Page 1 of 1
Under attack
Posted: Thu Apr 25, 2019 7:40 pm
by source_dr
Hello,
Today, i received an email saying that i have a XSS vulnerability. I did register one hour after and I did send a message to the alerter (no response yet) but in the meanwhile, the url of the site has been disclosed AND because it is public I received today dozens of attacks when i generally have one or two per week.
It means that your list is saying to hackers : you can attack this site as there are vulnerability and here is the type of vulnerability.
I would found more ethical :
1. to send the alert by email, but waiting 2 weeks for a response to disclose that the site has vulnerability and then only you could disclose the url.
Otherwise, it is really "here is a target, please go for it" like hunting.
Question now: how to unlist my site ?
Thank you
Re: Under attack
Posted: Fri Apr 26, 2019 4:45 am
by secuninja
usually there is a 90 day hold time before the report get's released publicly.
quite sure admin can help you out.
Re: Under attack
Posted: Fri Apr 26, 2019 6:38 am
by x1admin
source_dr wrote: ↑Thu Apr 25, 2019 7:40 pm
Hello,
Today, i received an email saying that i have a XSS vulnerability. I did register one hour after and I did send a message to the alerter (no response yet) but in the meanwhile, the url of the site has been disclosed AND because it is public I received today dozens of attacks when i generally have one or two per week.
It means that your list is saying to hackers : you can attack this site as there are vulnerability and here is the type of vulnerability.
I would found more ethical :
1. to send the alert by email, but waiting 2 weeks for a response to disclose that the site has vulnerability and then only you could disclose the url.
Otherwise, it is really "here is a target, please go for it" like hunting.
Question now: how to unlist my site ?
Thank you
Vulnerability details hidden for 90 days. You can ask researcher make report private or create bug bounty program and select "allow private submissions only"
Re: Under attack
Posted: Fri Apr 26, 2019 3:03 pm
by source_dr
Thank you for the answer.
Re: Under attack
Posted: Thu Jul 18, 2019 3:49 pm
by geeknik
secuninja wrote: ↑Fri Apr 26, 2019 4:45 am
usually there is a 90 day hold time before the report get's released publicly.
quite sure admin can help you out.
x1admin wrote: ↑Fri Apr 26, 2019 6:38 am
Vulnerability details hidden for 90 days. You can ask researcher make report private or create bug bounty program and select "allow private submissions only"
Yes, but the base domain is still public when you submit a vulnerability and that is what this site owner is talking about. Hiding the base domain for X weeks after submission makes sense.
Re: Under attack
Posted: Fri Jul 19, 2019 1:00 am
by GordSchramm
geeknik wrote: ↑Thu Jul 18, 2019 3:49 pm
secuninja wrote: ↑Fri Apr 26, 2019 4:45 am
usually there is a 90 day hold time before the report get's released publicly.
quite sure admin can help you out.
x1admin wrote: ↑Fri Apr 26, 2019 6:38 am
Vulnerability details hidden for 90 days. You can ask researcher make report private or create bug bounty program and select "allow private submissions only"
Yes, but the base domain is still public when you submit a vulnerability and that is what this site owner is talking about. Hiding the base domain for X weeks after submission makes sense.
I agree