sensi Posted August 19, 2013 Report Share Posted August 19, 2013 - Exploit: Paypal.com - Cross Site Scripting- Author: sensi- Browser: Firefox 23.0- Status: Reported!- P.o.C:Error: Quote Link to comment Share on other sites More sharing options...
Active Members dancezar Posted August 19, 2013 Active Members Report Share Posted August 19, 2013 felicitari:) sper sa primesti recompensa cuvenita;)Ca si o mica paranteza ce ai acolo jos nu este o eroare posibil ca acei parametri sa fie iesiti din tagul script si sa fie afisati in paginagj:) Quote Link to comment Share on other sites More sharing options...
sensi Posted August 19, 2013 Author Report Share Posted August 19, 2013 Multumesc! Quote Link to comment Share on other sites More sharing options...
dekeeu Posted August 19, 2013 Report Share Posted August 19, 2013 Nu cred ca e eroare, cred ca ai inchis tagul <script> mai devreme decat trebuia si au ramas datele alea aruncate aiurea prin pagina.Bravo, sa-ti iei banii ! Quote Link to comment Share on other sites More sharing options...
d33nis Posted August 19, 2013 Report Share Posted August 19, 2013 Felicitari. La cat mai multe.Cand primesti rasplata, sa ne spui si noua in ce a constat si cat, daca e vorba despre $$. Quote Link to comment Share on other sites More sharing options...
sensi Posted August 19, 2013 Author Report Share Posted August 19, 2013 Teoretic ar trebuii sa primesc 750$ Quote Link to comment Share on other sites More sharing options...
d33nis Posted August 19, 2013 Report Share Posted August 19, 2013 Eheee, ai si tu de un suc. Sau de un frigider (nou nout) cu sticle cu suc. Chiar is curios care va fi rasplata. Quote Link to comment Share on other sites More sharing options...
Darkb0t Posted August 19, 2013 Report Share Posted August 19, 2013 - Exploit: Paypal.com - Cross Site Scripting- Author: sensi- Browser: Firefox 23.0- Status: Reported!- P.o.C:Error:congratulations bro,one question: how you found this bug [xss]were you logged in?I see you inside this shop paypal, thanks Quote Link to comment Share on other sites More sharing options...
Byte-ul Posted August 19, 2013 Report Share Posted August 19, 2013 congratulations bro,one question: how you found this bug [xss]were you logged in?I see you inside this shop paypal, thanksIt says "Log out" at top... So what do you think? Quote Link to comment Share on other sites More sharing options...
sensi Posted August 19, 2013 Author Report Share Posted August 19, 2013 Yes, I was logged and thanks. Quote Link to comment Share on other sites More sharing options...
tudor13mn13 Posted August 19, 2013 Report Share Posted August 19, 2013 Bravo pentru XSS .SPer sa primesti reward Quote Link to comment Share on other sites More sharing options...
1337 Posted August 19, 2013 Report Share Posted August 19, 2013 Congrats. Quote Link to comment Share on other sites More sharing options...
sensi Posted August 19, 2013 Author Report Share Posted August 19, 2013 Mersi baieti! Quote Link to comment Share on other sites More sharing options...
sensi Posted August 20, 2013 Author Report Share Posted August 20, 2013 In primul rand vreau sa-mi cer scuze pentru dublu post!Hello ---------, ([U]vreau sa precizez ca nici nu mi-au scris numele corect[/U])Thank you for participating in the PayPal Bug Bounty Program. We regret to inform you that your bug submission was not eligible for a bounty as this bug was already discovered by another researcher.Title: [Cross-Site-Scripting] www.paypal.comUID: yx1175uSThank you for your participation.We take pride in keeping PayPal the safer place for online payment.Thank you,PayPal Security TeamXSS-ul era ceva asemanator cu cel care l-am gasit aici, deci slabe sanse sa fi gasit altcineva...MUIE PAYPAL! Quote Link to comment Share on other sites More sharing options...
Active Members akkiliON Posted August 20, 2013 Active Members Report Share Posted August 20, 2013 Bun venit in lumea mea. Quote Link to comment Share on other sites More sharing options...
sensi Posted August 20, 2013 Author Report Share Posted August 20, 2013 (edited) La primul XSS persistent ma vezi pe black Nu vreau sa incurajez asta, dar asta e adevarul, pe black scoti mult mai mult. Edited August 20, 2013 by sensi Quote Link to comment Share on other sites More sharing options...
florin_darck Posted August 20, 2013 Report Share Posted August 20, 2013 Bun venit in lumea mea.Noastra* Quote Link to comment Share on other sites More sharing options...
GarryOne Posted August 20, 2013 Report Share Posted August 20, 2013 Si exista vreo metoda daca, intr-adevar, a fost deja gasita vulnerabilitatea postata de tine? Asa ar putea face la fiecare vulnerabilitate, sa zica ca a fost gasita deja si sa-si rezolve toate bresele de securitate pe gratis. Tre sa fac si eu un program Bug Bounty pe site-urile mele si nu-mi mai trebuie nici acunetix, nici Cyber Smart Defence ... rezolv toata treaba pe gratis. Quote Link to comment Share on other sites More sharing options...
xGenera1u Posted August 20, 2013 Report Share Posted August 20, 2013 Raspuns de la CISCONUME; Thank you for contacting Cisco PSIRT. This appears to be avulnerability in Cisco infrastructure. PSIRT deals with vulnerabilitiesin Cisco products, while CSIRT deals with vulnerabilities in Ciscoinfrastructure. As such, this issue will be handled by our CSIRT/InfoSecteam as it is not a direct product vulnerability, but an issue in Ciscoinfrastructure. I'm forwarding your message to CSIRT. They should replyto you shortly, and will look into the reported issue.Regards,ScottNici pana acum nu am mai primit vreun mail de la ei...mai bine nu le ziceam... Quote Link to comment Share on other sites More sharing options...
Renegade Posted August 20, 2013 Report Share Posted August 20, 2013 Si exista vreo metoda daca, intr-adevar, a fost deja gasita vulnerabilitatea postata de tine? Asa ar putea face la fiecare vulnerabilitate, sa zica ca a fost gasita deja si sa-si rezolve toate bresele de securitate pe gratis. Tre sa fac si eu un program Bug Bounty pe site-urile mele si nu-mi mai trebuie nici acunetix, nici Cyber Smart Defence ... rezolv toata treaba pe gratis.este cu doua taisuri faza cu duplicatul. pentru ca la un moment dat lumea nu va mai raporta ci va exploata. Quote Link to comment Share on other sites More sharing options...
Antzzk Posted August 21, 2013 Report Share Posted August 21, 2013 bravo Quote Link to comment Share on other sites More sharing options...
b3hr0uz Posted February 13, 2014 Report Share Posted February 13, 2014 Nice! Quote Link to comment Share on other sites More sharing options...