Topic: Security bounties - page 4. (Read 148492 times)
Does changing your display name, or registering a new username with prohibited strings (e.g. Satoshi) count as something that would receive a bounty?
Does this count as an exploit?
<----- it has nothing to do with security but still...
Edit: it got fixed. Got 0.03 btc for it.
what was it? unicode control codes? <----- it has nothing to do with security but still...
Edit: it got fixed. Got 0.03 btc for it.
So should we test this on this actual website or should I test for vulnerabilities on a local host and the contact admin if I find any vulnerabilities on the same version? I don't want to risk getting into trouble testing on this forum just in case I do get into something I'm not suppose to unless it's allowed as long as you report it.
Does this count as an exploit?
<----- it has nothing to do with security but still...
Edit: it got fixed. Got 0.03 btc for it.
<----- it has nothing to do with security but still...
Edit: it got fixed. Got 0.03 btc for it.
This is epic. I've actually started actively looking for vulnerabilities now that I JUST found this bug bounty program 
If you are finished with this bug bounty program, you can have a look at the 30+ other bug bounty programs that pay Bitcoins 
Overview of Bug Bounty Programs for Bitcoins > https://bitcointalksearch.org/topic/overview-of-bug-bounty-programs-for-bitcoins-483195Neat. Thanks a lot for the link. I'll get a few of my netsec friends to take a look at the list and see if they can find anything. Everything at bitcointalk seems pretty secure from what I've tried so far.
This is epic. I've actually started actively looking for vulnerabilities now that I JUST found this bug bounty program
If you are finished with this bug bounty program, you can have a look at the 30+ other bug bounty programs that pay Bitcoins Overview of Bug Bounty Programs for Bitcoins > https://bitcointalksearch.org/topic/overview-of-bug-bounty-programs-for-bitcoins-483195
This is epic. I've actually started actively looking for vulnerabilities now that I JUST found this bug bounty program
if I find anything I will surely tell you about it.
Goodluck and hopefully there arent many vulnerabilities
Goodluck and hopefully there arent many vulnerabilities
Do you release information about vulnerabilities once they're fixed, or is obscurity safer in this case?
Hmm, Java script ? Exploits,
If i were you i would pay someone to code new forum from zero then transfer everything, this way you not have to worry and spend too much about flaws.
That is already in progress, however after the new forum is done, it will most likely be months before it goes public. Then we have to find all of the flaws in the new version, that we may have already found in the older version.
If i were you i would pay someone to code new forum from zero then transfer everything, this way you not have to worry and spend too much about flaws.
Just thought I would leave this here so that security researchers know that the bounty isn't only limited to bugs in SMF or the server:
BTW, I've contacted you about payment for the vulnerability I disclosed a few weeks back.
Quote from: theymos on reddit
If you can cause serious damage to the forum with any sort of bug, and you responsibly disclose this bug, you will be given a lot of money.
BTW, I've contacted you about payment for the vulnerability I disclosed a few weeks back.
good job using a password manager, theymos.
I agree with you. 
good job using a password manager, theymos.
If it would not violate anonymity of individual security researchers, could you post statistics as to how many bugs in each category have been reported and fixed?
Just yours so far. (A CSRF.)
If it would not violate anonymity of individual security researchers, could you post statistics as to how many bugs in each category have been reported and fixed?
But you are aware about the SOL-Injection vulnerability that is still wide open?
The fact that you confuse O and Q is not helping your case. These two letters aren't even close to each other on the keyboard.
They are in fact right next to each other. On a Dvorak keyboard.
But you are aware about the SOL-Injection vulnerability that is still wide open?
The fact that you confuse O and Q is not helping your case. These two letters aren't even close to each other on the keyboard.
Prior to the attack, the forum spent 40 BTC on password hashing improvements which significantly mitigated the damage of this attack.
Can you restate this in ounces of gold please? I would like to know how much this was in a stable carrier of value.
I was paid for this by July 10, 2012, and the price of Bitcoin at the end of that day was $7.20. That day, gold closed at $1587.30. This makes this, at the time, about 0.181 ounces of gold.
Though, it all went to Mt. Gox at about $12/BTC... Oh, hindsight.
Jump to: