Latest News

Yandex Bug Bounty Program - Is It Worth The Time?


Yandex also has a bug bounty program which pays a reasonable amount to security researchers who find security vulnerabilities inside their website, Recently i found multiple XSS vulnerabilities in a subdomain of yandex, The company accepted it as a vulnerability, but unfortunately i did not qualify for a bounty as the vulnerability was already reported by some one else.

Here is the email by yandex security team:

The above is an email by Yandex security team and according to them the vulnerability was reported before. However, speaking from my experience i haven't seen any researcher getting payed for reporting a vulnerability inside yandex.

Here are some tweets from some security experts, who have Participated in yandex bug bounty program and in most of the cases they are unable to reporduce the bug and in some cases they did not accept HTML injection and XSS as a security vulnerabilities:






Is yandex bounty program worth the time?, Decide for yourself. 


No comments:

Post a Comment

Contact Us

24x7 online , we happy to answer you
tamilcypc@gmail.com

Disclaimer

This Blog and its TUT's are intended for educational purposes only, no-one involved in the creation of this TuT may be held responsible for any illegal acts brought about by this Blog or TuT.



Featured Post

Custom Domains And HTTPS Redirection Code