reply on: What would you do, if you were in the team behind SN? \ stacker news ~meta

pull down to refresh

100 sats \ 12 replies \ @istealkids 30 Apr \ parent \ on: What would you do, if you were in the team behind SN? meta

Thanks! I found some ettercap, HTTP mistakes and XSS vulnerabilities. I’ll report them right away! :)

0 sats \ 11 replies \ @WeAreAllSatoshi 30 Apr

cc @ek fyi

Thank you.

All information regarding how to do a responsible disclosure should be in our README here, in the FAQ or here. I thought these are pretty common locations.

@holonite, where did you look? Where should we put it such that people can find it?

0 sats \ 9 replies \ @istealkids 1 May

I was initially planning to DM you with these but now I'll upload it via GitHub. I think there should be another page link in the SN header as a pinned post for 7 days in suppose glowing neon saying "Beginners here!" for accounts that are not atleast 1 week old. I will include other ideas in the GitHub issue.

100 sats \ 8 replies \ @ek 1 May

Is this your critical report? If so, that wasn't a responsible disclosure as described in the three links I sent you.

100 sats \ 0 replies \ @WeAreAllSatoshi 1 May

And the link I shared to the security advisory page on the GH repo

34 sats \ 1 reply \ @WeAreAllSatoshi 1 May

lol, after all that

0 sats \ 0 replies \ @anon 1 May

lol

reply on another page

0 sats \ 4 replies \ @istealkids 1 May

you sent me 3 links? where?

100 sats \ 1 reply \ @ek 1 May

I replied to your report on Github.

I am still interested in the XSS vulnerability you said you found.

view all 1 replies

100 sats \ 1 reply \ @ek 1 May

#967735

view all 1 replies