Why saying the report "Needs more info" ! mark it n/a and move on to the next one to maintain KPI compliance, HackerOne is fine with that.
So i wrote this Attack chain with 4 parts, were part 2 is the crucial one in scope , triager wasn't able to reproduce part 2, so he did what ? he asked for more infos ? a detailed video POC other than the one i already provided? you bet he didn't! right from the very first comment, he said because he wasn't able to reproduce, now parts 1 and 3 of the attack chain are considered are out scope, and part 4, which is a a textbook Business Logic Flaw (CWE-841), said its working as intended 😂
Recorded another POC video showing were he got the reproduction wrong, but never got any answer. now i bet my findings will go unnoticed because of a triager who want to close as many reports as he can with least effort, if another researcher got lucky to have its report reviewed by a qualified triager, he will be the one awarded the bounty and my resubmission will be the duplicate, i see that coming with these so called Bug Bounty Lottery Programs. I'm fine with resubmissions because triagers are human beings who make mistakes, but when their mistakes causes a researcher's signal to drop, and so he can't even ask for mediation, that's just wrong!
Guess it's just how it is 😒, if you can't find complex vulnerabilities yourself, you can be on the other side reviewing them.
edit: unfortunately! i got the same triager handling my resubmission, he marked it as a duplicate for the one he marked n/a because he couldn't reproduce. and as always, "best regards" 🤡
