sensi Posted January 22, 2014 Report Posted January 22, 2014 • Exploit: paypal-*.com - Cross Site Scripting (reflected)• Author: sensi• Tested on: Mozilla Firefox• Status: Reported• PoC: Quote
tudor13mn13 Posted January 22, 2014 Report Posted January 22, 2014 (edited) Bravo bossulica la mai multe P.S: Se scrie "I won".//if {$url = 'paypal-.*.com';echo 'S3nsi e boss :>';} Edited January 22, 2014 by tudor13mn13 Quote
aelius Posted January 22, 2014 Report Posted January 22, 2014 Bravo bossulica la mai multe P.S: Se scrie "I won".//if {$url = 'paypal-.*.com';echo 'S3nsi e boss :>'}ai uitat ;if(preg_match("/paypal/i", $_SERVER['SERVER_NAME'])) { echo "you suck, i rule";} else { die("suck it up");}on: felicitari. Quote
Active Members akkiliON Posted January 22, 2014 Active Members Report Posted January 22, 2014 Bravo.Am g?sit ?i eu un xss într-un site care apar?in de ei. Faza e c? am raportat bug-ul prima dat? de pe contul meu (vechiul) ?i am primit r?spuns c? e duplicate. Dubios M-am hot?rât s? îmi fac cont nou ?i s? raportez problema din nou. Iar r?spunsul care l-am primit de la ei pe contul creat nou, m-au l?sat masc?. :/ .... Mi-au validat problema ?i trebuie s? primesc 750$. Quote
sensi Posted January 22, 2014 Author Report Posted January 22, 2014 Multumesc!@akkiliON, te poti astepta la orice de la paypal (din pacate). Mai stiu pe unu care i s-a intamplat ceva asemanator... Quote
sensi Posted January 23, 2014 Author Report Posted January 23, 2014 Se pare ca mi-au validat xss-ul Quote
