Reply to post: This happens all too often

Uber explains itself after 'moving the goalposts' on its new bug bounties

Anonymous Coward
Anonymous Coward

This happens all too often

As a frequent participant in bug bounties.... I come across this often... and then some.

You either get :

a) This is not a bug - this a FEATURE!

b) We don't regarde this as a security risk

and

c) Oh that's out of scope now...

I remember I was testing a well known sandboxing program that was touting how it could stop cryptolocker dead in its tracks. It has a tick box which says "deny all internet access" for the sandboxed program, but what I found out was it forgot about SMB protocol so your sandboxed program could do bypass these restrictions like this: \\www.yoursite.com\fileyouwanthere$ and it bypassed the restrictions and went to fetch that file (not to mention the DNS queries were also treated so DNS exfiltration was allowed too). Response from vendor -> We know about this, it's supposed to be like that...

So I go back in and keep looking... find that I can keylog from processes that are OUTSIDE the sandbox from within it... ooh nice. Submit it -> Scope is suddenly changed to "Our sandboxing program is not supposed to protect against keyloggers"...

After that I found a way to pivot into a system level process outside the sandbox from within it, and you know what? I just thought "screw these guys" and just didn't submit it......

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2021