PSA: If you go out of scope on a bug bounty program you might be breaking the law (standard IANAL disclaimer applies obv). I know it sucks to get an informative, N/A, or just no bounty, but compared to being prosecuted it's not so bad.
2
5
50
Replying to @TomNomNom
Good way to get banned from bug bounty programs too. Companies will check the logs to see if bug was exploited by criminals, which will include you if you go out of scope.

Jul 11, 2019 · 2:38 AM UTC

1
This tweet is unavailable
Yes, hard to know if it’s a researcher who overstepped their scope or a criminal trying to double-dip (exploit the vuln, then get paid to report it).