Bug, $50K+ in bounties: how Zendesk left a backdoor in companies
gist.github.com> Personally, I’ve always found it surprising that these massive companies, worth billions, rely on third-party tools like Zendesk instead of building their own in-house ticketing systems.
The same reason hackers/developers, use existing tools instead of writing their own. Of course it is more efficient. But also, if they did it themselves it would be much worse, buggier, and likely vulnerable than using something from a third party that's focusing on that one thing. To put it another way, the self made ones would have more and worse problems than the ones found in many third party tools.
Great find, it's a shame Zendesk didn't pay a bounty (very stupid Imo) but at least you got some bounties from reporting it to affected companies.
Not sure why this got flagged, unless related to the "keep it up" comments? It's an interesting read ...
great job astroturfers, keep it up
(as a devops/security minded engineer) ...and companies wonder how supply chain attacks are possible