You might see that the Dropbox Community team have been busy working on some major updates to the Community itself! So, here is some info on what’s changed, what’s staying the same and what you can expect from the Dropbox Community overall.
Forum Discussion
Security Concern Want To Talk In Private.
Hello , My name is Mujtaba and i am a researcher in bugcrowd as galacticocean . i want to talk in private about a critical vulnerability that i have found in dropbox . you can give me an email address or make this post private if this is an option .
Hey GalacticOcean, sorry for jumping in.
To report a bug/potential vulnerability to the relevant department directly, I’d suggest doing so via Bugcrown, as mentioned here.
Thanks!
- Megan
Dropbox Staff
Hey there, GalacticOcean, I hope you're doing well!
As a starting point you can have a look at this article.
Now as for your request, would you be able to share some generic info here with us, in order to understand better what it is that you're looking for?
Let me know more, and we'll take it from there!
- Can you provide me email address so we can talk this in private without publicly disclosing .
I have found files in a dropbox subdomain website . which can contain sensitive info like email address , password of accounts and etc which are acquired by dropbox from the customers. These files are blank because some these files are written in server side language and some are configured in a way that a user can not see it . There is no barrier between the files and the user . user can access these files anytime without login . if you want to know the files name . ask me .
