AkashHamal0x01-info | Stripe Developers | Page 1

abstract musk Jul 13, 2022, 5:42 AM

#

Hi, unfortunately I don't have DM enabled but if that's something sensitive you should write to Support

#

I am developer and can help with non-sensitive info here

dusky nebula Jul 13, 2022, 5:43 AM

#

@abstract musk can i have a chance to speak to the program triagers?

abstract musk Jul 13, 2022, 5:43 AM

#

What do you mean by program triagers?

dusky nebula Jul 13, 2022, 5:43 AM

#

i mean who manage reports of stripe program through hackerone

#

https://hackerone.com/stripe?type=team?

HackerOne

Stripe - Bug Bounty Program | HackerOne

The Stripe Bug Bounty Program enlists the help of the hacker community at HackerOne to make Stripe more secure. HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited.

abstract musk Jul 13, 2022, 5:44 AM

#

You mean this? https://hackerone.com/stripe?type=team

HackerOne

Stripe - Bug Bounty Program | HackerOne

The Stripe Bug Bounty Program enlists the help of the hacker community at HackerOne to make Stripe more secure. HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited.

#

ah jinx

dusky nebula Jul 13, 2022, 5:44 AM

#

yes lol

#

hahha

#

do you manage taxjar?

abstract musk Jul 13, 2022, 5:45 AM

#

I believe they are not in this Discord server. Only way is to write to Support and they will get you contact with them

dusky nebula Jul 13, 2022, 5:45 AM

#

you said you are developer right?

abstract musk Jul 13, 2022, 5:45 AM

#

Yep

dusky nebula Jul 13, 2022, 5:46 AM

#

have you worked on taxjar project?

abstract musk Jul 13, 2022, 5:46 AM

#

No, unfortunately. Any thing you can elaborate?

dusky nebula Jul 13, 2022, 5:46 AM

#

yes

#

an account takeover was found on taxjar

#

the h1 triager closed as informative idk why

#

saying its intended functionality

abstract musk Jul 13, 2022, 5:47 AM

#

Thanks for raising. Any email/number that may identify the conversation?

dusky nebula Jul 13, 2022, 5:48 AM

#

wdym? didnt get it

abstract musk Jul 13, 2022, 5:48 AM

#

I can't see that (gone) link 😅

dusky nebula Jul 13, 2022, 5:48 AM

#

https://hackerone.com/reports/1634165

#

only visible to me and internal team of stripe who manages reports

#

we can have 1 on 1 zoom meeting so i can make you understand

#

but this is serious issue/misconfiguration

abstract musk Jul 13, 2022, 5:52 AM

#

I can't do zoom, sorry 😅 Please wait for a few mins

dusky nebula Jul 13, 2022, 5:52 AM

#

sure do update me. and thanks!

abstract musk Jul 13, 2022, 5:56 AM

#

Ok I found the internal team. Could you write into Support and describe your appeal with the report? Then tell me either email used/ticket number if any and I will connect it to the internal team reviewing hacker one reports

#

(I still need something from you and good for papertrail, so it's better to have a ticket with explanation) while here I don't have the detail thus can't just go tell the team "I have a possible vunerability but I don't know what it is"

dusky nebula Jul 13, 2022, 6:00 AM

#

@abstract musk should i mail to support@stripe.com

abstract musk Jul 13, 2022, 6:00 AM

#

yes!

dusky nebula Jul 13, 2022, 6:03 AM

#

abstract musk (I still need something from you and good for papertrail, so it's better to have...

i did that and the mail i used is akashhamal223@gmail.com

abstract musk Jul 13, 2022, 6:07 AM

#

Awesome. I found it. Left an internal note already!

#

Let's wait for it to reach out to the team

dusky nebula Jul 13, 2022, 6:11 AM

#

thanks and unfortunately i cannot confirm as i lost access to my 2fa app so would like to continue conversation via mail if possible and thank you so much!

Screen_Shot_2022-07-13_at_2.09.15_PM.png

#AkashHamal0x01-info