I’ve been meaning to write about this for a while. It all started back in July 2015 when I decided to look for vulnerabilities in Imgur, an incredibly popular image sharing platform. The reason I chose Imgur was because I frequently visited the site and I was already familiar with how the site worked. After a short amount of time searching I managed to find some common vulnerabilities; XSS, clickjacking, and a whole load of CSRF issues.
Reporting the issues proved to be a little difficult. The only way I could see to contact Imgur was through their support system which wasn’t suitable for reporting security issues. Eventually, August 1st, I wrote up a report detailing the issues, shipped an email off to firstname.lastname@example.org, and waited. But not for long.