Арбитраж Спор между AW_Cards и venkat

[AW_cards]

This user suggested a vulnerability in our store in private messages.
He sent beautiful videos that everything works, and you can pick up a password recovery phrase from accounts.
He demanded $5,000 for everything.
We sent an advance payment of $2000.
After the prepayment, nothing changed, he also sent a video of the work of his script, and to requests to show the request that he sends to the server, he replied that he would not send anything, and demanded more money.

Link to our correspondence /conversations/67247/

2000$ can not be returned. We will not become homeless from this money.

The user is requested to be banned.

User profile link: /members/200707/

 

[TheProfessor786]

Я вижу в этом карму для всех, кого ты кидал ежедневно))

 

[Vespiary]

вы извините за флуд, но не могу сдержаться...)))
поступок плохой, но venkat , это красиво))))
Мавроди бы автограф попросил

 

[beybala]

venkat defrauded me, I paid 1k usd to this man, he is deceiving everyone with the video)

 

[drpalpatine]

there was similar against venkat --> threads/51768/ --> similar reason

 

[venkat]

Banned for what ? reported a vuln to a site owner ? huh , i think it doesn work thats way !!!

 

[venkat]

admin Added you to the chat , you can read those messages & see ,

and Is it a bug bounty program or some kinda trade we have done ? lol xaxaxa

 

[venkat]

We sent an advance payment of $2000.
After the prepayment, nothing changed,

advance? is it a business or bug bounty program ?


What did you want me to do with it ? work on your site instead of you ?

 

[venkat]

Profile : /members/228158/ , AW_cards

They started a bug bounty program : threads/58126/

Reported two Vulns to their site with PoC , They agreed to pay $5000 , and sent me $2000 and said they will send the remaining after they fix (i.e $2000)

After sending the third Vuln PoC ( Which is most crtical , which may cause most damage to their business) , I already gave the attack vector and an explaination , but however they want more , which i told i cant give , so they started a black on me , LoL ?

So ? Is this means they want to cover their huge hole by getting me banned ?

added admin to our chat - conversations/67247/

 

[venkat]

" In general of a bug bounty program , if the report is not applicable , they shuold have just say " not elegible" , but they never mentioned any reportas not eligible , which i asked them "if not elegible just tell me about it " but they just said " need more info" after an explanation gave them , am i here to teach them about vulns " , then why need to raise an black to ban me , isn't it suspicous ? admin

 

[venkat]

 

[admin]

It's very strange. Few things, that I want to say:
1. Bug bounty - this is a voluntary process, not a business. Site owner decides himself how much to pay.
2. There is a clear description of what a vulnerability should look like in order to be accepted into a bug bounty (could be even look at hackerone.com).
I read your PM and didn't see a clear POC that I could repeat (from the outside, not being the site owner or the attacker).

Therefore, I ask you to normalize the process.
1. venkat waiting from you POC and exploit details. Step by step, that I can reproduce. Like for newbie.
2. Only after this waiting money from AW_cards

 

[venkat]

It's very strange. Few things, that I want to say:
1. Bug bounty - this is a voluntary process, not a business. Site owner decides himself how much to pay.
2. There is a clear description of what a vulnerability should look like in order to be accepted into a bug bounty (could be even look at hackerone.com).
I read your PM and didn't see a clear POC that I could repeat (from the outside, not being the site owner or the attacker).

Therefore, I ask you to normalize the process.
1. venkat waiting from you POC and exploit details. Step by step, that I can reproduce. Like for newbie.
2. Only after this waiting money from AW_cards

yep , the payment & other things entirely depends on site owner , but however if the bug is not eligible , he should have just say "not accepted" , but he started a black for it ? , he goes mad only after the infos of third vuln poc i said " the attack (reacted) will take time again which i cant afford again " , & he should have just said " we wont accept the report " instead he said " we wont have any conversations" and created black !!!

 

[AW_cards]

yep , the payment & other things entirely depends on site owner , but however if the bug is not eligible , he should have just say "not accepted" , but he started a black for it ? , he goes mad only after the infos of third vuln poc i said " the attack (reacted) will take time again which i cant afford again " , & he should have just said " we wont accept the report " instead he said " we wont have any conversations" and created black !!!

I did not refuse to pay for the vulnerability, and even made an advance, but you refuse to provide details of the vulnerability. Please provide details of the vulnerability and you will be rewarded for it.

 

[venkat]

I did not refuse to pay for the vulnerability, and even made an advance, but you refuse to provide details of the vulnerability. Please provide details of the vulnerability and you will be rewarded for it.

Advance ? , you gave me the payment after i gave the explanation and PoC, as far i know thats how a bug bounty program works , if this is about the third vuln , an explanation has already given on BoS for unable to give more info.

P.S : " I can create this on windows movie player " - your words , Find it or Leave it by your own , i have nothiing to care about now

 

[bbi34yy]

You both guys got nothing to do?
Admin already said his decision.
You should obey and it will be solved ASAP.

What you are doing right now is wasting time of 3 individuals. Both of your time and admin's.
Please respect each other.

 

[TheProfessor786]

Reported two Vulns to their site

After sending the third Vuln PoC ( Which is most crtical , which may cause most damage to their business)

The admin's decision is fair; send details of POC and you will be paid...

Alternatively, throw off the details here in the topic and we will all test for ourselves)))

 

[AW_cards]

It's very strange. Few things, that I want to say:
1. Bug bounty - this is a voluntary process, not a business. Site owner decides himself how much to pay.
2. There is a clear description of what a vulnerability should look like in order to be accepted into a bug bounty (could be even look at hackerone.com).
I read your PM and didn't see a clear POC that I could repeat (from the outside, not being the site owner or the attacker).

Therefore, I ask you to normalize the process.
1. venkat waiting from you POC and exploit details. Step by step, that I can reproduce. Like for newbie.
2. Only after this waiting money from AW_cards

He keeps asking for more money. I see no reason to continue this blackout. Give him a scam status, as he received an advance payment.

 

[venkat]

He keeps asking for more money. I see no reason to continue this blackout. Give him a scam status, as he received an advance payment.

you do know atleast how a bug bounty program works ? anyway admin , It really doubt me now , how a noob can run a cc shop , i ask you to ban this noob out of the fourm

He keeps asking for more money. I see no reason to continue this blackout. Give him a scam status, as he received an advance payment.

just go ahead and say it as advance payment another time , your sites three vulns will be in public with PoC for free and how to exploit them

 

[External]

just go ahead and say it as advance payment another time , your sites three vulns will be in public with PoC for free and how to exploit them

it's better not to threaten someone when the admin is also watching the topic replies that too in a arbitration no less