Jump to content
poq

Magento Bug Bounty

Recommended Posts

Cei de la Bug Bounty (Magento) dau in functie de URL out of scope la vulnerabilitate, atunci cand completezi cu adresa gostorego.com (care e in scop) iti zice ca domeniul nu este valid dar totusi sa il raportezi ca poate poate.

Am 4 completate cu acea adresa, doua xss-uri din ele sunt foarte grave iar adresa fiind gostorego.com si nu go.magento.com am primit out of scope pe toate cu tot ca permit multe acele probleme.

Aici e o lista cu asa zisul bug bounty

[TABLE=width: 100%]

[TR]

[TD]Vulnerability[/TD]

[TD]Magento EE/CE, gostorego.com, gostorego.co.uk, prostores.com[/TD]

[TD]magento.com, imagineecommerce.com, magentocommerce.com[/TD]

[/TR]

[TR]

[TD]Information Disclosure (PII, passwords, or credit card data)[/TD]

[TD]Up to $10,000[/TD]

[TD]Up to $5,000[/TD]

[/TR]

[TR]

[TD]Remote Code Execution[/TD]

[TD]Up to $10,000[/TD]

[TD]Up to $2,500[/TD]

[/TR]

[TR]

[TD]Privilege Escalation[/TD]

[TD]Up to $5,000[/TD]

[TD]Up to $1,000[/TD]

[/TR]

[TR]

[TD]SQL Injection[/TD]

[TD]Up to $5,000[/TD]

[TD]Up to $1,000[/TD]

[/TR]

[TR]

[TD]Cross-Site Request Forgery (CSRF)[/TD]

[TD]Up to $5,000[/TD]

[TD]Up to $500[/TD]

[/TR]

[TR]

[TD]Cross-Site Scripting (XSS)[/TD]

[TD]$1000[/TD]

[TD]$500[/TD]

[/TR]

[TR]

[TD]Clickjacking[/TD]

[TD]$500[/TD]

[TD]$100

[/TD]

[/TR]

[/TABLE]

Nu stiu daca o sa mai trimit ceva, le-am trimis un email sa imi verifice iar rapoartele pentru ca ei ca niste roboti vazand URL au dat din start out of scope sau cine stie ce form au ei..

Edited by Gecko
Titlu.
Link to comment
Share on other sites

Nu te iau in seama, sunt niste robotei care dau out of scope, duplicate, out of scope si tot asa...

Sunt incadrat in tot ceea ce au zis ei acolo, am unul persistent si chiar acum am trimis email, am zis ca daca nu ma ia in seama ma forteaza sa il public (fiind "out of scope").

Edited by poq
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...