Jump to content
mah_one

PP bug bounty

Recommended Posts

Posted

Am primit urmatorul email de la paypal si m-am gandit ca poate pe unii o sa va ajute.

Hello-

This message is to notify you of a current update to sites that are eligible for Bug Bounty Submissions.


Our second party hosted sites (www.paypal-*.com) are mainly marketing based sites that are not part of the core paypal domains (*paypal.com) and are managed by hosting vendor companies. They do not retain as long a lifecycle as the core domains and can have a more volatile timeline as many are tied to projects and regional initiatives. Due to their many times frequent updates, the list will not be maintained on the terms and conditions page. For your own reference, I have provided you a list of sites currently in process of being decommissioned and therefore not eligible for Bug Bounty processing.





Sites to be decommissioned in coming months:



paypal-deutschland.de

paypal-danmark.dk

paypal-promo.es

paypal-europe.com

paypal-france.fr

paypal-nederland.nl

paypal-norge.no

paypal-marketing.pl

paypal-sverige.se

paypal-turkiye.com

paypal-business.co.uk

paypal-marketing.co.uk

paypal-shopping.co.uk

paypal-australia.com.au

paypal-biz.com

paypal-business.com.hk

paypal-marketing.com.hk

paypal-offers.com.hk

paypal-shopasia.com

paypal-japan.com

paypal-apac.com

paypal-plaza.com

thepaypalblog.com

www.paypal-brasil.com.br

paypal-marketing.ca



The sites in scope of the program are:



· .*paypal.com domains

· Other PayPal Companies

o Zong

o BillMeLater

o Where

o Microplace

o Card.io

o Billsafe

· Partner Sites

o www.paypal-*.com domains (not including the deprecated sites list shared with you)

o any Paypal branded sites including www.thepaypalblog.com and ppmts.custhelp.com





Thank You,

PayPal Site Security

O zi buna,

mah_one

Posted (edited)

Ah ! Ok :) Pacat !

// " I have provided you a list of sites currently in process of being decommissioned and therefore not eligible for Bug Bounty processing. "

Edited by nAb.h4x
Posted (edited)
Eu zic sa il trimiti si in caz de nu il valideaza le spui si tu ca pe site la ei scrie ca domeniul ala e in scop.

Dar am auzit ca trebuie sa am contul verificat (daca e sa ma calific pt o recompensa) :)

Si eu nu il am ! Imi trebuie card ! Am sa vad ce o sa fac ! Multumesc de informatie !

//Apropo, tu ai mai facut asa si ti-or dat ceva pana la urma ? :))

Edited by nAb.h4x
Posted
Fratele meu a trimis un Dom XSS si nu avea cont, si-a facut abia dupa ce i-a fost validat.

Pai si el nu a verificat contul ? Plus ca al meu e si limitat ca imi cere card sa imi fac ca sa il deblochez :)))

Dar si el unde a gasit Dom XSS ? In paypal.com ?

Posted (edited)

defapt eu l-am gasit, si i l-am facut cadou, am zis ca poate incepe sa ii placa sa caute probleme.

In main domain l-am gasit.

Oricum am vreo 7 XSS submited:)), 1 duplicated restul valide

Sunt cateva invalide din cauza ca nu au stiut sa le reproduca

2.jpg

Edited by mah_one
Posted (edited)
defapt eu l-am gasit, si i l-am facut cadou, am zis ca poate incepe sa ii placa sa caute probleme.

In main domain l-am gasit.

Oricum am vreo 7 XSS submited:)), 1 duplicated restul valide

Sunt cateva invalide din cauza ca nu au stiut sa le reproduca

2.jpg

Wow ! Nice job :)

Deci ce zici ? Sa il raportez chiar daca mi-e contul limitat ? :-?

Edited by nAb.h4x
Posted
Nu ai ce sa pierzi.....

Pai crezi ca poate sa imi faca plata daca mi-e limitat contul ? :)))

Intr-un fel ar putea :)) Dar na nu stiu ce sa zic :-??

Mai astept unpic ! Si chiar daca il gaseste altcineva asta e ! Nu e ultimul .... Si in 10 min l-am gasit ! Mai mult nu mi-a luat !

Oricum multumesc de incurajare si de informatii ! Mai putini vad care te incurajeaza pe aici :)

Posted

Raporteaza-l repede, ca o sa se uite altii care au vazut acest topic, nu tre sa dai cont acum, dai mai tarziu.

Fratele meu a dat bugul in decembrie anul trecut, acum o saptamana a primit mail de la ei ca e valid si si-a facut cont acum o satpamana + a pus card pe el ca sa le zica unde sa trimita banii.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...