RUTE Posted April 11, 2013 Report Posted April 11, 2013 Titlu: AVAST.com - XSS (Cross-Side-Scripting)Data: 2013-04-11Categorie: Remote ExploitStatus: Raportat - Functionabil - Fara raspunsRisk: HIGHPlatforma: PHPAutor: RUTE---------------------------------------------Info: Ca tot a pomenit akkilliON ca si astia au Bug Bounty, am zis sa incerc si eu . Quote
Active Members akkiliON Posted April 11, 2013 Active Members Report Posted April 11, 2013 (edited) // nimic Edited April 24, 2013 by akkiliON Quote
Active Members akkiliON Posted April 11, 2013 Active Members Report Posted April 11, 2013 (edited) This program is currently intended only for our product, i.e. not the website etc.We’re generally only interested in these types of bugs (in the order of importance):Remote code execution. These are the most critical bugs.Local privilege escalation. That is, using Avast to e.g. gain admin rights from a non-admin account.Denial-of-service (DoS). In case of Avast, that would typically be BSODs or crashes of the AvastSvc.exe process.Escapes from the avast! Sandbox (via bugs in our code)Certain scanner bypasses. These include include straightforward, clear bypasses (i.e. scenarios that lead to direct infection, with no additional user input), as opposed to things like deficiencies in the unpacking engine etc. In other words, we’re interested only in cases that cannot be mitigated by adding a new virus definition (please don’t report undetected malware)Other bugs with serious security implications (will be considered on a case by case basis).Bug Bounty Program Edited April 24, 2013 by akkiliON Quote
RUTE Posted April 11, 2013 Author Report Posted April 11, 2013 @akkiliON Eh, lasa, ca oricum de cand am Avast nu am avut probleme cu virusii. E un fel de rasplata, sa zic . Quote
malsploit Posted April 11, 2013 Report Posted April 11, 2013 Eu le-am raportat un lfi si dupa 2 saptamani mi-au trimis o licenta pe 2 ani. Initial doar mi-au multumit, dar s-au razgandit si a prins bine la vremea aia. Quote
