Stasyq ( Sql Injection ) ( Bug Bounty Fraud )
stasyq -
https://www.stasyq.com/stasyq ICO -
https://stasyq.io/Hello Bitcointalk Member How Are You All I Hope Everything Is Alright ? This Time Something Strange Thing Happened To Me I Want To Share With You And Please Comment Below And Tell Me What Do You Think Members.
I Was Just Generally Check One ICO Company Name stasyq The Website Look Normal When I Enter But The Contents Of Website It's Adult So I Was Just Thinking If They Are In Porn Industry Than They Have Alot Of Money They Can Hired Best Security Team If They Want So I Start My Testing To stasyq Website After Sometime I Realized They Are Not Using Parameter Encryption Than This Thing Lead To Perform Sql Injection Attack I Was Doubt In My Mind Than I Assume Lets Test Injection Attack I Create A Fake Parameter And Combine My Parameter To Server Parameter And I Use Injection Quarry And Suddenly The Sql Error Come Yes They Have Sql Injection I Can See That I Can Do Whatever I Want Fetch Up All Database Table Hijacked Whole Database But I Am Whitehat Security Expert I Can't Do This To Anyone Like I Said Before In My 1st Post Now I Need To Find Out Who Is The CEO And I Need To Contact Him/Her ASAP. The Ceo Is Romanas S You Can Find The CEO Name In ICO Website Than I Telegram Message it Here Is The Whole Conversation.
http://i64.tinypic.com/2e50h2a.jpghttp://i66.tinypic.com/330qnts.jpg After I Talk CEO They Said We Will Pay You Show Me What You Have Than I Trust This Guy It's Not Look Like Fake Or Scammer Like That After All He Is Running Big Company And Of Course They Have Money So I Decide To Tell Romanas S About My Security Vulnerability I Will Show Him Sql Injection But i Hide The URL Cause When I Ask Him About Reward ( Bounty ) They Denied And Tell Me It Was Not In My Hand I Will Talk To Our Developer And They Will Contact You Regarding This And I Will Send This Information To My Devloiper Regarding Your Sql Injection Attack And He Told Me To Wait Next Morning We Will Update You .
When I Wake Up Today The Message Come To My Telegram And I Am Completely Shocked What I See Here Take A Look Guys ?
http://i68.tinypic.com/xnrih1.jpgThe Guy Kicker From stasyq Team Said We Won't Pay You Than I Denied To Work With Them But I Suddenly Think Why They Ingore Me Like This ? Than I Open stasyq Website And Check My Sql Injection Bug You Know What Happened Guys They Already Fixed My Sql Injection Bug I Check The Code And Everything But The Sql Injection Error Don't Come They Fix It For Sure Than I Understand Everything Why They Are Denied To Pay Me.
I Have Something In My Mind I Want To Share With You Guys:
1 - The CEO Said You Got Paid For Your Work ?
2 - The Next Month I Got Message From stasyq Team That They Don't Want To Paid Me For My Bug ?
3 - They Fix My Bug Without Letting Me Know And Without Pay Me Anything ?
So Tell Guy Guys What Do You Think Please Comment Below Feel Free To Ask Me Anything I Will Reply You Back.
And Here Is The Proof Of Sql Injection That I Found On Stasyq Website ?
http://i68.tinypic.com/2jf0oie.jpg
