RUTE Posted April 11, 2013 Report Share Posted April 11, 2013 Titlu: AVAST.com - XSS (Cross-Side-Scripting)Data: 2013-04-11Categorie: Remote ExploitStatus: Raportat - Functionabil - Fara raspunsRisk: HIGHPlatforma: PHPAutor: RUTE---------------------------------------------Info: Ca tot a pomenit akkilliON ca si astia au Bug Bounty, am zis sa incerc si eu . Quote Link to comment Share on other sites More sharing options...
Active Members akkiliON Posted April 11, 2013 Active Members Report Share Posted April 11, 2013 (edited) // nimic Edited April 24, 2013 by akkiliON Quote Link to comment Share on other sites More sharing options...
RUTE Posted April 11, 2013 Author Report Share Posted April 11, 2013 Mersi akkiliON ! Quote Link to comment Share on other sites More sharing options...
gr4ande440 Posted April 11, 2013 Report Share Posted April 11, 2013 Bravo Quote Link to comment Share on other sites More sharing options...
Active Members akkiliON Posted April 11, 2013 Active Members Report Share Posted April 11, 2013 (edited) This program is currently intended only for our product, i.e. not the website etc.We’re generally only interested in these types of bugs (in the order of importance):Remote code execution. These are the most critical bugs.Local privilege escalation. That is, using Avast to e.g. gain admin rights from a non-admin account.Denial-of-service (DoS). In case of Avast, that would typically be BSODs or crashes of the AvastSvc.exe process.Escapes from the avast! Sandbox (via bugs in our code)Certain scanner bypasses. These include include straightforward, clear bypasses (i.e. scenarios that lead to direct infection, with no additional user input), as opposed to things like deficiencies in the unpacking engine etc. In other words, we’re interested only in cases that cannot be mitigated by adding a new virus definition (please don’t report undetected malware)Other bugs with serious security implications (will be considered on a case by case basis).Bug Bounty Program Edited April 24, 2013 by akkiliON Quote Link to comment Share on other sites More sharing options...
RUTE Posted April 11, 2013 Author Report Share Posted April 11, 2013 @akkiliON Eh, lasa, ca oricum de cand am Avast nu am avut probleme cu virusii. E un fel de rasplata, sa zic . Quote Link to comment Share on other sites More sharing options...
malsploit Posted April 11, 2013 Report Share Posted April 11, 2013 Eu le-am raportat un lfi si dupa 2 saptamani mi-au trimis o licenta pe 2 ani. Initial doar mi-au multumit, dar s-au razgandit si a prins bine la vremea aia. Quote Link to comment Share on other sites More sharing options...