Jump to content
sensi

[XSS] Paypal.com

Recommended Posts

  • Active Members
Posted

felicitari:) sper sa primesti recompensa cuvenita;)

Ca si o mica paranteza ce ai acolo jos nu este o eroare posibil ca acei parametri sa fie iesiti din tagul script si sa fie afisati in pagina

gj:)

Posted
- Exploit: Paypal.com - Cross Site Scripting

- Author: sensi

- Browser: Firefox 23.0

- Status: Reported!

- P.o.C:

301859dbe6.png

Error:

2174205507.png

congratulations bro,

one question: how you found this bug [xss]

were you logged in?

I see you inside this shop paypal, thanks

Posted
congratulations bro,

one question: how you found this bug [xss]

were you logged in?

I see you inside this shop paypal, thanks

It says "Log out" at top... So what do you think?

Posted

In primul rand vreau sa-mi cer scuze pentru dublu post!

Hello ---------, ([U]vreau sa precizez ca nici nu mi-au scris numele corect[/U])

Thank you for participating in the PayPal Bug Bounty Program. We regret to inform you that your bug submission was not eligible for a bounty as this bug was already discovered by another researcher.
Title: [Cross-Site-Scripting] www.paypal.com
UID: yx1175uS

Thank you for your participation.

We take pride in keeping PayPal the safer place for online payment.

Thank you,
PayPal Security Team

XSS-ul era ceva asemanator cu cel care l-am gasit aici, deci slabe sanse sa fi gasit altcineva...

MUIE PAYPAL!

Posted (edited)

La primul XSS persistent ma vezi pe black ;))

Nu vreau sa incurajez asta, dar asta e adevarul, pe black scoti mult mai mult. :))

Edited by sensi
Posted

Si exista vreo metoda daca, intr-adevar, a fost deja gasita vulnerabilitatea postata de tine? Asa ar putea face la fiecare vulnerabilitate, sa zica ca a fost gasita deja si sa-si rezolve toate bresele de securitate pe gratis. Tre sa fac si eu un program Bug Bounty pe site-urile mele si nu-mi mai trebuie nici acunetix, nici Cyber Smart Defence ... :)) rezolv toata treaba pe gratis.

Posted

Raspuns de la CISCO

NUME;

Thank you for contacting Cisco PSIRT. This appears to be a
vulnerability in Cisco infrastructure. PSIRT deals with vulnerabilities
in Cisco products, while CSIRT deals with vulnerabilities in Cisco
infrastructure. As such, this issue will be handled by our CSIRT/InfoSec
team as it is not a direct product vulnerability, but an issue in Cisco
infrastructure. I'm forwarding your message to CSIRT. They should reply
to you shortly, and will look into the reported issue.

Regards,
Scott

Nici pana acum nu am mai primit vreun mail de la ei...mai bine nu le ziceam...

Posted
Si exista vreo metoda daca, intr-adevar, a fost deja gasita vulnerabilitatea postata de tine? Asa ar putea face la fiecare vulnerabilitate, sa zica ca a fost gasita deja si sa-si rezolve toate bresele de securitate pe gratis. Tre sa fac si eu un program Bug Bounty pe site-urile mele si nu-mi mai trebuie nici acunetix, nici Cyber Smart Defence ... :)) rezolv toata treaba pe gratis.

este cu doua taisuri faza cu duplicatul. pentru ca la un moment dat lumea nu va mai raporta ci va exploata.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...