Responsible security disclosures
Hey Hackers, whats been your experience with Indian companies when it comes to responsible disclosures?
Mine: found a RCE and mailed a tech startup, said they will pay. its been qn yeqr since waiting for that amount to land in my account!!!! Indian companies are the worst. no ethics
Found IDOR in one of the top Indian hospital group, mailed them with a POC, called them, even had explained them multiple times. Despite multiple follow ups, there is no response and the issue still persists. Discloses millions of health records. Its been more than 1.5 yrs
Put out a thread and hope it gets traction. A friend of mine, Nandan Kumar, made a thread on Twitter about how he was able to retrieve some sensitive customer data simply by inspecting element on the browser. Search for "Nandan Kumar Indigo" and you'll find it.
He didn't get anything from Indigo, but it got him a bunch of traction from media and offers from other companies.
Myntra good
They are not gonna pay.
You are better off exploiting those issues and making money that way 😛