View difference between Paste ID: <a href="/knDdWPz1">knDdWPz1</a> and <a href="/0rPg1uW7">0rPg1uW7</a>

We are ready to acquire information about the unique 0day vulnerabilities and 0day exploits.
1		We are ready to acquire information about the unique 0day vulnerabilities and 0day exploits.
2
3		RULES OF REPRESENTATION
4		We constantly buy 0day and Nday vulnerabilities and exploits. We do not pay for hypothetical vulnerabilities.
5		Please provide a brief technical description of the vulnerabilities and exploits on our form to our
6		e-mail: vulnsisrock@tuta.io
7		Your vulnerability will be analyzed and evaluated by us within 48 hours. Remuneration can be paid in cash,
8		bank transfers or anonymous transfers using crypto conversions. We are considering an additional premium
9		for exclusive conditions for us in the form of additional quarterly payments to researchers before disclosure
10		of the vulnerability.
11		Prices 0days can be higher than indicated in the table all depends on the quality of the exploits, we are
12		ready to negotiate the price on a bilateral basis.
13
14		We also provide the service ESCROW service when both parties can not agree and do not trust each other.
15		Agents and brokers are welcome, we pay high commissions for help in acquiring 0day vulnerabilities.
16		We reserve the right to refuse to purchase your materials.
17
18		PURCHASE TERMS
19		1. You discover a vulnerability and create a functional prototype of exploits (PoC)
20		2. You write a short technical description of the vulnerability found and send it to us.
21		3. Within 48 hours we will answer you in writing our interest and prevernuyu cost we are willing to pay you.
22		4. If you agree, you provide us with full technical information, including a functional prototype.
23		5. We check the exploit you provided and pay you a reward according to the method you selected within 24 hours.
24
25		If you have any counter proposals regarding the acquisition process, you can always contact us. We can organize
26		a personal meeting with you in practical any country in the world to personally discuss all the issues personally.
27
28		PRICE TABLE
29
30		+------------------------------------------+ +-------------------------+
31		\| INTEGRATED CIRCUITS \| \| SCADA PLC \|
32		\|------------------------------------------\| \|-------------------------\|
33		\|Smart Cards \| $100,000+ \| \| Siemens \| $30,000+ \|
34		\|Cellular SoC (MTK, Qualcomm) \| $50,000+ \| \| Honeywell \| $20,000+ \|
35		\|CPLD/FPGA \| $50,000+ \| \| Mitsubishi \| $15,000+ \|
36		\|Microcontrollers \| $30,000+ \| \| Omron \| $10,000+ \|
37		+------------------------------------------+ \| ABB \| $10,000+ \|
38		\| Schneider \| $10,000+ \|
39		\| Other \| $5,000+ \|
40		+---------------------+ +-------------------------+
41		\| ATM \|
42		\|---------------------\| +------------------------------------------------------+
43		\| Wincor \| $25,000+ \| \| NETWORK DEVICES \|
44		\| NCR \| $25,000+ \| \|------------------------------------------------------\|
45		\| Diebold \| $15,000+ \| \| Juniper \| $50,000+ \|
46		\| Other \| $15,000+ \| \| Cisco \| $50,000+ \|
47		+---------------------+ \| Sonicwall \| $50,000+ \|
48		\| F5 \| $50,000+ \|
49		+---------------------------+ \| SIP Avaya, Asterisk, Polycom and others \| $50,000+ \|
50		\| SMART TV \| \| Riverbed \| $50,000+ \|
51		\|---------------------------\| \| HP \| $10,000+ \|
52		\| Samsung \| $10,000+ \| \| Huawei \| $10,000+ \|
53		\| Sony \| $10,000+ \| \| Asus \| $5,000+ \|
54		\| Panasonic \| $10,000+ \| \| ZyXEL \| $5,000+ \|
55		\| LG \| $5,000+ \| \| Netgear \| $5,000+ \|
56		\| Home Appliance \| $5,000+ \| \| D-Link \| $5,000+ \|
57		+---------------------------+ \| Other \| $1,000+ \|
58		+------------------------------------------------------+
59
60		+-------------------------------------+ +---------------------------------+
61		\| IPMI \| \| GAMING CONSOLES \|
62		\|-------------------------------------\| \|---------------------------------\|
63		\| Sun SSP \| $100,000+ \| \| Xbox ONE X (RCE) \| $75,000+ \|
64		\| Dell DRAC \| $100,000+ \| \| Playstation 4 (RCE) \| $75,000+ \|
65		\| HP iLO \| $100,000+ \| \| Nintendo (RCE) \| $50,000+ \|
66		\| Supermicro IPMI \| $100,000+ \| +---------------------------------+
67		\| Cisco CIMC \| $50,000+ \|
68		\| VNC, Teamviewer, Radmin \| $50,000+ \|
69		\| Other \| $20,000+ \|
70		+-------------------------------------+
71		+---------------------------+
72		\| PERIPHERAL DEVICES \|
73		+---------------------------------------------------+ \|---------------------------\|
74		\| MOBILE DEVICES \| \| Scanners (RCE \| $30,000+ \|
75		\|---------------------------------------------------+ \| Printers (RCE) \| $30,000+ \|
76		\| Apple iOS (LCE,RJB) \| $2,500,000+ \| \| CCTV (RCE) \| $10,000+ \|
77		\| Android (RJB) \| $2,500,000+ \| +---------------------------+
78		\| SMS/MMS (RCE+LPE) (Any Mobile OS) \| $2,500,000+ \|
79		\| WiFi (RCE+LPE) (Any Mobile OS) \| $100,000+ \|
80		\| Bluetooth (RCE+LPE) (Any Mobile OS) \| $50,000+ \|
81		\| Sandbox Escape (Any Mobile OS) \| $30,000+ \|
82		\| WatchOS (LCE,RJB) \| $100,000+ \|
83		+---------------------------------------------------+
84
85		+-----------------------------------------+ +------------------------------------+
86		\| OPERATING SYSTEMS \| \| DATABASE SOFTWARE \|
87		\|-----------------------------------------\| \|------------------------------------\|
88		\| Windows Server (RCE, SE) \| $500,000+ \| \| MS SQL Server (RCE) \| $200,000+ \|
89		\| Windows 7/8.1/10 (LPE, SE) \| $150,000+ \| \| Oracale Database (RCE) \| $200,000+ \|
90		\| MacOS (LPE, SE) \| $50,000+ \| \| MongoDB (RCE) \| $150,000+ \|
91		\| Linux Desktop/Server (LPE) \| $50,000+ \| \| MySQL (RCE) \| $150,000+ \|
92		\| Virtual Machine Escape \| $150,000+ \| \| MS Access (RCE) \| $20,000+ \|
93		+-----------------------------------------+ +------------------------------------+
94
95		+-------------------------------------------------+
96		\| PRODUCTIVITY APPS \| +----------------------------------------+
97		\|-------------------------------------------------+ \| MESSENGERS \|
98		\| MS Office Word, Excel, PP (RCE) \| $250,000+ \| +----------------------------------------\|
99		\| Adobe PDF Reader all (RCE, SE) \| $250,000+ \| \| Telegram (RCE) \| $1,000,000+ \|
100		\| Adobe Flash Player (RCE, SE) \| $150,000+ \| \| WhatsApp (RCE) \| $1,000,000+ \|
101		\| Microsoft Silverlight(RCE, SE) \| $100,000+ \| \| Facebook Messenger (RCE) \| $250,000+ \|
102		\| Antivirus (RCE, LPE) \| $30,000+ \| \| WeChat (RCE) \| $250,000+ \|
103		+-------------------------------------------------+ \| Viber (RCE) \| $150,000+ \|
104		\| Imo (RCE) \| $150,000+ \|
105		\| Line (RCE) \| $150,000+ \|
106		+----------------------------------------+
107
108		+---------------------------------------+ +--------------------------------------------+
109		\| WEB SERVERS \| \| WEB BROWSERS \|
110		\|---------------------------------------\| \|--------------------------------------------\|
111		\| Microsoft IIS (RCE) \| $250,000+ \| \| Google Chrome all OS (RCE, SE) \| $300,000+ \|
112		\| MS Exchange Server (RCE) \| $300,000+ \| \| Microsoft Edge (RCE, SE) \| $300,000+ \|
113		\| Nginx (RCE) \| $300,000+ \| \| TOR Browser (RCE, SE) \| $300,000+ \|
114		\| Appache Server (RCE) \| $300,000+ \| \| Apple Safari OS X (RCE, SE) \| $250,000+ \|
115		\| Open SSL (RCE) \| $250,000+ \| \| Mozilla Firefox (RCE, SE) \| $150,000+ \|
116		\| Lotus Domino (RCE) \| $100,000+ \| +--------------------------------------------+
117		\| JBoss (RCE) \| $100,000+ \|
118		\| Appache Tomcat (RCE) \| $50,000+ \|
119		+---------------------------------------+
120		+----------------------------------+
121		+----------------------------------------------+ \| BUGTRACKERS \|
122		\| EMC \| \|----------------------------------\|
123		\|----------------------------------------------\| \| Redmine \| $30,000+ \|
124		\| Microsoft SharePoint \| $250,000+ \| \| Atlassian JIRA \| $30,000+ \|
125		\| IBM Fil-eNet \| $150,000+ \| \| Bugzilla \| $10,000+ \|
126		\| Oracle WebCenter \| $150,000+ \| \| Jenkins \| $10,000+ \|
127		\| OpenText Content Suite Platform \| $50,000+ \| \| Atlassian Confluence \| $10,000+ \|
128		+----------------------------------------------+ +----------------------------------+
129
130		+----------------------------+ +-----------------------------+
131		\| FTP \| \| CMS \|
132		\|----------------------------\| \|-----------------------------\|
133		\| Filezilla (RCE) \| $30,000+ \| \| Wordpress (RCE) \| $100,000+ \|
134		\| Titan (RCE) \| $20,000+ \| \| 1C Bitrix (RCE) \| $100,000+ \|
135		\| Serv-U (RCE) \| $20,000+ \| \| Joomla (RCE) \| $80,000+ \|
136		\| net2ftp (RCE) \| $20,000+ \| \| Wix (RCE) \| $25,000+ \|
137		+----------------------------+ \| Drupal (RCE) \| $25,000+ \|
138		+-----------------------------+
139
140		+--------------------------------------+
141		\| FORUMS \|
142		\|--------------------------------------\| +----------------------------------------------+
143		\| IP.Board (RCE) \| $50,000+ \| \| PLM and EPR \|
144		\| VBulletin (RCE) \| $50,000+ \| \|----------------------------------------------\|
145		\| Lithium communities (RCE) \| $50,000+ \| \| SAP \| $100,000+ \|
146		\| Mybb (RCE) \| $25,000+ \| \| Siemens Teamcenter \| $100,000+ \|
147		\| PHPbb (RCE) \| $25,000+ \| \| Oracle ERP \| $100,000+ \|
148		\| IP.Suite (RCE) \| $25,000+ \| \| Oracle Agile PLM \| $100,000+ \|
149		\| XenForo \| $20,000+ \| \| SPTC Windchill PLM \| $50,000+ \|
150		\| Woltlab BB (RCE) \| $20,000+ \| \| MentorGraphics HyperLynx SI PLM \| $50,000+ \|
151		+--------------------------------------+ \| Enovia PLM \| $30,000+ \|
152		+----------------------------------------------+
153
154		+------------------------------------------+
155		\| MAIL SERVERS \| +-------------------------------+
156		\|------------------------------------------\| \| HOSTING PANELS \|
157		\| Microsoft Outlook OWA (RCE) \| $200,000+ \| \|-------------------------------\|
158		\| Sendmail (RCE) \| $120,000+ \| \| cPanel (RCE) \| $75,000+ \|
159		\| IBM Lotus Domino (RCE) \| $100,000+ \| \| Plesk (RCE) \| $75,000+ \|
160		\| Horde (RCE) \| $50,000+ \| \| Direct Admin (RCE) \| $25,000+ \|
161		\| Roundcube (RCE) \| $50,000+ \| \| Other (RCE) \| $10,000+ \|
162		\| Squirellmail (RCE) \| $50,000+ \| +-------------------------------+
163		\| Other mail servers (RCE) \| $25,000+ \|
164		+------------------------------------------+
165
166		LPE - Local Privilege Escalation
167		RCE - Remote Code Execution
168		SE - Sandbox Escape
169		RJB - Remote Jailbreak
170		LCE - Local Code Execution (physical access to device)
171
172		In addition to vulnerabilities, we are interested in obtaining various research results, such as:
173		- Deanonimization of TOR network resources
174		- Bypassing ASLR, DEP, UAC and other security mechanisms
175		- Attack vectors for remote code execution on devices via GSM, Bluetooth and WiFi
176		- Vulnerabilities on mobile chipsets
177		- Innovative detour of antiviruses
178		- Other research results and technical information.
179
180
181
182		EXPLOIT TECHNICAL INFORMATION
183		All questions should have the most detailed answers from this depends on
184		what price we will offer you for your 0day exploit.
185		1. Item name : _____________________________________________________________________
186		2. Asking Price and availability of exclusive acquisition : ________________________
187		3. Affected OS: ________________________
188		4. Vulnerable Target application versions and reliability. If 32 bit only, is 64 bit vulnerable?
189		List complete point release range. ________________________________________________
190		5. Tested, functional against target application versions, list complete point release range.
191		Explain ________________________________________________
192		6. Does this exploit affect the current target version?
193		[ ] Yes
194		[ ] No
195		7. Privilege Level Gained
196		[ ] As logged in user (Select Integrity level below for Windows)
197		[ ] Web Browser's default (IE - Low, Others - Med)
198		[ ] Low
199		[ ] Medium
200		[ ] High
201		[ ] Root, Admin or System
202		[ ] Ring 0/Kernel
203		[ ] Other
204		8. Minimum Privilege Level Required For Successful PE
205		[ ] As logged in user (Select Integrity level below for Windows)
206		[ ] Low
207		[ ] Medium
208		[ ] High
209		[ ] N/A
210		[ ] Other ________________________
211		9. Exploit Type (select all that apply)
212		[ ] Remote code execution
213		[ ] Privilege escalation
214		[ ] Font based
215		[ ] Sandbox escape
216		[ ] Information disclosure (peek)
217		[ ] Code signing bypass
218		[ ] Persistency
219		[ ] Other ________________________
220		10. Delivery Method
221		[ ] Via web page
222		[ ] Via file
223		[ ] Via network protocol
224		[ ] Local privilege escalation
225		[ ] Other (please specify) ________________________
226		11. Bug Class
227		[ ] memory corruption
228		[ ] design/logic flaw (auth-bypass / update issues)
229		[ ] input validation flaw (XSS/XSRF/SQLi/command injection, etc.)
230		[ ] misconfiguration
231		[ ] information disclosure
232		[ ] cryptographic bug
233		[ ] denial of service
234		12. Number of bugs exploited in the item: ________________________
235		13. Exploitation Parameters
236		[ ] Bypasses ASLR
237		[ ] Bypasses DEP / W ^ X
238		[ ] Bypasses Application Sandbox
239		[ ] Bypasses SMEP/PXN
240		[ ] Bypasses EMET Version 5.52±
241		[ ] Bypasses CFG (Win 8.1)
242		[ ] N/A
243		14. Is ROP employed?
244		[ ] No
245		[ ] Yes (but without fixed addresses)
246		- Number of chains included?
247		________________________
248		- Is the ROP set complete?
249		________________________
250		- What module does ROP occur from?
251		________________________
252		15. Does this item alert the target user?
253		Explain ______________________________________________
254		16. How long does exploitation take, in seconds?
255		17. Does this item require any specific user interactions?
256		18. Any associated caveats or environmental factors? For example - does the exploit determine
257		remote OS/App versioning,and is that required? Any browser injection method requirements?
258		For files, what is the access mode required for success?
259		19. Does it require additional work to be compatible with arbitrary payloads?
260		[ ] Yes
261		[ ] No
262		20. Is this a finished item you have in your possession that is ready for delivery immediately?
263		[ ] Yes
264		[ ] No
265		[ ] 1-5 days
266		[ ] 6-10 days
267		[ ] More: _______________________________
268		21. Impact on framework (crashes, etc.) ____________________________________________________
269		22. Success rate (or number of necessary attempts) _________________________________________
270		23. Does this item support continuation of execution?
271		24. Description. Detail a list of deliverables including documentation.
272		25. Testing Instructions : _________________________________________________________________
273		26. Comments and other notes; unusual artifacts, other limitations, mitigations or other
274		pieces of information : ________________________________________________________________