Warning: opendir(/var/www/html/web1/serendipity/plugins/serendipity_event_dpsyntaxhighlighter/sh/3.0.83.2/scripts/): failed to open dir: No such file or directory in /var/www/html/web1/serendipity/plugins/serendipity_event_dpsyntaxhighlighter/serendipity_event_dpsyntaxhighlighter.php on line 26

Warning: Invalid argument supplied for foreach() in /var/www/html/web1/serendipity/plugins/serendipity_event_dpsyntaxhighlighter/serendipity_event_dpsyntaxhighlighter.php on line 170
Skip to content

Bug Bounty status for May 2020

I did a little bit of researching and bug hunting again and the status for this month is:
 
- united-domains – Low (paid out)
- united-domains – High (paid out)
- united-domains – High (not paid out yet)
- united-domains – one pending
- Yandex – Hall of fame only ;-)
 
I think this was a very good restart ;-) Let’s see what will happen in the next weeks. Even if summer is just around the corner…

Yahoo Bug Bounty Program Vulnerability #4 #5 #6 Cross-site Scripting vulnerabilities

In Jan ’14 I reported three Cross-site Scripting vulnerabilities to the Yahoo Bug Bounty Program. And I know, it is really really hard, but … again … no feedback or bounty :)
 
Screenshots:
 
XSS on ‘celebrity.yahoo.com
XSS on ‘movies.yahoo.com
XSS on ‘music.yahoo.com’
 
Here is the advisory:
 
Continue reading "Yahoo Bug Bounty Program Vulnerability #4 #5 #6 Cross-site Scripting vulnerabilities"

Yahoo Bug Bounty Program Vulnerability #3 XSS on de-mg42.mail.yahoo.com

Here are the my last advisory which I’ve reported in 2013 to the Yahoo Bug Bounty Program. And again…the same story for this report as for my others :-/
 
If you’re interested, you can read it here:
 
 
Screenshots:
 
 
Video:
 
 
Here is my advisory for the XSS on de-mg42.mail.yahoo.com:
 
Continue reading "Yahoo Bug Bounty Program Vulnerability #3 XSS on de-mg42.mail.yahoo.com"

Yahoo Bug Bounty Program Vulnerability #1 XSS on ads.yahoo.com

In Nov ’13 I reported a Cross-site Scripting vulnerability to the Yahoo Bug Bounty Program. As for my other reports, I’ve got no response or feedback,  so I wrote a message to them via email this time and so on … blah blah :)
 
To cut a long story short, for all my reports the communication with Yahoo was really bad and of course: No bounty! 
 
 
It seems this XSS is fixed, so here is my advisory:
 
Continue reading "Yahoo Bug Bounty Program Vulnerability #1 XSS on ads.yahoo.com"

My experiences with the GiftCards.com Bug Bounty Program

Since November 2013 I reported seven Cross-site Scripting vulnerabilities to the Giftcard Bug Bounty Program. Sadly, only one of them wasn’t a duplicate :-/. Strange? Perhaps, but not impossible given the simplicity of the vulnerabilities.
 
But, what I really don’t understand: Why do they still work until today?
 
 
Continue reading "My experiences with the GiftCards.com Bug Bounty Program"

MARKPLAATS.nl Bug Bounty Program #Bounty received

Today I received my bounty for a vulnerability, which I reported for the MARKPLAATS.nl Bug Bounty Program.
 
And here it is … my ‘ebay classifieds whitehat’ :-)
 
 
 
 
 
Really nice, isnt’t it :-) ?
 
In my opinion the MARKPLAATS.nl bug bounty program is one of the good ones, fast feedback and a nice contact, too. 
 
By the way, the vulnerability is not fixed yet, so I will publish the advisory to a later time.
 
Imprint | Contact | Privacy Statement

Warning: opendir(/var/www/html/web1/serendipity/plugins/serendipity_event_dpsyntaxhighlighter/sh/3.0.83.2/scripts/): failed to open dir: No such file or directory in /var/www/html/web1/serendipity/plugins/serendipity_event_dpsyntaxhighlighter/serendipity_event_dpsyntaxhighlighter.php on line 26

Warning: Invalid argument supplied for foreach() in /var/www/html/web1/serendipity/plugins/serendipity_event_dpsyntaxhighlighter/serendipity_event_dpsyntaxhighlighter.php on line 170