Follow

lol, amex takes vuln submissions and sends them to hackerone, and replies with an autoresponder that says you have to confirm the report, and claims that clicking the link means you agree to the hackerone contract.

the link, of course, completely fails to render without javascript.

i will not agree to this contract and i will not render hackerone's javascript.

guess amex's vuln is getting published in a month.

Sign in to participate in the conversation
Mastodon

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!