undefined | Better HN

0 pointsg4ur4v12y ago0 comments

He couldn't have proved without doing that .

0 comments

ceol12y ago

He could have made test accounts with appropriate privacy settings. He could have just told the security team, "Your server does not validate permissions when posting to walls, so if you change this specific HTML form value to anyone else's profile ID, it will post to their wall."

lessnonymous12y ago

It's pretty freaking obvious there was a language barrier problem here. He knew of the whitehat program, but not the ability within it to create test accounts: he asks the security team to set up a test account so he can post to it to show them the problem.

ZoF12y ago

And then they would have paid....

j / k navigate · click thread line to collapse

0 comments

ceol12y ago

lessnonymous12y ago

ZoF12y ago

And then they would have paid....

j / k navigate · click thread line to collapse