Bug Bounty

[Nakulmohan1]

.

[genecyber]

did you do these submissions via bugcrowd?

On Thu, Jul 3, 2014 at 5:28 AM, Nakul Mohan notifications@github.com wrote:

Hey Man I Submitted 11 Bugs But No One Single Message Me About That ? Is That Your Security Policy It Was My Hard Work Which I Had Done But No One Message Me ?

Reply to this email directly or view it on GitHub https://github.com/mastercoin-MSC/omniwallet/issues/694.

[genecyber]

Those were largely duplicates. i apologize for the delay, we just opened up this most recent leg of the bounty program and I was overwhelmed with submissions. You are in the queue for review and I'll get to it shortly;

On Thu, Jul 3, 2014 at 6:33 AM, Shannon Code Shannon.Null.Code@gmail.com wrote:

did you do these submissions via bugcrowd?

On Thu, Jul 3, 2014 at 5:28 AM, Nakul Mohan notifications@github.com wrote:

Hey Man I Submitted 11 Bugs But No One Single Message Me About That ? Is That Your Security Policy It Was My Hard Work Which I Had Done But No One Message Me ?

Reply to this email directly or view it on GitHub https://github.com/mastercoin-MSC/omniwallet/issues/694.

[genecyber]

I'll take a more detailed look today. As for the jquery issue can you make JavaScript execute on any page in omni that was not written by the omni team,

On Thu, Jul 3, 2014 at 6:46 AM, Nakul Mohan notifications@github.com wrote:

And You Didn't Respond My #617 Bug - jQuery Cross Site Scripting ? You Closed My Submission Without Letting Me Know Is That Your Security Policy ? I Reply You Properly But Why Are You Closed My jQuery Cross Site Scripting Submission ?

Reply to this email directly or view it on GitHub: https://github.com/mastercoin-MSC/omniwallet/issues/694#issuecomment-47891840

[genecyber]

Re; jquery, I'll try again to leverage it in an attack. I'll also investigate your remaining open issues and get back to with details.

On Thu, Jul 3, 2014 at 6:58 AM, Nakul Mohan notifications@github.com wrote:

But You Are Using Vulnerable jQuery Version Is Not My Fault Is Your Developer Why Are You Using Vulnerable jQuery Version Tell Me Is Not A Right Reason To Close My Bug Ok ?

Reply to this email directly or view it on GitHub: https://github.com/mastercoin-MSC/omniwallet/issues/694#issuecomment-47892804

[genecyber]

I'm going through all the remaining issues now.

Sent from my iPhone

On Jul 8, 2014, at 4:28 PM, Nakul Mohan notifications@github.com wrote:

Hey Bro When You Gonna Message Me About My Security Bugs ?

— Reply to this email directly or view it on GitHub.

[spacelite]

send me the bugs let me see, I'm been workin on some security joe@spacelite.net

On Tue, Jul 8, 2014 at 1:33 PM, Nakul Mohan notifications@github.com wrote:

Please Bro Check It It Been A So Long Time It Was My Hard Work Which I Had Done So Please Message Me As Soon As Possible.

— Reply to this email directly or view it on GitHub https://github.com/mastercoin-MSC/omniwallet/issues/694#issuecomment-48402339 .

[spacelite]

send to me directly, I'll verify you can reproduce some bugs with me What's your MSC address, I'll send you some test coins

On Tue, Jul 8, 2014 at 6:29 PM, Nakul Mohan notifications@github.com wrote:

3 Bugs Via Bugcrowd Total = 14

— Reply to this email directly or view it on GitHub https://github.com/mastercoin-MSC/omniwallet/issues/694#issuecomment-48423194 .

[genecyber]

I would like for you to do a proof of concept on the host header attack. All of the other ones were duplicates. 

I'll respond with github issue links shortly.

On Fri, Jul 11, 2014 at 3:51 PM, Nakul Mohan notifications@github.com wrote:

Are You Kidding With Me ? Can You Please Give Me Proof Of That Is My Bug Is Duplicate Show Me Proof Please How Is That Possible You Gonna Rejected My All Bugs Are You Out Of Your Mind Dude Or Maybe You Are On Drugs ? Show Me Proof Please Otherwise I Will Deface You Web Domain I Will Find A Critical Bug On Your Website And Gonna Public In IRC Hacker Chat Ok.

Reply to this email directly or view it on GitHub: https://github.com/mastercoin-MSC/omniwallet/issues/694#issuecomment-48775098