Hacker News new | past | comments | ask | show | jobs | submit login

Did you consider reporting it? Many such "huge" sites have bug bounty/white hat programs.



Im getting it on the same domain, but the request can be sent from any domain, as long as the user is logged in. And yeah, but they aren't offering anything that would be worth the time.


I think I know what site you're talking about. If I'm right, they do have a security bug bounty reporting program and you should take advantage of it: it will take maybe two minutes of your time and can net you a bit of cash! :-)

(sorry for being oblique, but I have no way to contact you privately and ask you more directly!)


I haven't made up my mind yet what to do with it but you know there are some ways of being evil without so much evil. ;]




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: