malsploit Posted June 13, 2013 Report Share Posted June 13, 2013 (edited) http://3.bp.blogspot.com/-wiiI2jqJyYE/UbogmY0041I/AAAAAAAAALA/FPsCVnMDl3M/s1600/Screenshot+from+2013-06-13+22:35:02.png///E posibil sa fie si un blind Edited June 13, 2013 by hate.me 1 Quote Link to comment Share on other sites More sharing options...
Active Members akkiliON Posted June 13, 2013 Active Members Report Share Posted June 13, 2013 (edited) Pana la urma ai gasit ceva !Bravo ! Edited November 30, 2014 by akkiliON Quote Link to comment Share on other sites More sharing options...
Byte-ul Posted June 14, 2013 Report Share Posted June 14, 2013 In ce tara e Home page in loc de Home? Quote Link to comment Share on other sites More sharing options...
malsploit Posted June 14, 2013 Author Report Share Posted June 14, 2013 In ce tara e Home page in loc de Home?crezi ca e fake? Quote Link to comment Share on other sites More sharing options...
Byte-ul Posted June 14, 2013 Report Share Posted June 14, 2013 crezi ca e fake?Nu stiu daca e fake sau nu, dar nu stiu ce sa cred despre chestia cu "Home page". Toate paginile de Paypal pe care le-am vazut pana acum au "Home". Quote Link to comment Share on other sites More sharing options...
Active Members akkiliON Posted June 14, 2013 Active Members Report Share Posted June 14, 2013 Nu e fake Quote Link to comment Share on other sites More sharing options...
malsploit Posted June 14, 2013 Author Report Share Posted June 14, 2013 Nu stiu daca e fake sau nu, dar nu stiu ce sa cred despre chestia cu "Home page". Toate paginile de Paypal pe care le-am vazut pana acum au "Home".Nu ai vazut destule.Poate de-aia am gasit eu xss-ul si nu tu //daca e nevoie confirm existenta xss-ului cuiva din staf. Quote Link to comment Share on other sites More sharing options...
1337 Posted June 14, 2013 Report Share Posted June 14, 2013 Nu ai vazut destule.Poate de-aia am gasit eu xss-ul si nu tu //daca e nevoie confirm existenta xss-ului cuiva din staf.Nu-i baga in seama, sunt ratati.Tools used : Google + Brain.Sper sa primesti cei 750$ Quote Link to comment Share on other sites More sharing options...
Kay97 Posted June 14, 2013 Report Share Posted June 14, 2013 Te felicit, frumos lucrat. :> Quote Link to comment Share on other sites More sharing options...
malsploit Posted June 14, 2013 Author Report Share Posted June 14, 2013 Te felicit, frumos lucrat. :>sper sa ma lamuresc si in legatura cu posibilul sqli(blind) Quote Link to comment Share on other sites More sharing options...
th3me Posted June 14, 2013 Report Share Posted June 14, 2013 @hate.me ai folosit <script>alert(1)</script> pentru al gasi? Quote Link to comment Share on other sites More sharing options...
malsploit Posted June 14, 2013 Author Report Share Posted June 14, 2013 @hate.me ai folosit <script>alert(1)</script> pentru al gasi?mi-am folosit <head><brain></head>Vectorul apare in fereastra de la live httpheaders.<scrip>alert("xss")</script>Oricum am reusit sa-l fac sa mearga si prin get. Quote Link to comment Share on other sites More sharing options...
malsploit Posted June 24, 2013 Author Report Share Posted June 24, 2013 Scuze de dublu post Hello alex ,Thank you for your participation in the PayPal Bug Bounty Program. Our security engineers have confirmed that your vulnerability submission is valid. After the vulnerability is fixed, we will notify you of the fix and issue you a bounty.Please note that PayPal has a review board that meets regularly to determine the bounty amount and the priorities of the fixes. This process requires that we review each bug carefully, thus we request that you allow us some time before we communicate back to you.Title: [Cross-Site-Scripting] paypal.comUID: jj102***Status: Validated and Awaiting FixPer the terms of the Bug Bounty Program, we ask that you do not disclose your finding to the public or to the media while we implement a fix.We take pride in keeping PayPal the safer place for online payment.Thank you so much for your patience!PayPal Security Team Quote Link to comment Share on other sites More sharing options...
Matt Posted June 24, 2013 Report Share Posted June 24, 2013 "we ask that you do not disclose your finding to the public or to the media while we implement a fix." Ai dracu tot ei iti dau ordine Quote Link to comment Share on other sites More sharing options...
dekeeu Posted June 24, 2013 Report Share Posted June 24, 2013 "we ask that you do not disclose your finding to the public or to the media while we implement a fix." Ai dracu tot ei iti dau ordine La 750$ / xss-ul cred ca stai si in 4 labe Quote Link to comment Share on other sites More sharing options...
malsploit Posted June 24, 2013 Author Report Share Posted June 24, 2013 La 750$ / xss-ul cred ca stai si in 4 labe s-ar putea sa dea mai mult putin. Filtrul e destul de ciudat. Trebuie injectati toti parametrii. Am avut si putin noroc cand l-am gasit. Quote Link to comment Share on other sites More sharing options...
Active Members akkiliON Posted June 24, 2013 Active Members Report Share Posted June 24, 2013 Cat mai multe hate.me !Sper sa fie valid si al meu Quote Link to comment Share on other sites More sharing options...
Castiel Posted June 29, 2013 Report Share Posted June 29, 2013 Te-au dat ceva ?On : Bravo Quote Link to comment Share on other sites More sharing options...
malsploit Posted June 29, 2013 Author Report Share Posted June 29, 2013 trebuie sa astept acum.Vor da plata in 2 rate, deci mai dureaza. Quote Link to comment Share on other sites More sharing options...
Castiel Posted June 29, 2013 Report Share Posted June 29, 2013 Cand te plateste sa ne anunti si pe noi :> Quote Link to comment Share on other sites More sharing options...
Active Members akkiliON Posted June 29, 2013 Active Members Report Share Posted June 29, 2013 trebuie sa astept acum.Vor da plata in 2 rate, deci mai dureaza.Eu sunt curios când prime?ti prima rat? Quote Link to comment Share on other sites More sharing options...
Castiel Posted June 30, 2013 Report Share Posted June 30, 2013 Cred ca o sa ii dea vreo 100 de euro Quote Link to comment Share on other sites More sharing options...
qwerty12 Posted June 30, 2013 Report Share Posted June 30, 2013 nu cred ca iti da niciun ban Quote Link to comment Share on other sites More sharing options...
Active Members akkiliON Posted June 30, 2013 Active Members Report Share Posted June 30, 2013 Cred ca o sa ii dea vreo 100 de euro Eu zic c? trebuie s? primeasca 750 $ E in Paypal.com ! Nu în Paypal-*.com https://www.paypal.com/us/webapps/mpp/security-tools/reporting-security-issues nu cred ca iti da niciun ban Atâta timp cât au spus c? e valid? nu cred c? nu ar primii ceva ! Quote Link to comment Share on other sites More sharing options...
dekeeu Posted June 30, 2013 Report Share Posted June 30, 2013 Eu zic c? trebuie s? primeasca 750 $ E in Paypal.com ! Nu în Paypal-*.com https://www.paypal.com/us/webapps/mpp/security-tools/reporting-security-issuesAtâta timp cât au spus c? e valid? nu cred c? nu ar primii ceva ! Mai dau si tepe, poate nu asa des dar se intampla . Quote Link to comment Share on other sites More sharing options...