I always love reading writeups of these vulnerabilities.
On a related note, I love that bug bounty programs are becoming more popular. Still too rare, but great. That said, the majority of companies out there still make reporting vulnerabilities tough. I've reported a number of vulnerabilities, and all but a few companies had no security@ email address nor a security contact under Contact Us. The tech/admin contact of the DNS record often does the trick, but doesn't always work.
Please, companies, make it easier for us to report security vulnerabilities!
On a related note, I love that bug bounty programs are becoming more popular. Still too rare, but great. That said, the majority of companies out there still make reporting vulnerabilities tough. I've reported a number of vulnerabilities, and all but a few companies had no security@ email address nor a security contact under Contact Us. The tech/admin contact of the DNS record often does the trick, but doesn't always work.
Please, companies, make it easier for us to report security vulnerabilities!