Jump to content
Sign in to follow this  
adicode

[XSS]*.redhat.com si sap.com (raportate rezolvate, hof)

Recommended Posts

Pe redhat majoritatea subdomeniilor daca nu erai logat si intrai pe o pagina unde necesita logarea redirect ul se facea prin service-now care avea un parametru prin GET vulnerabil. Nu am mai gasit poza exacta, am facut o poza dupa video ul de poc.

HNWHJYq.jpg

 

La sap.com la.fel era un XSS prin GET, postez poza diseară cand ajung.

 

Ambele raportate, rezolvate si ca recompensa am luat hof pe ambele. La redhat m au pus sa aleg in care vreau la service now sau redhat😂

  • Upvote 11

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×