4 upvotes, 1 direct replies (showing 1)
View submission: Announcing Reddit’s Public Bug Bounty Program Launch
Send them individually through HackerOne - bounties are paid individually (by vulnerability) - Reddit is giving people a worthless trophy for reporting it through them, get paid brother/sister
Edit: unless it’s a bunch of examples of the same vuln- then either way it’s one. I would caution that to get paid you need to prove it with a POC so be prepared. And if it’s something super obscure like using IE 6 allows XSS or something that’s not gonna fly
Comment by [deleted] at 15/04/2021 at 03:35 UTC
-1 upvotes, 2 direct replies
How about unsecure cookies that can be hacked and used to steal personal information?
Also this one casino got hacked and lost millions. The guy who hacked them got in through a fish tank thermometer.
I run pentests and inspections on websites. Reddit has so many flaws it's laughable.