View Single Post
Old 05-12-2016, 03:48 PM  
ladida
Confirmed User
 
ladida's Avatar
 
Join Date: Nov 2005
Posts: 2,167
Quote:
Originally Posted by Bladewire View Post
Cool according to the endless terms you have to wait 30 days for a response then 90 days for them to fix it, 120 days (4 months) total. THEY decide if your find is worth $50 or more and you have to trust Pornhub if they tell you it's already been reported to them by someone else

Their terms also state they MAY reward qualifying finds. So even if you're the first to find a huge vulnerability that they fix you are not guaranteed any money at all.
Yea. This is pretty standard in the "hack for ethic" contests like this one why its bullshit to even try to compete.You don't know up front for what vuln or level of compromise you get what compensation. The 25k bounty will not go to anyone even if you breach the server. They also removed all the bullshit vuln's that are usually reported like clickjacking, xss, csrf etc etc, and won't pay for any human error or employee targeting )))

They'll probably argue 25k would go if you download their database, which is probably few terabytes and how likely is something like that to go unnoticed
If someone was to found the vuln, you'd sell it better on black market then to them for compensation.
__________________
agentGFY *at* gmail.com
ladida is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote