Hello,
Today, i received an email saying that i have a XSS vulnerability. I did register one hour after and I did send a message to the alerter (no response yet) but in the meanwhile, the url of the site has been disclosed AND because it is public I received today dozens of attacks when i generally have one or two per week.
It means that your list is saying to hackers : you can attack this site as there are vulnerability and here is the type of vulnerability.
I would found more ethical :
1. to send the alert by email, but waiting 2 weeks for a response to disclose that the site has vulnerability and then only you could disclose the url.
Otherwise, it is really "here is a target, please go for it" like hunting.
Question now: how to unlist my site ?
Thank you
Under attack
Re: Under attack
usually there is a 90 day hold time before the report get's released publicly.
quite sure admin can help you out.
quite sure admin can help you out.
Re: Under attack
Vulnerability details hidden for 90 days. You can ask researcher make report private or create bug bounty program and select "allow private submissions only"source_dr wrote: ↑Thu Apr 25, 2019 7:40 pmHello,
Today, i received an email saying that i have a XSS vulnerability. I did register one hour after and I did send a message to the alerter (no response yet) but in the meanwhile, the url of the site has been disclosed AND because it is public I received today dozens of attacks when i generally have one or two per week.
It means that your list is saying to hackers : you can attack this site as there are vulnerability and here is the type of vulnerability.
I would found more ethical :
1. to send the alert by email, but waiting 2 weeks for a response to disclose that the site has vulnerability and then only you could disclose the url.
Otherwise, it is really "here is a target, please go for it" like hunting.
Question now: how to unlist my site ?
Thank you
Re: Under attack
Yes, but the base domain is still public when you submit a vulnerability and that is what this site owner is talking about. Hiding the base domain for X weeks after submission makes sense.
- GordSchramm
- Posts:164
- Joined:Thu Apr 28, 2016 11:26 pm
Re: Under attack
Who is online
Users browsing this forum: No registered users and 2 guests