bitcointalk vulnerability

[k3rnel31]

hi , i have discovered some vulnerability in bitcointalk in simple machine code , about emails & usernames , would be any bounty if i show them ?

thanks

[TryNinja]

Possibly. It depends on what the vulnerability is and what it does.

Everything you need to know can be found here: Security bounties

[ene1980]

hi , i have discovered some vulnerability in bitcointalk in simple machine code , about emails & usernames , would be any bounty if i show them ?

thanks

You can contact Theymos regarding that, send him a PM and see what he has to say about it or wait until he responds here and i am certain he will give you the bounty if it is a legit vulnerability.

Still trying to figure the last part of your post @OP. If you meant would you be able to join a bounty after you must have shown your claimed discover. I don't think that's possible you don't have the needed rank or activities to join a bounty yet https://bitcointalk.org/index.php?topic=2818350.0

But after showing it if it's good then you can be awarded merit which you require.

He is not talking about joining any bounty mate, he wants to help the forum out and help with solving the vulnerability and if he does that is he eligible for a bounty if he reveals those vulnerability as he claims.

[eternalgloom]

Still trying to figure the last part of your post @OP. If you meant would you be able to join a bounty after you must have shown your claimed discover. I don't think that's possible you don't have the needed rank or activities to join a bounty yet https://bitcointalk.org/index.php?topic=2818350.0

But after showing it if it's good then you can be awarded merit which you require.

I laughed out loud when I read this comment :') Completely wrong context, seems that the word bounty only has one meaning for most people on this forum.

OP, definitely do send a pm to Theymos, if you can. Not sure if he'd read PM's from new members, so I'd make the topic of your PM very clear.
Is this a publicly known bug or is it a zero-day that you've found yourself?

Edit:

- 1 XAU: Find the email address of user DefaultTrust and explain in detail how you did it.

No idea how to find the actual email address though. Then again, if you indeed do have access to emails & usernames, you shouldn't have a problem with that

[GreatArkansas]

Still trying to figure the last part of your post @OP. If you meant would you be able to join a bounty after you must have shown your claimed discover. I don't think that's possible you don't have the needed rank or activities to join a bounty yet https://bitcointalk.org/index.php?topic=2818350.0

But after showing it if it's good then you can be awarded merit which you require.

I laughed out loud when I read this comment :') Completely wrong context, seems that the word bounty only has one meaning for most people on this forum.

Is that considered as 'off-topic' post?
Can I report that post of Sharon121212 to the moderator?

[hilariousandco]

- 1 XAU: Find the email address of user DefaultTrust and explain in detail how you did it.

[LoyceV]

- 1 XAU: Find the email address of user DefaultTrust and explain in detail how you did it.

So the bounty is 1 ounce of gold, worth $1283.29 and paid as 0.1468BTC?

[TryNinja]

So the bounty is 1 ounce of gold, worth $1283.29 and paid as 0.1468BTC?

If he "finds the email address of user DefaultTrust and explain in detail how he did it", he gets 1 ounce of gold worth in BTC. That's based on what OP said about his vulnerability: "about emails & usernames";

But, he can get more based on a few factors found in the thread I linked above. Example: Root access from a regular user (8 ounces) related to a security flaw in non-PHP software used by the forum (150%) would give him 150% of 8 oz of gold = 12 oz.

[eternalgloom]

Is that considered as 'off-topic' post?
Can I report that post of Sharon121212 to the moderator?

You can report any post you want, it doesn't mean it will be accepted though.

OP, definitely give an update on whether you've received the bounty.
Without disclosing the vulnerability of course