Brewly - Worldwide Marketplace

Don't post the persons personal information but if you can somehow figure which meso members it is, do them so they can come in here and vouch for you.

I'm giving them time. My hope is that this is a misunderstanding and there is no need for drama. I thought about waiting until Monday, but it didn't feel right not being replied at when I'm reading him posting here.
 
Reported a vulnerability that falls directly under the scope a few days ago. Direct access to your customers addresses. Sadly my Bitcoin address is still empty.

Got some friendly mail from you, then you solved the issue, and finally you decided the best course of action would be to ghost me. Even if I was willing to compromise on 2500$.

Not posting from my real account as I'm a Colonial customer and I wouldn't like to be targeted or banned.

Hopefully Brewly or DragonOrdnance keep their word. As this post doesn't disclose any information regarding the specific vulnerability, and it has been solved already, I don't see it disqualifying me for the bounty itself.
So were you able to actually get access to customer information? Or did you just find a way that it may be able to be done? I’m curious about this since I registered over there also.

Definitely keeping an eye on this thread today, this should be interesting
 
I got access to the customers orders. That means order, address, and tracking.
If this guy can prove this @Brewly just lost 10 grand.

Also the bounty should remain in place because as I said before decrypted data is not the only way to attack.

This may be the end for brewly on meso. I would urge anyone thinking of using the site to wait or just order directly from said source.
 
@Brewly @DragonOrdnance
What do y'all have to say about this breach? You all planning on paying this man for taking the time to expose a vulnerability? I'm interested to hear how this turns out but it sounds like you boys need to transfer some bitcoins...
 
So, was the site really attacked and that’s why it was down or did they shut it down to make changes once they were hacked? Hmm..

If this guy really did gain access to customers orders then he definitely needs to be payed out

@Brewly @DragonOrdnance
 
So, was the site really attacked and that’s why it was down or did they shut it down to make changes once they were hacked? Hmm..

If this guy really did gain access to customers orders then he definitely needs to be payed out

@Brewly @DragonOrdnance

They took the website down to solve the issue I reported. Then they had a problem with their domain registrar, but that was unrelated.
 
So the site is vulnerable and the person who runs it doesn't pay his debts or keep his word. Yeah, that sounds way better than just ordering directly from my sources through secure e-mail...

Hard, hard pass.
iu
 
He might just be validating the results. Who gives up money just b/c...? Be patient...

^^^ Lol, there’s always at least one member in the fan club!

So the site was down for over a day. A guy posts that he was able to get in and see customer orders, addresses, emails, etc. and you’re still in favor of this???

We’re all just a bunch of dumb meatheads. If someone was able to get in just to see, then imagine what someone motivated by greed or laws would be able to do.

This whole thing needs to be abandoned. It’s already been compromised in less than a week.
 
Not a fan. I am just in that line of work. I know the Software Development Life Cycle. Validation is a must. Calm your tits.

You are aware that this isn’t really a legitimate venture? Like they have a team in R&D validating this?

Dude hacked in. Took screenshots and emailed. Wtf needs to be validated on the “Software Development Life Cycle”??

All this nerd talk and the thread will turn back to Lurping talk.
 
You are aware that this isn’t really a legitimate venture? Like they have a team in R&D validating this?

Dude hacked in. Took screenshots and emailed. Wtf needs to be validated on the “Software Development Life Cycle”??

All this nerd talk and the thread will turn back to Lurping talk.

I referenced the SDLC to show my familiarity with software development. However, whether you are developing or looking at logs, validation is a must for all process related to software/code/shityoudontunderstand.

Have you seen the screenshots?

Leaving it at that. Not sure why I try to get technical with you agro meatheads. I'll let this play out cause I don't care if this succeeds or not.
 
Back
Top