Jump to content
malsploit

[xss] paypal.com

By malsploit, in Bug Bounty

Recommended Posts

Byte-ul Newbie

Byte-ul

Posted
Posted
crezi ca e fake?

Nu stiu daca e fake sau nu, dar nu stiu ce sa cred despre chestia cu "Home page". Toate paginile de Paypal pe care le-am vazut pana acum au "Home".

malsploit Newbie

malsploit

Posted
  • Author
Posted
Nu stiu daca e fake sau nu, dar nu stiu ce sa cred despre chestia cu "Home page". Toate paginile de Paypal pe care le-am vazut pana acum au "Home".

Nu ai vazut destule.

Poate de-aia am gasit eu xss-ul si nu tu :)

//daca e nevoie confirm existenta xss-ului cuiva din staf.

1337 Newbie

1337

Posted
Posted
Nu ai vazut destule.

Poate de-aia am gasit eu xss-ul si nu tu :)

//daca e nevoie confirm existenta xss-ului cuiva din staf.

inteligenta.png

Nu-i baga in seama, sunt ratati.

Tools used : Google + Brain.

Sper sa primesti cei 750$

malsploit Newbie

malsploit

Posted
  • Author
Posted
@hate.me ai folosit <script>alert(1)</script> pentru al gasi?

mi-am folosit <head><brain></head>

Vectorul apare in fereastra de la live httpheaders.

<scrip>alert("xss")</script>

Oricum am reusit sa-l fac sa mearga si prin get.

malsploit Newbie

malsploit

Posted
  • Author
Posted

Scuze de dublu post :)

Hello alex ,

Thank you for your participation in the PayPal Bug Bounty Program. Our security engineers have confirmed that your vulnerability submission is valid. After the vulnerability is fixed, we will notify you of the fix and issue you a bounty.

Please note that PayPal has a review board that meets regularly to determine the bounty amount and the priorities of the fixes. This process requires that we review each bug carefully, thus we request that you allow us some time before we communicate back to you.

Title: [Cross-Site-Scripting] paypal.com

UID: jj102***

Status: Validated and Awaiting Fix

Per the terms of the Bug Bounty Program, we ask that you do not disclose your finding to the public or to the media while we implement a fix.

We take pride in keeping PayPal the safer place for online payment.

Thank you so much for your patience!

PayPal Security Team

dekeeu Newbie

dekeeu

Posted
Posted
"we ask that you do not disclose your finding to the public or to the media while we implement a fix." Ai dracu tot ei iti dau ordine :))

La 750$ / xss-ul cred ca stai si in 4 labe :))

malsploit Newbie

malsploit

Posted
  • Author
Posted
La 750$ / xss-ul cred ca stai si in 4 labe :))

:)) s-ar putea sa dea mai mult putin. Filtrul e destul de ciudat. Trebuie injectati toti parametrii. Am avut si putin noroc cand l-am gasit.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...