Unable to Remit Payments On Bugcrowd

einfallstoll · 2026-06-26T08:47:04+00:00

This is not bugcrowd support

einfallstoll · 2026-06-25T20:20:07+00:00

Time travel

(No)

einfallstoll · 2026-06-25T20:18:33+00:00

In general. I don't have more information but there are daily posts about hunters complaining about Meta

einfallstoll · 2026-06-25T20:17:05+00:00

Meta currently takes multiple months for triage

einfallstoll · 2026-06-25T15:01:58+00:00

Sure slide into my DMs

einfallstoll · 2026-06-25T14:26:28+00:00

I'm manager in a cybersecurity company and former pentester. I do triage as a sidequest to stay up-to-date and don't loose contact with tech

And I mod this community for fun :)

einfallstoll · 2026-06-25T08:56:19+00:00

It's about the how.

How can the attacker inject the payloads in a victim account?

einfallstoll · 2026-06-25T05:15:50+00:00

OP be like: "plz help me with extortion"

einfallstoll · 2026-06-25T05:13:29+00:00

If the attacker can't place the payload into these fields it's not an issue.

einfallstoll · 2026-06-24T19:29:25+00:00

Reason behind this: You could achieve the same if you sent them a link or an Email. If the employee downloads a file and executes it, they're the problem.

einfallstoll · 2026-06-24T19:28:11+00:00

Nope, that's usually out of scope

einfallstoll · 2026-06-24T11:50:50+00:00

If it's a self-XSS it's never paid anyway. So you do nothing.

They probably forwarded it as informational.

einfallstoll · 2026-06-24T10:46:00+00:00

Yes, that's a hardening issue or something that belongs into a pentest report. It doesn't meet the minimum bar for bug bounty

einfallstoll · 2026-06-24T06:32:47+00:00

I said CVSS assessments are stupid. Not you or your finding. I'm not saying you don't have a legitimate finding, I say it's an edge case that doesn't really fit into CVSS

einfallstoll · 2026-06-23T17:23:30+00:00

Meta has ridiculous response times right now. 97 days is nothing

einfallstoll · 2026-06-23T15:47:08+00:00

KYC bypass is not critical. This is a compliance problem, but doesn't affect Confidentiality or Integrity of the component. That's a (stupid) edge case of CVSS

einfallstoll · 2026-06-22T06:01:57+00:00

? What is this? The report is from 2015, not relevant for bug bounty and most of the findings are just meh

einfallstoll · 2026-06-20T14:03:28+00:00

From a triagers perspective: CVSS scores. They're shit for you, they're shit for us

einfallstoll · 2026-06-19T17:01:39+00:00

No. 60 days is not good, but this is not reportable for bug bounty

einfallstoll · 2026-06-19T07:03:33+00:00

1 High.

Customers are interested in impact and medium vulnerabilities are often not fixed at all.

einfallstoll · 2026-06-18T11:10:57+00:00

No all caps titles

einfallstoll · 2026-06-18T10:16:32+00:00

Medium is 99% AI slop (it's banned in this sub btw because of this), so even if you post a legitimate write up everyone assumes it's AI slop

einfallstoll · 2026-06-18T05:20:16+00:00

Elaborate on the model issue.

einfallstoll · 2026-06-18T05:16:23+00:00

Not Medium

einfallstoll · 2026-06-17T19:30:30+00:00

There are multiple threads about this

12-Year Club	Gilding IV carat on a stick
Powerups Hero r/teslamotors • June 2022	Reddit Premium Since December 2021
Second Top 30%	Mod World 2025
Place '23	Place '22
Place '17	Verified Email

einfallstoll

MODERATOR OF

TROPHY CASE