0day rce popular software, no bug bounty, many targets.
i recently found an rce for a somewhat popular software, but they offer no bounties. however, said vulnerability is exploitable on hundreds of servers owned by many different companies. any advice?
5 Replies
i mean if all you care about is getting paid you could go to the black market... there's a thousand different very good reasons why you shouldn't, but you could...
standard procedure is to disclose it to the company anyway
try all you can to make sure they're aware of the vulnerability, email their support line, call their phone number, add people on linkedin if you have to. that's partly to cover your ass legally
yeahh not sure im doing that. id rather avoid having the mossad use the shit i find
if you really can't get a response from them or if they brush you off, you can publish it
you probably don't have the clout to self-pub but you can try contacting journalists
even if they don't have a bug bounty you can still ask
no guarantee they'll actually pay it but worth a try :VentiShrug:
thanks for the help
why do you say that the black market is not the place to be