#davidev - Flaw Report

Hello! Can you provide more details? Not sure what "hackerone" is or what the context is?

I was wanting to report a bug for a while and they sent me the link that takes me to the hackerone website to report the bug

but hackerone rules say that the report cannot contain there is data change

Sorry, I'm not sure I understand the context. Is what you're trying to report related to Stripe?

yes

Bad people can make purchases with ease

How is hackerone involved?

With other people's cards

If I send a video to hackerone they can say that I'm changing data and I don't receive anything

but i don't use this error, But I know how it works because there are flaws like this on other shopping sites

So is hackerone using Stripe and you're trying to report the flaw to them?

Or are you trying to report the flaw to Stripe?

To clarify, I have no idea who or what hackerone is, so I'm looking for more detail about exactly what you're trying to do and how I can help.

See previous messages, someone sent me this hackerone link so I could report to stripe

Who sent you that link?

Ok

https://hackerone.com/stripe?type=team

Right. Who gave you that link?

cjav_dev

I recommend asking him for help. The people here in #dev-help are not familiar with this process.

How do I contact him directly?

I would reply wherever he gave you the link.

Can you help me?

I'm not familiar with this process, sorry. Why can't you ask CJ for clarification about next steps?

Ok, thx

Hey, please do not try to pull in other people.

Can you clarify why you can't ask CJ for help with this? He provided the link, so it makes sense to ask him for next steps, right?

these two people sent me this link

How did they send it to you? Here via Discord?

yes

Where did this happen? In a thread here? In another channel? In a DM?

here

I created this thread about an hour ago, and neither of those people are in it. You mean in an earlier thread in #dev-help?

yes

Neither of those people are available right now. I recommend you write in to support for help reporting the flaw: https://support.stripe.com/contact/email

I've done this

Stripe's payment site has been bugged for a long time and it's a bug that if someone goes to report it can cause something bad for stripe

because it's something the stripe assures and it's wrong

I just want to help, I have information on how it works, where the error is and how to solve it

I work bug bounty and get paid for it

What specific help do you need though? You've been given a link to report it, right?

The link to report it contains rules that can prevent me from receiving anything for reporting the bug

The rule says that the date cannot be modified, and the way to find this error needs to modify the date

Okay, so write in to support, explain the situation in detail, and ask for help with next steps.

here is not support?

No. This is Stripe's Discord server for our developer community.

I already tried to contact stripe by email but no response

This is not Stripe Support.

How long ago did you contact support? Maybe the reply was filtered into junk mail or something? Maybe try another email address?

I've already tried

it seems like i only have answers around here so i came again

Just out of curiosity, what do you want me to do? What would be the ideal outcome from talking to me?

That you could help me with that hackerone question

What is the question?

for being a contact with programmers I thought you could talk to someone to solve this

What is the question though?

Any stripe user is exposed to this flaw

What is the question?

I do bug bounty if I say I want to do a job do you understand?

I understand you have not told me what your question is.

How can I answer a question if I don't know what the question is?

I want to report the error and receive if the error is confirmed

That is not a question.

Please type your question here and hit enter.

this is my job

that is the question

That is not a question though. That's what you want to do. That's a description of a vague goal.

I want you to help me get to talk to someone who solves these two things

I told you how to do that: contact Stripe Support.

I understood this and said it doesn't work

How many different email accounts have you tried?

I don't remember, I don't report bugs just for stripe

How many times did you attempt to contact support? Did you use the email form I linked to above?

Tried once in each email to not be seen as spam

If I report the bug to support directly they won't give me anything for it

I'm not suggesting you report the bug to support, I'm suggesting you ask them for help with your issues reporting the bug.

When was the last time you tried to contact support?

Did you ever get sent to this page? https://stripe.com/docs/security/stripe#disclosure-and-reward-program

You there?

@wind nebula Please don't claim other people are frauds. Doing so violates the #📖rules here.

deleted

Thank you!