malsploit Posted January 29, 2014 Report Share Posted January 29, 2014 (edited) L-am raportat si au zis ca este "out of scope". Pe acel server este instalata o aplicatie creata de Microsoft care are mai multe vulnerabilitati. Este raportat de vreo 2 saptamani. Au spus ca este out of scope, pentru ca nu afecteaza nici un utilizator. https://meet.paypal.com Edited January 29, 2014 by hate.me 1 Quote Link to comment Share on other sites More sharing options...
shaggi Posted January 29, 2014 Report Share Posted January 29, 2014 ba da tu te opresti vreodata din gasit vulns in paypal? Quote Link to comment Share on other sites More sharing options...
malsploit Posted January 29, 2014 Author Report Share Posted January 29, 2014 ba da tu te opresti vreodata din gasit vulns in paypal?o bag pe aia cu "Sunt utilizator paypal si imi fac griji pentru securitatea datelor mele" Quote Link to comment Share on other sites More sharing options...
Active Members akkiliON Posted January 29, 2014 Active Members Report Share Posted January 29, 2014 Ce mincino?i sunt ??tia de la Paypal. Am g?sit un SQL Error în where.com. Când am g?sit prima dat? problema, mi-au validat-o ca Information Disclosure, iar banii i-am primit. Problema nu a fost bine reparat?, ?i când le-am trimis mesaj din nou de pe contul meu (vechi) mi-au zis c? aceast? vulnerabilitate nu afecteaz? site-ul. Am raportat de pe alt email (nou) ?i mi-au validat problema :/However, due to mitigating factors in place, the issue is notexploitable as a SQL injection. We will reclassify this vulnerability tobe a valid information disclosure instead. After the vulnerability isfixed, we will notify you of the fix and issue you a bounty.Asta e a doua oar? când fac a?a cu ei. Quote Link to comment Share on other sites More sharing options...
tpad Posted January 29, 2014 Report Share Posted January 29, 2014 Ce mincino?i sunt ??tia de la Paypal. Am g?sit un SQL Error în where.com. Când am g?sit prima dat? problema, mi-au validat-o ca Information Disclosure, iar banii i-am primit. Problema nu a fost bine reparat?, ?i când le-am trimis mesaj din nou de pe contul meu (vechi) mi-au zis c? aceast? vulnerabilitate nu afecteaz? site-ul. Am raportat de pe alt email (nou) ?i mi-au validat problema :/Asta e a doua oar? când fac a?a cu ei.Ti-a raspuns acelasi personaj de ambele dati? Quote Link to comment Share on other sites More sharing options...
sensi Posted January 29, 2014 Report Share Posted January 29, 2014 Paypal uimeste din nou Quote Link to comment Share on other sites More sharing options...
BlitzKrieg Posted January 29, 2014 Report Share Posted January 29, 2014 Am gasit si eu un bug in PayPal, imi permite sa iau conturile Verified cu tot cu linked bank accounts si linked credit/debit card Din motive personale nu va spun spun despre ce este vorba, asa ca il folosesc eu pt. mine Quote Link to comment Share on other sites More sharing options...
florin_darck Posted January 29, 2014 Report Share Posted January 29, 2014 Am gasit si eu un bug in PayPal, imi permite sa iau conturile Verified cu tot cu linked bank accounts si linked credit/debit card Din motive personale nu va spun spun despre ce este vorba, asa ca il folosesc eu pt. mine Carder ? Quote Link to comment Share on other sites More sharing options...
aelius Posted January 29, 2014 Report Share Posted January 29, 2014 Carder ?Nu, in mod sigur, doar http://onlineslangdictionary.com/meaning-definition-of/lamer Quote Link to comment Share on other sites More sharing options...
mah_one Posted January 30, 2014 Report Share Posted January 30, 2014 Cred ca iti trebuie certificat valid sa intrii pe site-ul ala...Si nu cred ca nu afecteaza nici un utilizator... Mie mi se pare un site intern si cel mai probabil au si autentificare. Quote Link to comment Share on other sites More sharing options...
malsploit Posted January 30, 2014 Author Report Share Posted January 30, 2014 Cand am descoperit vulnerabilitatea, puteam sa trimit si email-uri. Dupa ce am raportat, nu a mai mers. Daca aplicatia era configurata corect, puteam sa editez e-mailurile. https://blueprint.paypal.com/emails/ Quote Link to comment Share on other sites More sharing options...
Active Members akkiliON Posted January 30, 2014 Active Members Report Share Posted January 30, 2014 Cand am descoperit vulnerabilitatea, puteam sa trimit si email-uri. Dupa ce am raportat, nu a mai mers. Daca aplicatia era configurata corect, puteam sa editez e-mailurile. https://blueprint.paypal.com/emails/ Hehe, frumos Quote Link to comment Share on other sites More sharing options...
malsploit Posted January 30, 2014 Author Report Share Posted January 30, 2014 Era si mai frumos daca stiau aia sa instaleze aplicatia corect. Era tare daca mergeau editate emailurile, si puteam trimite ce continut vroiam eu. Era si mai tare sa-l fi raportat si sa zica "out of scope" ca acum Quote Link to comment Share on other sites More sharing options...
relaxlike Posted January 31, 2014 Report Share Posted January 31, 2014 Daca raportati buguri la paypal primti bani ? Cum gasiti aceste buguri ? Quote Link to comment Share on other sites More sharing options...