Bitcoin Forum
November 03, 2024, 04:48:24 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 2 3 4 [5]  All
  Print  
Author Topic: How best to report vulnerabilities?  (Read 644 times)
klidex
Hero Member
*****
Offline Offline

Activity: 1498
Merit: 504



View Profile
January 27, 2023, 09:25:11 AM
 #81

There's nothing you can do mate since they didn't think that you are serious about the bug that you found. Since they explained it to you that they don't have bug bounty running up. Well, it's up to you either to take advantage of the bug and won more money than it should have and good luck about not getting found out that you exploited a bug. Maybe try to make some copy or an evidence that they told you to enjoy the bug. I can also think that it could be an event of some sort if you ask me but who knows what it really is what is the situation.
If complaints about bugs to the development team are not responded to properly and are just ignored, it would be better to be silent and let them feel the loss and problems from the occurrence of bugs in one of the games.
After all, with this bug, I'm sure many gamblers take advantage of it to generate quite a large amount of profit.
However, things like that are actually not the fault of gamblers who use them, but the fault of the development team who are careless and don't want to know about submitting reports of bugs.
paxmao
Legendary
*
Offline Offline

Activity: 2380
Merit: 1624


Do not die for Putin


View Profile
January 27, 2023, 12:49:32 PM
 #82

There's nothing you can do mate since they didn't think that you are serious about the bug that you found. Since they explained it to you that they don't have bug bounty running up. Well, it's up to you either to take advantage of the bug and won more money than it should have and good luck about not getting found out that you exploited a bug. Maybe try to make some copy or an evidence that they told you to enjoy the bug. I can also think that it could be an event of some sort if you ask me but who knows what it really is what is the situation.
I suppose most casinos somewhere on their TOS have a clause which allows them to void any profits the player may have gotten if they were exploiting a bug, so I doubt this is something advisable to do as you will risk your account getting banned by doing this.

I still think there is not much for the OP to do as if the developers of the casino do not even want to listen to a bug report, the OP should simply move on and let them to suffer the consequences of their carelessness.

The first thought that comes to mind about reporting vulnerabilities is "getting paid for it"  Grin It is easy to report a vulnerability, just ask the desktop service of the site how to do it and where would you email be directed. Do not just send a report to any email, as sometimes employees use vulnerabilities, just make sure it reaches the right person in the team.

nakamura12
Hero Member
*****
Offline Offline

Activity: 2450
Merit: 682


drop me a dm if interested to rent my PT


View Profile
January 27, 2023, 01:36:38 PM
 #83

The first thought that comes to mind about reporting vulnerabilities is "getting paid for it"  Grin It is easy to report a vulnerability, just ask the desktop service of the site how to do it and where would you email be directed. Do not just send a report to any email, as sometimes employees use vulnerabilities, just make sure it reaches the right person in the team.
That's the problem if you got got the right person from the team because if you don't then there's a possibility that the person you contacted might have used the bug and if you also did take advantage of the bug and that person found out about it then you will be most likely getting banned for that reason. It is also what comes to my mind when reporting vulnerabilities which is getting paid more like a bug hunter if you ask me.

coolcoinz
Legendary
*
Offline Offline

Activity: 2800
Merit: 1190



View Profile
January 27, 2023, 01:39:31 PM
 #84

It's better if you make a comment to their thread here in the community and wait for their response if that bug doesn't have affection with the transaction and abuses the current system of their current platform I guess they will just ignore those but if you see that as critical might damage and make them lose a lot of money I guess that's the time they make an action. Better to contact their email or just the moderator in the chat if they have.

Why should he go through all of this when he has an answer from the support?

Think about it for a moment. You see someone lost a wallet, you approach him and say hey, your wallet is on the ground, and he says, I don't care, what do you do? You Go there pick it up and approach him again? You call other people to the spot to show them the wallet?
Seriously, I'd just walk away. If the owner doesn't care, I did my job and I think OP did his job 2 times already, first by reporting it to the support and second time by starting this thread. There's no point to go to Owl's thread and once again report the bug they don't show any interest in fixing.

CryptoYar
Hero Member
*****
Offline Offline

Activity: 1064
Merit: 639



View Profile
January 27, 2023, 02:14:10 PM
 #85

Quote
How best to report vulnerabilities?
As far as I know, for this you gotta have knowledge of programming languages so that you can report the vulnerability along with its solution/how to fix it.

Quote
Their poor attitude certainly doesn't do much to make me want to help them out anymore although that was my intent.
I think they already knew about it that's why they didn't taken you seriously.
However, they should have given some reward for your encouragement so that you can report any vulnerabilities to the casino in the future as well.
maydna
Hero Member
*****
Offline Offline

Activity: 3108
Merit: 556


Catalog Websites


View Profile
January 27, 2023, 03:49:35 PM
 #86

The first thought that comes to mind about reporting vulnerabilities is "getting paid for it"  Grin It is easy to report a vulnerability, just ask the desktop service of the site how to do it and where would you email be directed. Do not just send a report to any email, as sometimes employees use vulnerabilities, just make sure it reaches the right person in the team.
That's the problem if you got got the right person from the team because if you don't then there's a possibility that the person you contacted might have used the bug and if you also did take advantage of the bug and that person found out about it then you will be most likely getting banned for that reason. It is also what comes to my mind when reporting vulnerabilities which is getting paid more like a bug hunter if you ask me.
It was normal for him to think of getting paid for reporting a vulnerability to customer service, but not all casinos will reward people who find it. So we don't have to hope too much to get it. But I also think they could just block your account, as @nakamura12 said because they think we have exploited the vulnerability for our benefit. So it will be up to each person what they will do if they notice a vulnerability in a casino site, and hopefully, after we report it, the casino will reward us.

█████████████████████████
████████▀▀████▀▀█▀▀██████
█████▀████▄▄▄▄████████
███▀███▄███████████████
██▀█████████████████████
█████████████████████████
█████████████████████████
█████████████████████████
██▄███████████████▀▀▄▄███
███▄███▀████████▀███▄████
█████▄████▀▀▀▀████▄██████
████████▄▄████▄▄█████████
█████████████████████████
 
 BitList 
█▀▀▀▀











█▄▄▄▄
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
.
REAL-TIME DATA TRACKING
CURATED BY THE COMMUNITY

.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀▀█











▄▄▄▄█
 
  List #kycfree Websites   
Eureka_07
Sr. Member
****
Offline Offline

Activity: 1764
Merit: 260


View Profile
January 27, 2023, 03:59:49 PM
 #87

<snip>
For these cases, my main objective is to reach the casino's management. But the first challenge here is the support. If you told it to a close-minded support agent, most of the time you will get a response just like what you had. They will not understand your concern and will give you some guff sentences, sometimes they even use their canned messages in the wrong way.
So if you are really into it, try messaging them again at a different time, hope you got another support agent which has an open mind when it comes to these cases.
goldkingcoiner
Legendary
*
Offline Offline

Activity: 2226
Merit: 1971


A Bitcoiner chooses. A slave obeys.


View Profile WWW
January 27, 2023, 04:04:52 PM
 #88

So I discovered a bug affecting a mode of play at OwlGames casinos that results in certain games rewarding more money than they should.  I tried to report it to OwlGames but was told that they have no bug bounty program and to "enjoy the bug" (not kidding).  (of course their docs say that any "exploit" can result in not being paid out, but it's not an exploit if it's simply how things run under the given conditions - not that that would stop them from screwing someone over I'm sure)

Their poor attitude certainly doesn't do much to make me want to help them out anymore although that was my intent.  

But since it is only certain games, from 1 provider, should I try to contact that provider instead?  It's possible I imagine that it's not just OwlGames that might possibly lose money to the issue, though I really don't know.

I guess since these are casinos, losing a couple hundred to a few players every few days that would otherwise not have won anything maybe is just a drop in the bucket.  But I found it so strange that they immediately just alerted me that they have no bounty program.  Aren't casinos supposed to be pretty protective of their money even if they have a ton of it?  Huh

Anyone else have any experiences of trying to report issues like this?  I want to be rewarded for my time verifying the issue without taking advantage of it and alerting someone about it, too, so I'm also just worried about giving the info out and having them come up with some excuse like "oh it just needed a restart it's fine now, that's not a bug."

You definitely did the right thing by contacting the casino discreetly but their answer puzzles me too. Perhaps they thought you were not being serious or that you were trying to dupe them into paying you money or something? I cannot imagine any casino willingly losing profits. Or even worse, not caring about the stability and security of the casino website itself...

It definitely is a strange thing.

Unprofessionality of the casino aside, if they gave you the green light to exploit the bug then I guess you should take their advice and squeeze as much money out of them as you want. And they have no right to complain later, since they told you to go ahead.

███████████████████████████
███████▄████████████▄██████
████████▄████████▄████████
███▀█████▀▄███▄▀█████▀███
█████▀█▀▄██▀▀▀██▄▀█▀█████
███████▄███████████▄███████
███████████████████████████
███████▀███████████▀███████
████▄██▄▀██▄▄▄██▀▄██▄████
████▄████▄▀███▀▄████▄████
██▄███▀▀█▀██████▀█▀███▄███
██▀█▀████████████████▀█▀███
███████████████████████████
.
.Duelbits.
..........UNLEASH..........
THE ULTIMATE
GAMING EXPERIENCE
DUELBITS
FANTASY
SPORTS
████▄▄█████▄▄
░▄████
███████████▄
▐███
███████████████▄
███
████████████████
███
████████████████▌
███
██████████████████
████████████████▀▀▀
███████████████▌
███████████████▌
████████████████
████████████████
████████████████
████▀▀███████▀▀
.
▬▬
VS
▬▬
████▄▄▄█████▄▄▄
░▄████████████████▄
▐██████████████████▄
████████████████████
████████████████████▌
█████████████████████
███████████████████
███████████████▌
███████████████▌
████████████████
████████████████
████████████████
████▀▀███████▀▀
/// PLAY FOR  FREE  ///
WIN FOR REAL
..PLAY NOW..
danadc
Sr. Member
****
Offline Offline

Activity: 1120
Merit: 349


Hire Bitcointalk Camp. Manager @ r7promotions.com


View Profile WWW
January 27, 2023, 05:36:09 PM
 #89

There's nothing you can do mate since they didn't think that you are serious about the bug that you found. Since they explained it to you that they don't have bug bounty running up. Well, it's up to you either to take advantage of the bug and won more money than it should have and good luck about not getting found out that you exploited a bug. Maybe try to make some copy or an evidence that they told you to enjoy the bug. I can also think that it could be an event of some sort if you ask me but who knows what it really is what is the situation.
I suppose most casinos somewhere on their TOS have a clause which allows them to void any profits the player may have gotten if they were exploiting a bug, so I doubt this is something advisable to do as you will risk your account getting banned by doing this.

I still think there is not much for the OP to do as if the developers of the casino do not even want to listen to a bug report, the OP should simply move on and let them to suffer the consequences of their carelessness.

It is for these same situations that I strongly insist that casinos should have a special section where they tell their potential players that they are able to see beyond what some were said to do that they can make vulnerability reports so that they can be rewarded. , some say that if the flaw is minimal there is no need to report it, but any vulnerability is important, because that player can resort to an exporter who through that vulnerability can have access to an entire database system and steal everything including the funds of players.

█████████████████████████████████
████████▀▀█▀▀█▀▀█▀▀▀▀▀▀▀▀████████
████████▄▄█▄▄█▄▄██████████▀██████
█████░░█░░█░░█░░████████████▀████
██▀▀█▀▀█▀▀█▀▀█▀▀██████████████▀██
██▄▄█▄▄█▄▄█▄▄█▄▄█▄▄▄▄▄▄██████████
██░░█░░█░░███████████████████████
██▀▀█▀▀█▀▀███████████████████████
██▄▄█▄▄█▄▄███████████████████████
██░░█░░█░░███████████████████████
██▀▀█▀▀█▀▀██████████▄▄▄██████████
██▄▄█▄▄█▄▄███████████████████████
██░░█░░█░░███████████████████████
██████
██
██
██
██
██
██
██
██
██
██
██
██████
███████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████
R7 PROMOTIONS Crypto Marketing Agency
By AB de Royse Campaign Management

███████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████
██████
██
██
██
██
██
██
██
██
██
██
██
██████
██████
██
██
██
██
██
██
██
██
██
██
██
██████
██████████████████████████████████████████████████████████████████████████████████████████████████
WIN $50 FREE RAFFLE
Community Giveaway

██████████████████████████████████████████████████████████████████████████████████████████████████
██████
██
██
██
██
██
██
██
██
██
██
██
██████
████████████████████████
██
██████████████████████
██████████████████▀▀████
██████████████▀▀░░░░████
██████████▀▀░░░▄▀░░▐████
██████▀▀░░░░▄█▀░░░░█████
████▄▄░░░▄██▀░░░░░▐█████
████████░█▀░░░░░░░██████
████████▌▐░░▄░░░░▐██████
█████████░▄███▄░░███████
████████████████████████
████████████████████████
████████████████████████
sujonali1819
Legendary
*
Offline Offline

Activity: 2450
Merit: 1189


Need Campaign Manager?PM on telegram @sujonali1819


View Profile WWW
January 27, 2023, 05:45:23 PM
 #90

Is it still should be continued the discussion where the OP created his account on January 20 and last active on 21 January? I don't think he will come again to check the discussion that we have described here. Smiley

So It should be stopped I think and it's already enough what we have made.

.
.BLACKJACK ♠ FUN.
█████████
██████████████
████████████
█████████████████
████████████████▄▄
░█████████████▀░▀▀
██████████████████
░██████████████
████████████████
░██████████████
████████████
███████████████░██
██████████
CRYPTO CASINO &
SPORTS BETTING
.
Fivestar4everMVP
Legendary
*
Offline Offline

Activity: 2436
Merit: 1085


Leading Crypto Sports Betting & Casino Platform


View Profile
January 27, 2023, 06:04:13 PM
 #91

Is it still should be continued the discussion where the OP created his account on January 20 and last active on 21 January? I don't think he will come again to check the discussion that we have described here. Smiley

So It should be stopped I think and it's already enough what we have made.
Good observation and suggestion as well, I just checked now and discovered the same, it makes no sense to keep discussing and pouring out suggestions here whereas the person who the suggestions and advices are directed to isn't even here to see them..
Or to even give an update on the later outcome of his discussion with owl.games team.

I will also support that this topic be locked, since the op is not here, I suggest the mods in charge of this board to please lock this topic.

..Stake.com..   ▄████████████████████████████████████▄
   ██ ▄▄▄▄▄▄▄▄▄▄            ▄▄▄▄▄▄▄▄▄▄ ██  ▄████▄
   ██ ▀▀▀▀▀▀▀▀▀▀ ██████████ ▀▀▀▀▀▀▀▀▀▀ ██  ██████
   ██ ██████████ ██      ██ ██████████ ██   ▀██▀
   ██ ██      ██ ██████  ██ ██      ██ ██    ██
   ██ ██████  ██ █████  ███ ██████  ██ ████▄ ██
   ██ █████  ███ ████  ████ █████  ███ ████████
   ██ ████  ████ ██████████ ████  ████ ████▀
   ██ ██████████ ▄▄▄▄▄▄▄▄▄▄ ██████████ ██
   ██            ▀▀▀▀▀▀▀▀▀▀            ██ 
   ▀█████████▀ ▄████████████▄ ▀█████████▀
  ▄▄▄▄▄▄▄▄▄▄▄▄███  ██  ██  ███▄▄▄▄▄▄▄▄▄▄▄▄
 ██████████████████████████████████████████
▄▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄
█  ▄▀▄             █▀▀█▀▄▄
█  █▀█             █  ▐  ▐▌
█       ▄██▄       █  ▌  █
█     ▄██████▄     █  ▌ ▐▌
█    ██████████    █ ▐  █
█   ▐██████████▌   █ ▐ ▐▌
█    ▀▀██████▀▀    █ ▌ █
█     ▄▄▄██▄▄▄     █ ▌▐▌
█                  █▐ █
█                  █▐▐▌
█                  █▐█
▀▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀█
▄▄█████████▄▄
▄██▀▀▀▀█████▀▀▀▀██▄
▄█▀       ▐█▌       ▀█▄
██         ▐█▌         ██
████▄     ▄█████▄     ▄████
████████▄███████████▄████████
███▀    █████████████    ▀███
██       ███████████       ██
▀█▄       █████████       ▄█▀
▀█▄    ▄██▀▀▀▀▀▀▀██▄  ▄▄▄█▀
▀███████         ███████▀
▀█████▄       ▄█████▀
▀▀▀███▄▄▄███▀▀▀
..PLAY NOW..
Odusko
Hero Member
*****
Offline Offline

Activity: 1078
Merit: 523


Leading Crypto Sports Betting & Casino Platform


View Profile WWW
January 27, 2023, 08:13:16 PM
 #92

Is it still should be continued the discussion where the OP created his account on January 20 and last active on 21 January? I don't think he will come again to check the discussion that we have described here. Smiley

So It should be stopped I think and it's already enough what we have made.
Yeah so with multiple reports to moderators to lock the thread, within the short time, the thread should have been locked by the moderators.
The thread has generated enough discussion and suggestions that are not only helpful to ops, but to the rest of us, we have all learned something from the responses of others here on this thread

..Stake.com..   ▄████████████████████████████████████▄
   ██ ▄▄▄▄▄▄▄▄▄▄            ▄▄▄▄▄▄▄▄▄▄ ██  ▄████▄
   ██ ▀▀▀▀▀▀▀▀▀▀ ██████████ ▀▀▀▀▀▀▀▀▀▀ ██  ██████
   ██ ██████████ ██      ██ ██████████ ██   ▀██▀
   ██ ██      ██ ██████  ██ ██      ██ ██    ██
   ██ ██████  ██ █████  ███ ██████  ██ ████▄ ██
   ██ █████  ███ ████  ████ █████  ███ ████████
   ██ ████  ████ ██████████ ████  ████ ████▀
   ██ ██████████ ▄▄▄▄▄▄▄▄▄▄ ██████████ ██
   ██            ▀▀▀▀▀▀▀▀▀▀            ██ 
   ▀█████████▀ ▄████████████▄ ▀█████████▀
  ▄▄▄▄▄▄▄▄▄▄▄▄███  ██  ██  ███▄▄▄▄▄▄▄▄▄▄▄▄
 ██████████████████████████████████████████
▄▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄
█  ▄▀▄             █▀▀█▀▄▄
█  █▀█             █  ▐  ▐▌
█       ▄██▄       █  ▌  █
█     ▄██████▄     █  ▌ ▐▌
█    ██████████    █ ▐  █
█   ▐██████████▌   █ ▐ ▐▌
█    ▀▀██████▀▀    █ ▌ █
█     ▄▄▄██▄▄▄     █ ▌▐▌
█                  █▐ █
█                  █▐▐▌
█                  █▐█
▀▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀█
▄▄█████████▄▄
▄██▀▀▀▀█████▀▀▀▀██▄
▄█▀       ▐█▌       ▀█▄
██         ▐█▌         ██
████▄     ▄█████▄     ▄████
████████▄███████████▄████████
███▀    █████████████    ▀███
██       ███████████       ██
▀█▄       █████████       ▄█▀
▀█▄    ▄██▀▀▀▀▀▀▀██▄  ▄▄▄█▀
▀███████         ███████▀
▀█████▄       ▄█████▀
▀▀▀███▄▄▄███▀▀▀
..PLAY NOW..
decodx
Hero Member
*****
Offline Offline

Activity: 1456
Merit: 940

🇺🇦 Glory to Ukraine!


View Profile
January 27, 2023, 09:18:00 PM
 #93

Is it still should be continued the discussion where the OP created his account on January 20 and last active on 21 January? I don't think he will come again to check the discussion that we have described here. Smiley

So It should be stopped I think and it's already enough what we have made.
Yeah so with multiple reports to moderators to lock the thread, within the short time, the thread should have been locked by the moderators.
The thread has generated enough discussion and suggestions that are not only helpful to ops, but to the rest of us, we have all learned something from the responses of others here on this thread

Yeah, you're right. It seems pointless to keep discussing this if the original poster isn't around anymore. I'll never understand folks like that.

I reported this thread as well. It's up to the mods now.
Bushdark
Sr. Member
****
Offline Offline

Activity: 1050
Merit: 262


Vave.com - Crypto Casino


View Profile
January 27, 2023, 10:03:19 PM
 #94

<snip>
For these cases, my main objective is to reach the casino's management. But the first challenge here is the support. If you told it to a close-minded support agent, most of the time you will get a response just like what you had. They will not understand your concern and will give you some guff sentences, sometimes they even use their canned messages in the wrong way.
So if you are really into it, try messaging them again at a different time, hope you got another support agent which has an open mind when it comes to these cases.
I still don't get why op is disturbing the casino team. Does he want to te us that the tell are not aware about the bug? Let me tell you having bug in the system is not always the problem, sometimes it is left that way to test the nature of the system in asmuchas it does not have any issue with the casino. The users interface is a very important thing that is mostly important and once that is done then other small small bugs should not be a problem.
 
If op continues to pressure the team about it, they may think he is trying to imform them so that he might ask for compensation at the later end.

Hamphser
Sr. Member
****
Offline Offline

Activity: 2604
Merit: 338


Vave.com - Crypto Casino


View Profile
January 27, 2023, 11:19:37 PM
 #95

<snip>
For these cases, my main objective is to reach the casino's management. But the first challenge here is the support. If you told it to a close-minded support agent, most of the time you will get a response just like what you had. They will not understand your concern and will give you some guff sentences, sometimes they even use their canned messages in the wrong way.
So if you are really into it, try messaging them again at a different time, hope you got another support agent which has an open mind when it comes to these cases.
I still don't get why op is disturbing the casino team. Does he want to te us that the tell are not aware about the bug? Let me tell you having bug in the system is not always the problem, sometimes it is left that way to test the nature of the system in asmuchas it does not have any issue with the casino. The users interface is a very important thing that is mostly important and once that is done then other small small bugs should not be a problem.
 
If op continues to pressure the team about it, they may think he is trying to imform them so that he might ask for compensation at the later end.
It is really just that right that he would be needing to approach up the team and its not always talking about compensation or bounty in related to this matter on which we are really that in concern about reporting some bugs or exploits but turns out the team or casino owner or team doesnt really care at all or they might be able to see that hole and had already fixed it out without telling op or something like that.
Its not always the case that we would be hearing out some response in regarding the situation on which people would be boggling up their minds if the team doesnt really care at all or just simply had
resolved and fixed up the problem.Its true that this is a crucial if we do speak about exploits and holes on a site where it is something that they could just ignore.

Pages: « 1 2 3 4 [5]  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!