For those who haven't been on the receiving side of a beg bounty, you'd get an email something like this (I make no claims to its correctness):
To: abuse@yourdomain.com
Subject: Bug bounty , PII data made available port 22. Please provide bug bounty for critical software flaw.
Issue description
This is critical, exploitation of the ftp server provides source code to a popular debian server allowing attacker to sidestep usual reverse engineering procedures required to attack a system. (Authentication Bypass).
I will release this bug in thirty (30) days if no bug bounty has been granted and attackers will be able to take full advantage of this problem.
Reproducibility
This issue is trivial to reproduce, with popular hacking tools such as ftp and internet explorer.
Bounty value
Please be mindful and understand that this research takes up many hours and bugs like this can fetch up to $25,000 on popular bug bounty programs ( https://www.hackerone.com/ ).
worthless-trash|10 months ago
To: abuse@yourdomain.com Subject: Bug bounty , PII data made available port 22. Please provide bug bounty for critical software flaw.
Issue description
This is critical, exploitation of the ftp server provides source code to a popular debian server allowing attacker to sidestep usual reverse engineering procedures required to attack a system. (Authentication Bypass).
I will release this bug in thirty (30) days if no bug bounty has been granted and attackers will be able to take full advantage of this problem.
Reproducibility
This issue is trivial to reproduce, with popular hacking tools such as ftp and internet explorer.
Bounty value
Please be mindful and understand that this research takes up many hours and bugs like this can fetch up to $25,000 on popular bug bounty programs ( https://www.hackerone.com/ ).
samlinnfer|10 months ago
saagarjha|10 months ago
[deleted]
sph|10 months ago