5 upvotes, 2 direct replies (showing 2)
View submission: Announcing Reddit’s Public Bug Bounty Program Launch
Very interesting! I wish I could help out but I mainly work with C++/C# rather than HTML so I doubt I am of any use. Regardless hopefully user security is improved from this, hopefully this turns out to be a good move as I believe it will.
Comment by i_hacked_reddit at 04/05/2021 at 07:24 UTC
2 upvotes, 0 direct replies
Soooo, Reddit runs on a series of servers, correct? More specifically, the public user facing stuff here is provided by a web server. I'm not certain of the Reddit technology stack, but suppose it's running on nginx. That would make their exposed nginx instances in-scope. What about their back end systems? Their mail notification services? Image processing, ad libraries, databases... there's a good chance that most of things things are all written in C or C++. Just because all you see is JS and HTML does not mean that's the only valid target.
Comment by adzy2k6 at 16/04/2021 at 08:33 UTC
1 upvotes, 0 direct replies
There are plenty of bug bounty people who can't even code in JS. The main skill is being able to fuck around with stuff until you get a break, and then figuring out how to leverage that.