Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://mastodon.gamedev.place/users/djlink/statuses/113305452187337846">David Amador (djlink@mastodon.gamedev.place)'s status on Monday, 14-Oct-2024 20:07:24 JST</a><a href="https://mastodon.gamedev.place/@djlink" title="djlink@mastodon.gamedev.place"><img src="https://gnusocial.jp/avatar/19726-48-20221122095147.webp" width="48" height="48" alt="David Amador" style="position: absolute; left: 0; top: 0;">David Amador</a></section><article><p>Programmer finds critical bug in Zendesk (which even allowed access in Slack instances), gets dismissed by Zendesk, warns costumers affected; Zendesk is then forced to fix but attributes it a 0$ bounty because "out of scope" of bounty program <a href="https://gist.github.com/hackermondev/68ec8ed145fcee49d2f5e2b9d2cf2e52" rel="nofollow noreferrer">https://gist.github.com/hackermondev/68ec8ed145fcee49d2f5e2b9d2cf2e52</a></p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/3824225#notice-7480071">In conversation</a><time datetime="2024-10-14T20:07:24+09:00" title="Monday, 14-Oct-2024 20:07:24 JST">about a month ago</time> <span>from <span><a href="https://mastodon.gamedev.place/@djlink/113305452187337846" rel="external" title="Sent from mastodon.gamedev.place via ActivityPub">mastodon.gamedev.place</a></span></span><a href="https://mastodon.gamedev.place/@djlink/113305452187337846">permalink</a><h4>Attachments</h4><ol><li><article><header><div>Domain not in remote thumbnail source whitelist: github.githubassets.com</div><h5><a href="https://gist.github.com/hackermondev/68ec8ed145fcee49d2f5e2b9d2cf2e52">1 bug, $50,000+ in bounties, how Zendesk intentionally left a backdoor in hundreds of Fortune 500 companies</a></h5><div> from <span>hackermondev</span></div></header><div>1 bug, $50,000+ in bounties, how Zendesk intentionally left a backdoor in hundreds of Fortune 500 companies</div><footer></footer></article></li></ol></footer></blockquote>

Corresponding Notice

Embed this notice
David Amador (djlink@mastodon.gamedev.place)'s status on Monday, 14-Oct-2024 20:07:24 JST David Amador
Programmer finds critical bug in Zendesk (which even allowed access in Slack instances), gets dismissed by Zendesk, warns costumers affected; Zendesk is then forced to fix but attributes it a 0$ bounty because "out of scope" of bounty program https://gist.github.com/hackermondev/68ec8ed145fcee49d2f5e2b9d2cf2e52
In conversationabout a month ago from mastodon.gamedev.placepermalink
Attachments
1. Domain not in remote thumbnail source whitelist: github.githubassets.com
  1 bug, $50,000+ in bounties, how Zendesk intentionally left a backdoor in hundreds of Fortune 500 companies
  from hackermondev
  1 bug, $50,000+ in bounties, how Zendesk intentionally left a backdoor in hundreds of Fortune 500 companies

Public

Embed Notice

HTML Code

Corresponding Notice