sensi Posted August 19, 2013 Report Posted August 19, 2013 - Exploit: Paypal.com - Cross Site Scripting- Author: sensi- Browser: Firefox 23.0- Status: Reported!- P.o.C:Error: Quote
Active Members dancezar Posted August 19, 2013 Active Members Report Posted August 19, 2013 felicitari:) sper sa primesti recompensa cuvenita;)Ca si o mica paranteza ce ai acolo jos nu este o eroare posibil ca acei parametri sa fie iesiti din tagul script si sa fie afisati in paginagj:) Quote
dekeeu Posted August 19, 2013 Report Posted August 19, 2013 Nu cred ca e eroare, cred ca ai inchis tagul <script> mai devreme decat trebuia si au ramas datele alea aruncate aiurea prin pagina.Bravo, sa-ti iei banii ! Quote
d33nis Posted August 19, 2013 Report Posted August 19, 2013 Felicitari. La cat mai multe.Cand primesti rasplata, sa ne spui si noua in ce a constat si cat, daca e vorba despre $$. Quote
sensi Posted August 19, 2013 Author Report Posted August 19, 2013 Teoretic ar trebuii sa primesc 750$ Quote
d33nis Posted August 19, 2013 Report Posted August 19, 2013 Eheee, ai si tu de un suc. Sau de un frigider (nou nout) cu sticle cu suc. Chiar is curios care va fi rasplata. Quote
Darkb0t Posted August 19, 2013 Report Posted August 19, 2013 - Exploit: Paypal.com - Cross Site Scripting- Author: sensi- Browser: Firefox 23.0- Status: Reported!- P.o.C:Error:congratulations bro,one question: how you found this bug [xss]were you logged in?I see you inside this shop paypal, thanks Quote
Byte-ul Posted August 19, 2013 Report Posted August 19, 2013 congratulations bro,one question: how you found this bug [xss]were you logged in?I see you inside this shop paypal, thanksIt says "Log out" at top... So what do you think? Quote
sensi Posted August 19, 2013 Author Report Posted August 19, 2013 Yes, I was logged and thanks. Quote
tudor13mn13 Posted August 19, 2013 Report Posted August 19, 2013 Bravo pentru XSS .SPer sa primesti reward Quote
sensi Posted August 20, 2013 Author Report Posted August 20, 2013 In primul rand vreau sa-mi cer scuze pentru dublu post!Hello ---------, ([U]vreau sa precizez ca nici nu mi-au scris numele corect[/U])Thank you for participating in the PayPal Bug Bounty Program. We regret to inform you that your bug submission was not eligible for a bounty as this bug was already discovered by another researcher.Title: [Cross-Site-Scripting] www.paypal.comUID: yx1175uSThank you for your participation.We take pride in keeping PayPal the safer place for online payment.Thank you,PayPal Security TeamXSS-ul era ceva asemanator cu cel care l-am gasit aici, deci slabe sanse sa fi gasit altcineva...MUIE PAYPAL! Quote
Active Members akkiliON Posted August 20, 2013 Active Members Report Posted August 20, 2013 Bun venit in lumea mea. Quote
sensi Posted August 20, 2013 Author Report Posted August 20, 2013 (edited) La primul XSS persistent ma vezi pe black Nu vreau sa incurajez asta, dar asta e adevarul, pe black scoti mult mai mult. Edited August 20, 2013 by sensi Quote
florin_darck Posted August 20, 2013 Report Posted August 20, 2013 Bun venit in lumea mea.Noastra* Quote
GarryOne Posted August 20, 2013 Report Posted August 20, 2013 Si exista vreo metoda daca, intr-adevar, a fost deja gasita vulnerabilitatea postata de tine? Asa ar putea face la fiecare vulnerabilitate, sa zica ca a fost gasita deja si sa-si rezolve toate bresele de securitate pe gratis. Tre sa fac si eu un program Bug Bounty pe site-urile mele si nu-mi mai trebuie nici acunetix, nici Cyber Smart Defence ... rezolv toata treaba pe gratis. Quote
xGenera1u Posted August 20, 2013 Report Posted August 20, 2013 Raspuns de la CISCONUME; Thank you for contacting Cisco PSIRT. This appears to be avulnerability in Cisco infrastructure. PSIRT deals with vulnerabilitiesin Cisco products, while CSIRT deals with vulnerabilities in Ciscoinfrastructure. As such, this issue will be handled by our CSIRT/InfoSecteam as it is not a direct product vulnerability, but an issue in Ciscoinfrastructure. I'm forwarding your message to CSIRT. They should replyto you shortly, and will look into the reported issue.Regards,ScottNici pana acum nu am mai primit vreun mail de la ei...mai bine nu le ziceam... Quote
Renegade Posted August 20, 2013 Report Posted August 20, 2013 Si exista vreo metoda daca, intr-adevar, a fost deja gasita vulnerabilitatea postata de tine? Asa ar putea face la fiecare vulnerabilitate, sa zica ca a fost gasita deja si sa-si rezolve toate bresele de securitate pe gratis. Tre sa fac si eu un program Bug Bounty pe site-urile mele si nu-mi mai trebuie nici acunetix, nici Cyber Smart Defence ... rezolv toata treaba pe gratis.este cu doua taisuri faza cu duplicatul. pentru ca la un moment dat lumea nu va mai raporta ci va exploata. Quote