.png)
1 month ago
12 BOOK THIS SPACE FOR AD
ARTICLE ADLets Talk And Find Good Way To Win Us Some Money This Bug Bounty Programes Are Just Using Us : https://t.me/+rGX510-MamM1NWI8
if anyone has had or is currently experiencing issues with HackerOne or other bug bounty platforms, please let us know and share this post. 🙏😡
Firstly, hello, I’m Simo. I’ve been doing bug bounty for over 3 years now, focusing exclusively on Bugcrowd. All the reports I submitted there were handled properly with good communication, resulting in an 80% validation rate.
However, things changed drastically when I started using HackerOne. I encountered numerous duplicates and reports marked as informative. Even when I added additional crucial information to these reports (especially those downgraded to informative), I received zero response. It’s disheartening; maybe they forgot that hackers are their primary source of income.
Imagine submitting a report on “session still valid after change of password” and getting an informative rating. This issue allows full access to the session, enabling actions like username changes and unauthorized transactions. It’s beyond frustrating.
I’m tired. Another report on the possibility of brute-forcing logins via web sockets was also marked as informative. Other bugs were simply duplicated. My validation rate on HackerOne is a dismal 10%. I’ve even encountered duplications on three chained attacks — seriously?
To top it off, a duplicated report was found just 2 days after my submission.
Finally, I recall hearing about HackerOne employees stealing reports for personal gain. Sadly, it seems this unethical practice continues today.
here is the source : https://thehackernews.com/2022/07/hackerone-employee-caught-stealing.html
Goodbye bug bounty, goodbye hackers , stay safe outhere .
Bengali (Bangladesh) · 
English (United States) ·