dekeeu Posted April 16, 2013 Report Posted April 16, 2013 Title: Billsafe.de - Stored XSSSecurity Reward Program : Reporting Security IssuesAffected Product: Billsafe Inc.Date: 12.04.2013Severity: Medium-High.Status: Fixed . http://www.youtube.com/watch?v=ucVQpx7duq0 Quote
mah_one Posted April 16, 2013 Report Posted April 16, 2013 Felicitari!Am primit si eu 500$ pe unul, nu filtra nici un caracter, dar avea protectie la anumite tag-uri. Am zis sa incerc object tag si a mers:https://client.billsafe.de/search/perform-claim-search/orderc/Käufer/dirc/etc'"><object data=jAvascriPt:alert(1)>EHcabe XSS client.billsafe.de XSS #2 on client.billsafe.de Duplicate (este exact ala din video) Quote
