Learn More
Resend Email
23
gagan-suie
284d

Someone once sent me an email talking about vulnerabilities in my website. He sent a full document with step by step instructions and code.

I emailed back and said woah! Thanks for the heads up I really appreciate it!

He responds back and says
"usually people send a payment as thank you"

I said sorry we're poor.

And he responds with "should I disclose the issue to your users?"

I said "we have like 6 users and most of them are my mom. Lol"

This was the email title:

Vulnerability Report 1 : Clickjacking On Login Lead to Account Takeover Of Any User/Cross Site Scripting Attacks/User Account Privilege Escalation/Victim Privilege Escalation/Malware Execution/Victim PC Hijack/Unauthorized Access To Any User Account/Account Takeover Of All The Users Registered On Your Application 

rant

fake vulnerability

scam
Favorite
Ranter
Comments
  • 12
    284d
    Your mom sounds awesome. Very supportive
  • 6
    284d
    Was your website based on a common platform like Wordpress, Drupal, etc.?

    Used to be quite a common scam where script kiddies would email out common exploits to websites running known old / bad versions and then demand payment. Sounds very much like that.
  • 2
    284d
    @AlmondSauce no it was a MEAN stack web app. And the guy thought he could scare me by showing me my website in an iframe claiming my users can get tricked into clicking this fake website and stealing their credentials.
  • 1
    284d
    @retoor she's the best. She actually took coding classes 30 years ago. We found her old assignments. She didn't even remember. Lmao
  • 3
    284d
    I usually respond with "If you're so good at finding vulnerabilities on my site, I would need to know how to put proper fixes in place to avoid these. Only then, you deserve the payment."

    Seriously, for all they care they could just be throwing random words at you to get a payment.
  • 3
    284d
    @Sid2006 that's what it was. An attempt at scaring me into payment.
  • 4
    284d
    @gagan-suie You should reply with

    "I'll give you a shout-out on my LinkedIn for your efforts" 🤣
  • 4
    282d
    @gagan-suie actually this is eligible for court. This is a pen-test job without authorisation from the owner (you) and the communication can be interpreted as extortion. You should simply sue without notifying the opposing party .

    Demand $1000 in damages.
  • 1
    258d
    You can tell him: "I don't have any money but what I can do is give you a free 60 minutes session on my hardcore furry porn OF with me thanking you for your contribution at the end of the day."
  • 0
    258d
    @PepeTheFrog or my tiktok live doing the NPC trend. "thank you for the null pointer"
  • 0
    258d
    @Nanos very respectful response. I appreciate you
Related Rants
devRant © 2021 Hexical Labs LLC
Privacy Policy  |  Terms of Service
Add Comment