(no title)
kgeist
|
9 days ago
Not a security researcher, but I once found an open Redis port without auth on a large portal. Redis was used to cache all views, so one could technically modify any post and add malicious links, etc. I found the portal admin's email, emailed them directly, and got a response within an hour: "Thanks, I closed the port." I didn't need a bounty or anything, so sometimes it may be easier and safer to just skip all those management layers and communicate with an actual fellow engineer directly
No comments yet.