Jump to content
RUTE

[XSS]avast.com

Recommended Posts

Posted

Titlu: AVAST.com - XSS (Cross-Side-Scripting)

Data: 2013-04-11

Categorie: Remote Exploit

Status: Raportat - Functionabil - Fara raspuns

Risk: HIGH

Platforma: PHP

Autor: RUTE

---------------------------------------------

99DuHDa.jpg

Info: Ca tot a pomenit akkilliON ca si astia au Bug Bounty, am zis sa incerc si eu :).

  • Active Members
Posted (edited)
This program is currently intended only for our product, i.e. not the website etc.

We’re generally only interested in these types of bugs (in the order of importance):

Remote code execution. These are the most critical bugs.

Local privilege escalation. That is, using Avast to e.g. gain admin rights from a non-admin account.

Denial-of-service (DoS). In case of Avast, that would typically be BSODs or crashes of the AvastSvc.exe process.

Escapes from the avast! Sandbox (via bugs in our code)

Certain scanner bypasses. These include include straightforward, clear bypasses (i.e. scenarios that lead to direct infection, with no additional user input), as opposed to things like deficiencies in the unpacking engine etc. In other words, we’re interested only in cases that cannot be mitigated by adding a new virus definition (please don’t report undetected malware)

Other bugs with serious security implications (will be considered on a case by case basis).

Bug Bounty Program

Edited by akkiliON

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...