......I'm a bit confused as to what actually occurred here......
OP, Boris007: did you contact OG before posting this, in an attempt to notify the owner? If this was the case, and Og ignored it, then they had the right to publish their findings. If the server isn't vulnerable anyway, there is no offence in the actions of the OP....
So here is the gist of chat:
Me: Hi I found (XYZ) vulnerability, here is the POC.
OG: I don't run the particular site, BTW he has f
orwarded the message to nonakip.
Me: Is there any vulnerability bounty award ?? Can we disclose it in public??OG: I don't run the mentioned site, so Boris007 must contact the naypalm.
Me: Thanks for clarifying that this is not your website.
I do not know who naypalm is and it seems he last logged a week back is very infrequent here.
So I would disclose the vulnerability to the forum(only).
--------------------------
ENd of PM
--------------------------
I don't know how it is extortion?? The thread
Vod is a liar must change its title to Base64 (RFC 3548, RFC 4648) T2dOYXN0eQ== is a Liar.
Anyone who thinks I hate Og and created this thread, then answer is NO. I did not know who is OgNasty before a week back. I contacted him as I do with many services. He clearly says he doesn't own the site so I don't know how he comes in between. BTW thankyou for notifying this to naypalm on the very first day before this post.
Bottom line: What much one can do with reflected XSS? It is shit..and again one more shit reflected XSS by boris007 --Bob123456, Cat meow.
Top Line:
https://www.dionach.com/blog/the-real-impact-of-cross-site-scripting/ --Security Community
_______________________________________________________________________________
________
I believe that this thread is losing the path and now taking path hatred,
Jealous, personal
vendetta. I would close this thread after 12 hours. In case anyone has anything else than hatred and jealousy to post are do welcome.