|
|
|
|
|
|
by update
2850 days ago
|
|
|
> My favorite response though is still the "This is a duplicate from [random date six months ago]". Oh, so you're purposefully just leaving an XSS live on your corporate SSO? Makes sense! Ug. I've submitted 2 bugs to Vimeo that gave this exact response. I even followed up a few months later to see if they'd patch it and they responded, "the developers are aware and working on it" ... Seriously? Leaving 2 XSS bugs open on your website that you run a bug bounty program for?? for a year? I really wish hackerone would punish this sort of behavior as it's a waste of every hacker's time to find a bug, write a report, only to be told it's a year old known bug so it's not eligible for a bounty. |
|
|