Active Members dancezar Posted January 12, 2014 Active Members Report Share Posted January 12, 2014 (edited) Target: .yahoo.netExploit #1 Full path discloure:http://s21.postimg.org/op7ug87tj/fpd.pngExploit #2 Cross site scripting POSThttp://s30.postimg.org/6qj3jcahc/yahoo.jpgExploit #3 Sql injection (True and false)True:View image: trueFalse:http://s15.postimg.org/trvc34vwb/false.pngToate in acelasi subdomeniu.Ps: daca cautati putin s-ar putea sa il gasiti --Vurnerabilitati Raportate Edited January 12, 2014 by danyweb09 Quote Link to comment Share on other sites More sharing options...
AsalT Posted January 12, 2014 Report Share Posted January 12, 2014 Felicitari!yahoo.net? Quote Link to comment Share on other sites More sharing options...
Active Members dancezar Posted January 12, 2014 Author Active Members Report Share Posted January 12, 2014 (edited) Da toate is in .net//Is domenii care le apartin Edited January 12, 2014 by danyweb09 Quote Link to comment Share on other sites More sharing options...
dekeeu Posted January 12, 2014 Report Share Posted January 12, 2014 Aceleasi chestii le-am gasit si eu intr-un .net si n`am mai primit nimic de 3 luni . Quote Link to comment Share on other sites More sharing options...
tpad Posted January 12, 2014 Report Share Posted January 12, 2014 Va vor spune ca nu sunt in scope:) Quote Link to comment Share on other sites More sharing options...
Active Members dancezar Posted January 12, 2014 Author Active Members Report Share Posted January 12, 2014 (edited) Va vor spune ca nu sunt in scope:)Nu sunt in scope pentru bani dar am raportat un fpd intr-un .net si am primit HOF//se ofera bani doar pentru vurnerabilitati grave in .net Edited January 12, 2014 by danyweb09 Quote Link to comment Share on other sites More sharing options...
dekeeu Posted January 12, 2014 Report Share Posted January 12, 2014 Si SQLi-ul se incadreaza ? Quote Link to comment Share on other sites More sharing options...
nacks Posted January 13, 2014 Report Share Posted January 13, 2014 Si SQLi-ul se incadreaza ?Eu am primit pentru doua SQLi:Yahoo! has awarded you a $326 bounty for 6******8 Quote Link to comment Share on other sites More sharing options...
dekeeu Posted January 13, 2014 Report Share Posted January 13, 2014 Si eu am primit pentru un SQLi:[FONT=arial]Hi X,[/FONT][FONT=arial]At the time of the report we had not completed the details around the bug bounty program. The program scope covers [/FONT][URL="http://yahoo.com/"]yahoo.com[/URL][FONT=arial] and [/FONT][URL="http://flickr.com/"]flickr.com[/URL][FONT=arial] along with the respective mobile and client side apps. ([/FONT][url=http://bugbounty.yahoo.com/]Yahoo - Bug Bounty Program Rules[/url][FONT=arial])[/FONT][FONT=arial]The bug on [/FONT][URL="http://yahoo.net/"]yahoo.net[/URL][FONT=arial] was found to be out of scope. We have listed you as a contributor on the Wall of Fame to show our appreciation. Quote Link to comment Share on other sites More sharing options...
florin_darck Posted January 14, 2014 Report Share Posted January 14, 2014 Eu am primit pentru doua SQLi:Yahoo! has awarded you a $326 bounty for 6******8In .net sau .com ? Quote Link to comment Share on other sites More sharing options...
nacks Posted January 14, 2014 Report Share Posted January 14, 2014 doar una dintre ele in .net Quote Link to comment Share on other sites More sharing options...