User Controls

Selling Existing Vulnerabilities

  1. #1
    Misterigh Houston
    Lets say hypothetically someone had a bunch of live vulnerabilities in websites that could be used to obtain different kinds of information and that this person didn't feel like putting the time into harvesting the data, could these be easily sold?

    Would the US government buy these if they were within their own websites?

    Obviously it would be illegal for this person to find these, but what if the person just enjoyed finding them and wanted to make a little extra money?
  2. #2
    Ghost Black Hole
    can you do that for minecrafrtt
  3. #3
    Got vulns on here, anyone wanna buy it?
  4. #4
    A College Professor motherfucker [your moreover breastless limestone]
    Originally posted by Blunt Wrap Supreme Got vulns on here, anyone wanna buy it?

    yee but you gotta show me how to use it. ill mail u a personal cheque , dat cool? fiddy bux, maybe more depending what it can do??? wut u fink
  5. #5
    Originally posted by A College Professor yee but you gotta show me how to use it. ill mail u a personal cheque , dat cool? fiddy bux, maybe more depending what it can do??? wut u fink

    yeah good idea, ill script a PoC via Python yeah?
    yeah, fiddy sounds about right yeah.
  6. #6
    Sophie Pedophile Tech Support
    Are these vulnerabilities 0day? If so Zerodium will pay a premium for those.
  7. #7
    Misterigh Houston
    Originally posted by Sophie Are these vulnerabilities 0day? If so Zerodium will pay a premium for those.

    Let's say hypothetically that there was an issue with NIS and someone could modify(maybe SQL, maybe not) a request that was being sent to the server and could get back somebodies password. Things like that, but with other data like SSN, DL, DOB, MMN, etc. Maybe US government sites, maybe not.
  8. #8
    Sophie Pedophile Tech Support
    Originally posted by Misterigh Let's say hypothetically that there was an issue with NIS and someone could modify(maybe SQL, maybe not) a request that was being sent to the server and could get back somebodies password. Things like that, but with other data like SSN, DL, DOB, MMN, etc. Maybe US government sites, maybe not.

    like web app vulns of a more traditional nature? Depending on the department of the government they may have a bug bounty program. The real money is in 0days though.
Jump to Top