Does LTT honour security researchers?

[mylorik]

I submitted a vulnerability report about ltt store on Aug 31 to "support@lttstore.com" that could potentially lead to DDOS, and possibly XSS, but I didn't test this, since I would need their permission. To this day they didn't even reply with a thank you message. I wonder if anyone had any expirience submitting vulnerability reports to the ltt group, maybe I should use a different address?

[Skiiwee29]

1 minute ago, mylorik said:

I submitted a vulnerability report about ltt store on Aug 31 to "support@lttstore.com" that could potentially lead to XSS, but I didn't test this, since I would need their permission. To this day they didn't even reply with a thank you message. I wonder if anyone had any expirience submitting vulnerability reports to the ltt group, maybe I should use a different address?

 

 

@Slick

@AJJaxNet

@LinusTech

[mylorik]

I guess not since I have never received a reply 

[wanderingfool2]

Honesty, I bet they haven't even seen this post (or the email)...from my understanding the support email is just like front line staff and depending on wording it could very well be put into a junk box with someone thinking it's a scam or something (I've seen things like that before, where the customer service team doesn't understand what is being said and trashes it)

 

I mean you could try email the whois contact for the site (which is lttstore.com@contactprivacy.com)

Or since you are aware of this forum, post in the merchandise section, with a topic name that scream look at me...like "potential vulnerability on lttstore who to report to?"  That way it's a lot easier for someone who actually have control to notice it.  Front line people have a tendency to just trash any warning and stuff (and the title you used here doesn't really capture what you are trying to say...ie they could easily overlook things like this and likely get a lot of people pinging them...eg. slick hasn't logged in here since Sept 7).

 

Anyways, @LinusTech to ping to hope he clicks in here and sees this topic at least.

[Needfuldoer]

Is it specifically an lttstore.com problem, or is it a problem with the Shopify platform?

[mylorik]

1 hour ago, wanderingfool2 said:

Honesty, I bet they haven't even seen this post (or the email)...from my understanding the support email is just like front line staff and depending on wording it could very well be put into a junk box with someone thinking it's a scam or something (I've seen things like that before, where the customer service team doesn't understand what is being said and trashes it)

 

I mean you could try email the whois contact for the site (which is lttstore.com@contactprivacy.com)

Or since you are aware of this forum, post in the merchandise section, with a topic name that scream look at me...like "potential vulnerability on lttstore who to report to?"  That way it's a lot easier for someone who actually have control to notice it.  Front line people have a tendency to just trash any warning and stuff (and the title you used here doesn't really capture what you are trying to say...ie they could easily overlook things like this and likely get a lot of people pinging them...eg. slick hasn't logged in here since Sept 7).

 

Anyways, @LinusTech to ping to hope he clicks in here and sees this topic at least.

Thank you, I understand your point and it totally makes sense, but I feel like I am already wasting my time. I asked for an email in this post, and the moderator couldn't provide it, so I don't think I need to run after a company helping them patch holes. As for the support - it's not like I asked them to pay me or anything, I just disclosed the vulnerability using my actual email address they could google and was hoping at least for a thank you message, so I am just disappointed and I will leave it at that.