[XSS] *.Mozilla.org

akkiliON · September 4, 2013

# Exploit: *.mozilla.org - Cross-Site-Scripting Reflected

# Author: akkiliON

# URL Link: https://mozilla.org

# PoC:

Reported

Nytro · September 4, 2013

Uuu, astia platesc bine nu?

akkiliON · September 4, 2013

Da, platesc bine + tricou din câte am v?zut dau.

kalash1337 · September 4, 2013

Da, platesc bine + tricou din câte am v?zut dau.

O intrebare, cati bani ai scos din xss-urile gasite. Scoti de un suc?

Oricum, bravo

TheTime · September 4, 2013

Felicitari pentru gaselnita!

Din pacate, daca este in support.mozilla.org, nu cred ca o sa primesti nimic.

akkiliON · September 4, 2013

Felicitari pentru gaselnita!
Din pacate, daca este in support.mozilla.org, nu cred ca o sa primesti nimic.

What about sites which are notlisted?
If you find an issue with a site which is not "officially" part under the web application bug bounty, we would still like to know. If the bug is extraordinary, we might still consider the bug to be nominated for a bounty. In the past we have paid for interesting bugs which are outside of normalpolicy.

Nu se ?tie

Edited September 4, 2013 by akkiliON

FarSe · September 4, 2013

Bug Bounty nu erau pentru produsele lor? gen firefox,nu cred ca o sa iti iei $3000 pt un xss

Oricum bravo , pune ban pe ban si iati ceva frumos

akkiliON · September 4, 2013

Bug Bounty nu erau pentru produsele lor? gen firefox,nu cred ca o sa iti iei $3000 pt un xss
Oricum bravo , pune ban pe ban si iati ceva frumos

De la 500$ - 3000$ !

Nu am zis c? primesc 3000$ pe un XSS de la ei.

FarSe · September 4, 2013

Ah,era scris mai jos,eu ma uitam la "Client Reward Guidelines", nu la "Web Application and Services Reward Guidelines"

Oricum bravo .

dang3r1988 · September 4, 2013

nu multi reusesc sa faca asta bravo;)

akkiliON · October 3, 2013

No reward for this bug (csrf token)

Patched.

daatdraqq · October 3, 2013

No reward for this bug (csrf token)
Patched.

Pai n-ai cum sa interactionezi cu userul din cate vad .

Daca n-ai cum sa interactionezi prin click direct e normal sa nu te premieze .

akkiliON · October 3, 2013

Pai n-ai cum sa interactionezi cu userul din cate vad .
Daca n-ai cum sa interactionezi prin click direct e normal sa nu te premieze .

Dac? nu avea CSRF Token îl faceam în GET Method ?i cred c? nu mai aveam treab?. Asta e.

Edited October 3, 2013 by akkiliON

daatdraqq · October 3, 2013

Dac? nu avea CSRF Token îl faceam în GET Method ?i cred c? nu mai aveam treab?. Asta e.

Ghinionu' coaie ,vorba unui prieten :)) .

akkiliON · October 3, 2013

Ghinionu' coaie ,vorba unui prieten .

Nu e prima dat? când mi se întâmpl?.

Sign In

[XSS] *.Mozilla.org

Recommended Posts

akkiliON

Nytro

akkiliON

kalash1337

TheTime

akkiliON

FarSe

akkiliON

FarSe

dang3r1988

akkiliON

daatdraqq

akkiliON

daatdraqq

akkiliON

Join the conversation

Browse

Activity

Pages