|
|
|
Here is the email by yandex security team:
The above is an email by Yandex security team and according to them the vulnerability was reported before. However, speaking from my experience i haven't seen any researcher getting payed for reporting a vulnerability inside yandex.
Here are some tweets from some security experts, who have Participated in yandex bug bounty program and in most of the cases they are unable to reporduce the bug and in some cases they did not accept HTML injection and XSS as a security vulnerabilities:
Is yandex bounty program worth the time?, Decide for yourself.
You might also like: Make Money Online By Reporting Bug Bounties
Subscribe to our Newsletter and receive updates directly via email - Get Ethical hacking and security tips directly to your inbox. Alternatively you can Join our Hackers Community on Facebook , Google+ and Twitter .
Tags:
Hacking News
Kindly Bookmark it and Share it with Friends:
Rafay Baloch is an Independent security researcher, Internet marketer, Entrepreneur and a SEO consultant, He is the founder of RHA blog and multiple other blogs. Rafay got famous after finding a Remote Code Execution bug inside PayPal for which PayPal awarded him a sum of 10,000$
3 comments :
Your the Best example for an Ethical Hacker
coz even they didn't give any reward even though u didn't worry about that and u didn't release those also I'm Very proud of u bro!
;)))
Have a Blast
Regards
M.Gazzaly
@Gazzaly
Thankyou very much for your compliment, it's all about Ethics my friend, The webpage is still vulnerable, however i won't disclose it.
I recently got rewarded with 320$ from yandex.ru for XSS vulnerability. Although, It didn't reached my bank yet. They asked and I sent them all required info for receiving the bounty. No reply from they after that. I don't even know when will I receive money. Found 2 more vulnerabilities after that. Reported them and got No reply from them. I will update here once I get atleast my 320$ from them! =)