Bug Bounty has become the bread and jam for many developers and it is getting tough since the year 2014. Only the hackers with deep research can get through it and those who find XSS in a intellectual way get paid.
If you find and IDOR bug they defininetly say it is already know or there are changes or it is an intentional and works as expected.
But what's the truth no one knows or they wantedly close the report.
Find a bug which is difficult to exploit by others.
The more easy the bug the more easy it is for them to get it rejected and throw nothing at you.
But if it is more difficult to reproduce. It would be tougher for them to Reject the report.
I have found pretty easy bug and it was told that it is working intented or either they marked it as duplicate.. The truth..??? No one knows. Either they wantedly marked as duplicate just to escape the payment or just it is easy and anyone can find it.
Comments
Post a Comment