mah_one Posted August 23, 2013 Report Share Posted August 23, 2013 Buna,Am gasit un bug rar, session puzzling, in freelancer.com, core website.Am primit un whitehat badge pe contul meu de freelancer si imi vor mai da un tricou.Video P.o.C.: 2 Quote Link to comment Share on other sites More sharing options...
UnixDevel Posted August 23, 2013 Report Share Posted August 23, 2013 ce chestie acelasi bug il gasisem si eu ,dar am avut impresia ca e doar de la pc-ul meu ...cei drept nu am stat sa inspectez mai mult ... ,oricum GG Quote Link to comment Share on other sites More sharing options...
Domnul.Do Posted August 23, 2013 Report Share Posted August 23, 2013 Foarte interesant acest bug , toate respectele mele domnule mah_one !Am raportat si eu 2 XSS-uri : unu in domeniul principal si mai unu care se regasea in orice sub domeniu .In cat timp au raspuns/au confirmat ca o sa primesti acel whitehat badge? Quote Link to comment Share on other sites More sharing options...
mah_one Posted August 23, 2013 Author Report Share Posted August 23, 2013 in 3 ore i s-a facut un patcha doua zi am primit badge-ul Quote Link to comment Share on other sites More sharing options...
malsploit Posted August 23, 2013 Report Share Posted August 23, 2013 Felicitari!Cand ai timp, te rog sa faci un tutorial in care sa prezinti tipul asta de vulnerabilitate. Quote Link to comment Share on other sites More sharing options...
mah_one Posted August 23, 2013 Author Report Share Posted August 23, 2013 Nu are rost sa spun cum se face "apa calda", detalii gasiti aici:Security Tools Benchmarking: Session Puzzling and Session Race Conditions Quote Link to comment Share on other sites More sharing options...