So I found a vulnerability on the app that allows you to double your money as well as not spend the amount you doubled.
This allows the user to make money out of thin air.
The damage this can cause is HUGE! If alot of people do it square would lose millions in seconds.
Here is the issue I submitted the bug to square via bugcrowd, after a week of waiting I hear back.
They state the the bug is not applicable.
The bug still works.
I am debating on releasing info in detail about the vulnerability here for everyone to use/learn.
What should I do? Should I keep it to myself, release it or let it be and forget about it.
[link] [comments]
from hacking: security in practice https://ift.tt/b7A9oLZ
Comments
Post a Comment