Quote:
Originally Posted by Bladewire
Cool according to the endless terms you have to wait 30 days for a response then 90 days for them to fix it, 120 days (4 months) total. THEY decide if your find is worth $50 or more and you have to trust Pornhub if they tell you it's already been reported to them by someone else 
Their terms also state they MAY reward qualifying finds. So even if you're the first to find a huge vulnerability that they fix you are not guaranteed any money at all. |
Yea. This is pretty standard in the "hack for ethic" contests like this one why its bullshit to even try to compete.You don't know up front for what vuln or level of compromise you get what compensation. The 25k bounty will not go to anyone even if you breach the server. They also removed all the bullshit vuln's that are usually reported like clickjacking, xss, csrf etc etc, and won't pay for any human error or employee targeting
)))
They'll probably argue 25k would go if you download their database, which is probably few terabytes and how likely is something like that to go unnoticed
If someone was to found the vuln, you'd sell it better on black market then to them for compensation.