Here goes. Let’s say a bug was submitted and a bugcrowd analyst engages you on it.
According to the guidelines of the particular bounty, a researcher may only create an account on the target using his/her bugcrowd ID.
Now, bugcrowd analysts are extremely helpful, but oddly hardnosed(great combination, by the way:grinning:), he takes a look at the submission and after a few lines of chat , he goes “show me with another account”.
The thing is , only one account is permitted, i cant open another, i dare not come out from under the bugcrowd cover. during our chat, while i’m poking around, , suddenly another bug comes up, which surprises the hell out of me.
I submit a seperate issue, and i’m engaged, sometime during this he says “please provide an account to test what you say happened” and we are back to the top of the loop
Im doing everything i can to convince the analyst that what i said is exactly what happened, everything but sending my parent’s wedding pictures:grin:, but he says no dice.
Now, i want to get to the bottom of this too, great learning experience. So if its a bugcrowd managed bounty and Crowd Control is in full effect, i was just wondering if he couldnt take a look under the hood and just follow activities done against my ID on the target to verify my point, or prove me wrong at least.
Cant divulge details of the target or submission, i’m sure you understand:wink: