.png)
3 years ago
187 BOOK THIS SPACE FOR AD
ARTICLE AD
iam explaining about an exploit that is unfixed.you can try your self.many malicious programs might be already exploiting it.
for the example i choosed hackerone as my target .i created a program to cheat hackers in hackerone
now i added rewards to attract hackers
now i created a fake report and repoted to my own program (report number 4000)
now a hacker reported a bug
now i closed this report as duplicate and gave fake reports number
when researcher open fake report he get access denied error because i never invite him.it willbe undisclosed forever
now researcher says he want access to that report for transperancy but i never give it.insted i cheat him by this msg
now all the loop holes blocked . researcher cant argue anything,now i got a valid report and i have to pay nothing.
the bug here lies in duplicate option.when i contacted hackerone they said they will not fix it.they dont mind even if reseacher get cheated.they says its hacker powerd platform but they are doing nothing for hackers.
fixing this bug is simple. they have to change policy .every duplicate reporter should get access to original report.if original report doesnt exist then duplicate researcher should get reward.
Bengali (Bangladesh) · 
English (United States) ·