyone with it at all costs.
PremiumCodeX (OP)
Hero Member
*****
Offline Offline

Activity: 1204
Merit: 531


Metaverse 👾 Cyberweapons


View Profile
December 30, 2016, 09:18:32 PM
 #6

-

Good idea, about giving them time to decide how much they would mind if I released it elsewhere!

I prefer to keep things in the ethical way as I look forward to earning my first certificate in this area very soon (the exam will be in next month) (:, but I have not signed any obligation yet so a slight color of darkness may not hurt until I draw attention in the professional line.

Actually, I am thinking of posting the idea of a small cybersecurity team or similar in BCT since I know that it would be helpful for the community and probably excellent fun opportunity too.

I was glad to see that You too were interested in this field. I look forward to discussing with You soon Smiley

Can I suggest something? just first use it widely for everyone to see the impacts and then you have your proof after that you could bargain about a deal with devs and demand a large amount to safeguard your future if it is something critical otherwise don't trust anyone with it at all costs.

Yeah, proving it is an issue too. I would have an easy method to prove it, but that actually includes the usage of the exploit itself (so obtaining full access to their product/DB), which I do not want to push them into panic with. Something like a whitepaper could look legit, but why would they even bother reading a wall of technical text without actual demonstration?

[TUTORIAL] How to steal $350 000?
Best OS for recovering stolen BTCs.
Visit our FREE Bitcointalk thread.
ImHash
Hero Member
*****
Offline Offline

Activity: 924
Merit: 506


View Profile
December 30, 2016, 09:24:54 PM
 #7

We live in a world where people kill for a few more years living under or on top of young girls having nice houses and cars drinking best beverages and eating good meals don't forget doing drugs and most importantly don't forget ISIS the terrorists Sad just make sure it doesn't end up in the wrong hands.
carlfebz2
Hero Member
*****
Offline Offline

Activity: 3136
Merit: 739


DGbet.fun - Crypto Sportsbook


View Profile
December 31, 2016, 05:56:46 PM
 #8

Sell it to 1 person on this forum?

Yes, I could sell it to someone who I keep trusted and think that he would use it only within certain limits (without causing harm to others) for his own education, but can I truly trust someone with this?
You cant tell if you choose the right person since people do have different minds and aims when it comes to money.I would rather choose to monetize that exploit to myself rather than selling it to someone and i could say that theres no people could be trusted on this forum. IMHO

Bitcoin_BOy$
Hero Member
*****
Offline Offline

Activity: 854
Merit: 503


|| Web developer ||


View Profile
December 31, 2016, 06:36:22 PM
 #9

There's a place in this forum for bugs and securities issues, You will find more information in this thread

https://bitcointalk.org/index.php?topic=483195.0

Regards,
Bitcoin Boy.
ErikSneijer
Member
**
Offline Offline

Activity: 79
Merit: 10


View Profile
January 05, 2017, 03:55:24 AM
 #10

We live in a world where people kill for a few more years living under or on top of young girls having nice houses and cars drinking best beverages and eating good meals don't forget doing drugs and most importantly don't forget ISIS the terrorists Sad just make sure it doesn't end up in the wrong hands.

This is true, make a good decision, I think the idea about the exploit-db and giving them sometime is a good method to help them out and you will get rewarded by them most of the times.
maybach1980
Member
**
Offline Offline

Activity: 90
Merit: 10

<<<<>>>>>><<<


View Profile
January 08, 2017, 03:52:31 PM
 #11

price???
pm me infos

xxx
Qartersa
Hero Member
*****
Offline Offline

Activity: 868
Merit: 535


View Profile
January 09, 2017, 03:09:55 PM
 #12

It is NOT that I want to sell the exploit itself in this forum. Let us say, I found an exploit in a library that alot of crypto products use and cannot handle in their code. Again, I do not want to destroy them by selling what I found itself.

So, what are my options to HELP people with this knowledge AND still make PROFIT?

I have my doubts that releasing a public thread about it would mean any help and reporting it individually may not reach the desired impact especially if the developers have less sophisticated English communication skills and the discussion ends up in confusion as I experienced a few times in the past.

Maybe sell it to the owners of that code and make a profit. You would be an ethical hacker as well as a savior in their eyes as well as the world (or at least in the eyes of the owner of the code and its users). Instead of selling it to exploit and cause damage to the owner, I would recommend to go with my suggestion. It would be a battle of good and evil for you my friend.
Viakor
Member
**
Offline Offline

Activity: 104
Merit: 10


View Profile
January 09, 2017, 09:51:40 PM
 #13

Just try to contact them and say that you can help them and that you have found an exploit, they will for sure give you something for it!.
eaLiTy
Hero Member
*****
Offline Offline

Activity: 2814
Merit: 911

Have Fun )@@( Stay Safe


View Profile
January 09, 2017, 11:20:43 PM
 #14

Just try to contact them and say that you can help them and that you have found an exploit, they will for sure give you something for it!.
Yes contacting the site and informing the site about the possible exploit is the best way to help them out rather and simply attracting would be hackers to the site and if the site do find it as a major find i am sure they will compensate you with a bounty without any doubt, why dont you try that path before starting a thread here,is it because you have not heard about bounty programs. Cheesy
pinkflower
Sr. Member
****
Offline Offline

Activity: 868
Merit: 259



View Profile
January 10, 2017, 06:04:56 AM
 #15

It is NOT that I want to sell the exploit itself in this forum. Let us say, I found an exploit in a library that alot of crypto products use and cannot handle in their code. Again, I do not want to destroy them by selling what I found itself.

So, what are my options to HELP people with this knowledge AND still make PROFIT?

I have my doubts that releasing a public thread about it would mean any help and reporting it individually may not reach the desired impact especially if the developers have less sophisticated English communication skills and the discussion ends up in confusion as I experienced a few times in the past.

Maybe sell it to the owners of that code and make a profit. You would be an ethical hacker as well as a savior in their eyes as well as the world (or at least in the eyes of the owner of the code and its users). Instead of selling it to exploit and cause damage to the owner, I would recommend to go with my suggestion. It would be a battle of good and evil for you my friend.

This is the best route to go. Be of value to the world and dont be motivated to move because of a potential reward. If you really want to profit from your discovery then the darknet could be the perfect place for you. You can start looking around Alphabay and offer your warez there.
player514
Legendary
*
Offline Offline

Activity: 1414
Merit: 1039


View Profile
January 12, 2017, 02:03:14 AM
 #16

It is NOT that I want to sell the exploit itself in this forum. Let us say, I found an exploit in a library that alot of crypto products use and cannot handle in their code. Again, I do not want to destroy them by selling what I found itself.

So, what are my options to HELP people with this knowledge AND still make PROFIT?

I have my doubts that releasing a public thread about it would mean any help and reporting it individually may not reach the desired impact especially if the developers have less sophisticated English communication skills and the discussion ends up in confusion as I experienced a few times in the past.

Maybe sell it to the owners of that code and make a profit. You would be an ethical hacker as well as a savior in their eyes as well as the world (or at least in the eyes of the owner of the code and its users). Instead of selling it to exploit and cause damage to the owner, I would recommend to go with my suggestion. It would be a battle of good and evil for you my friend.

Agreed. You get money and you still get known as a good person. Technically, according to moral laws of this forum (and I guess earth in general), following the rules will place you in a good spot. Weigh out the options right now. There are numerous things that could go wrong with selling the method to someone -- could get saturated, company could find out, the person could sell it to the company instead of you and take your credit. These things (and more) all factor in to what you should do. I think the best route is to tell the company itself.

This area is up for grabs! PM me if you're interested.
digaran
Copper Member
Hero Member
*****
Offline Offline

Activity: 1330
Merit: 899

🖤😏


View Profile
January 12, 2017, 02:29:05 AM
 #17

Obviously this OP doesn't want ethical lectures Smiley and just is asking where to sell, well if you can use the exploit to take an advantage then use it or if you trying to use it and know they might notice it, then don't bother to sell it at all because it doesn't worth anything and experts would know and will never pay anything for it.
If you think living by cheating and taking advantage over people is the way of human life, you thought wrong imo.

🖤😏
maku
Legendary
*
Offline Offline

Activity: 1288
Merit: 1000



View Profile
January 12, 2017, 12:47:33 PM
 #18

Let's make it clear. Maybe I didn't understand Op correctly. You found security flaw of bitcointalk and now you want to sell for money?
Or you were talking about some other generic exploit of other service? The best way is always telling the owner... even if you won't profit much from it.

If we are talking about bitcontalk then the best way IMO is sharing this bug with theymos -
you will be rewarded with special badge, visible above your avatar and will most likely receive positive trust rating from staff members.
Maybe there is even bounty for safely sharing a security flaws? I am not sure.
PremiumCodeX (OP)
Hero Member
*****
Offline Offline

Activity: 1204
Merit: 531


Metaverse 👾 Cyberweapons


View Profile
January 12, 2017, 02:03:24 PM
 #19

I think, I have taken enough time to think about this matter. Since this is an exploit not in the forum software, but somewhere else that affects alot of service being sold in the forum, I find examining the bug bounty program of these services in the https://bitcointalk.org/index.php?topic=483195.0 thread, what @Bitcoin_BOy$ suggested too, a very good start. I did not know that there was such a convenient list of programs collected. If you are a service owner yourself, you may consider adding your service there!

[TUTORIAL] How to steal $350 000?
Best OS for recovering stolen BTCs.
Visit our FREE Bitcointalk thread.
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!