I reported Command Injection to the bug bounty program they moved it to The VDP program LOL #bugbounty #bugbountytips
and this one paid me $50 bonus because they knew about the vulnerability, but they were waiting for my report to fix it in the same day LOL
@h4x0r_dz It's happened to me and nothing happened from the Hackerone mediation side, and it was so a bad experience
@h4x0r_dz I think it's a good idea to wait 1 to 3 months before submitting a report related to famous CVEs like this (if the bug still exists, of course). Early submissions are typically marked as Informative or OOS according to program policy. It depends on luck 😀
@h4x0r_dz I leaked 1M data of customers on a big company. Triagers marked it N/A 😂 when i asked to share the data publicly they refused and they solved the bug 🙂😂