Jump to content

LTT Forum Bug Searching

LtStaffel
By LtStaffel
in General Discussion
 Share
Go to solution Solved by colonel_mortis,

You may search for vulnerabilities subject to the following constraints:

  • The only information that you attempt to obtain is the information stored about your own account - attempting to access other members' private data, whether successfully or not, is considered a serious offence
  • Any vulnerabilities that you do find must be reported to me by PM as soon as reasonably possible
  • If, when searching for vulnerabilities, you decide to submit forum posts or topics to test for vulnerabilities, these posts should be made only in the Test Posts subforum
  • You must obey any further instructions

It is unlikely that you will find vulnerabilities though, because for the most part, the software has been written to be secure by default. That said, with limited experience but access to the source (which I am not able to distribute), I have been able to find a few issues, so maybe there are more things out there that you will find.

Posted

Hello,

Is there currently, or a possibility of starting, a "bug bounty" program for this site? A while ago LTT here was "hacked" and they had that notification going to change your password.

A bug bounty program doesn't even have to have rewards offered, some people would test just to help and get better at pentesting.

I am on bugcrowd and hackerone, and have seen the rules for pentesting sites give on those. It'd be pretty easy to implement some sort of program like those.

What do you all know? And (moderators if you're reading this) what does LTT think of this?

I apologize if this should be sent or placed elsewhere, if that is the case this thread can be locked/deleted.

 

Thanks

-LtStaffel

Join the Appleitionist cause! See spoiler below for answers to common questions that shouldn't be common!

Spoiler

Q: Do I have a virus?!
A: If you didn't click a sketchy email, haven't left your computer physically open to attack, haven't downloaded anything sketchy/free, know that your software hasn't been exploited in a new hack, then the answer is: probably not.

 

Q: What email/VPN should I use?
A: Proton mail and VPN are the best for email and VPNs respectively. (They're free in a good way)

 

Q: How can I stay anonymous on the (deep/dark) webzz???....

A: By learning how to de-anonymize everyone else; if you can do that, then you know what to do for yourself.

 

Q: What Linux distro is best for x y z?

A: Lubuntu for things with little processing power, Ubuntu for normal PCs, and if you need to do anything else then it's best if you do the research yourself.

 

Q: Why is my Linux giving me x y z error?

A: Have you not googled it? Are you sure StackOverflow doesn't have an answer? Does the error tell you what's wrong? If the answer is no to all of those, message me.

 

Link to comment
https://linustechtips.com/topic/718631-ltt-forum-bug-searching/
Share on other sites
Link to post
Share on other sites
Posted
2 minutes ago, LtStaffel said:

Hello,

Is there currently, or a possibility of starting, a "bug bounty" program for this site? A while ago LTT here was "hacked" and they had that notification going to change your password.

A bug bounty program doesn't even have to have rewards offered, some people would test just to help and get better at pentesting.

I am on bugcrowd and hackerone, and have seen the rules for pentesting sites give on those. It'd be pretty easy to implement some sort of program like those.

What do you all know? And (moderators if you're reading this) what does LTT think of this?

I apologize if this should be sent or placed elsewhere, if that is the case this thread can be locked/deleted.

 

Thanks

-LtStaffel

there's this : https://linustechtips.com/main/forum/82-bugs-and-issues/

~New~  BoomBerryPi project !  ~New~


new build log : http://linustechtips.com/main/topic/533392-build-log-the-scrap-simulator-x/?p=7078757 (5 screen flight sim for 620$ CAD)LTT Web Challenge is back ! go here  :  http://linustechtips.com/main/topic/448184-ltt-web-challenge-3-v21/#entry601004

Link to comment
https://linustechtips.com/topic/718631-ltt-forum-bug-searching/#findComment-9153621
Share on other sites
Link to post
Share on other sites
Posted
  • Author
16 minutes ago, givingtnt said:

there's this : https://linustechtips.com/main/forum/82-bugs-and-issues/

Yes

But that does not give me permission to try to get an error, or to try throwing a <script> into a field or send a crafted request.

Join the Appleitionist cause! See spoiler below for answers to common questions that shouldn't be common!

Spoiler

Q: Do I have a virus?!
A: If you didn't click a sketchy email, haven't left your computer physically open to attack, haven't downloaded anything sketchy/free, know that your software hasn't been exploited in a new hack, then the answer is: probably not.

 

Q: What email/VPN should I use?
A: Proton mail and VPN are the best for email and VPNs respectively. (They're free in a good way)

 

Q: How can I stay anonymous on the (deep/dark) webzz???....

A: By learning how to de-anonymize everyone else; if you can do that, then you know what to do for yourself.

 

Q: What Linux distro is best for x y z?

A: Lubuntu for things with little processing power, Ubuntu for normal PCs, and if you need to do anything else then it's best if you do the research yourself.

 

Q: Why is my Linux giving me x y z error?

A: Have you not googled it? Are you sure StackOverflow doesn't have an answer? Does the error tell you what's wrong? If the answer is no to all of those, message me.

 

Link to comment
https://linustechtips.com/topic/718631-ltt-forum-bug-searching/#findComment-9153694
Share on other sites
Link to post
Share on other sites
Posted
1 minute ago, LtStaffel said:

Yes

But that does not give me permission to try to get an error, or to try throwing a <script> into a field or send a crafted request.

@LinusTech @colonel_mortis

~New~  BoomBerryPi project !  ~New~


new build log : http://linustechtips.com/main/topic/533392-build-log-the-scrap-simulator-x/?p=7078757 (5 screen flight sim for 620$ CAD)LTT Web Challenge is back ! go here  :  http://linustechtips.com/main/topic/448184-ltt-web-challenge-3-v21/#entry601004

Link to comment
https://linustechtips.com/topic/718631-ltt-forum-bug-searching/#findComment-9153704
Share on other sites
Link to post
Share on other sites
Posted
  • Solution

You may search for vulnerabilities subject to the following constraints:

  • The only information that you attempt to obtain is the information stored about your own account - attempting to access other members' private data, whether successfully or not, is considered a serious offence
  • Any vulnerabilities that you do find must be reported to me by PM as soon as reasonably possible
  • If, when searching for vulnerabilities, you decide to submit forum posts or topics to test for vulnerabilities, these posts should be made only in the Test Posts subforum
  • You must obey any further instructions

It is unlikely that you will find vulnerabilities though, because for the most part, the software has been written to be secure by default. That said, with limited experience but access to the source (which I am not able to distribute), I have been able to find a few issues, so maybe there are more things out there that you will find.

HTTP/2 203

Link to comment
https://linustechtips.com/topic/718631-ltt-forum-bug-searching/#findComment-9155884
Share on other sites
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing General Discussion

×