I found my first bug on a Hackerone program, but the security team is saying they are unable to reproduce it. I have provided a video and very clear instructions and answered followup questions but they are saying they cant reproduce. I just provided them more info that they asked for so I'm waiting to see what happens.
If they can't reproduce it, may they still pay the bounty? It's a textbook and straight forward broken access control exploit so I don't know what the issue is.
I can sort of understand them not paying but i can record myself doing it 20 times I don't see why they shouldnt pay me for reporting it and then they can work on it on their own time..
[link] [comments]
from hacking: security in practice https://ift.tt/gSM8r6d
Comments
Post a Comment