Bug, $50K+ in bounties: how Zendesk left a backdoor in companies(gist.github.com)
gist.github.com
Bug, $50K+ in bounties: how Zendesk left a backdoor in companies
https://gist.github.com/hackermondev/68ec8ed145fcee49d2f5e2b9d2cf2e52
10 comments
Great find, it's a shame Zendesk didn't pay a bounty (very stupid Imo) but at least you got some bounties from reporting it to affected companies.
Not sure why this got flagged, unless related to the "keep it up" comments? It's an interesting read ...
great job astroturfers, keep it up
[deleted]
(as a devops/security minded engineer)
...and companies wonder how supply chain attacks are possible
[deleted]
The same reason hackers/developers, use existing tools instead of writing their own. Of course it is more efficient. But also, if they did it themselves it would be much worse, buggier, and likely vulnerable than using something from a third party that's focusing on that one thing. To put it another way, the self made ones would have more and worse problems than the ones found in many third party tools.