Skip to content Bug Bounty Program #Bounty received

Today I received my bounty for a vulnerability, which I reported for the Bug Bounty Program.
And here it is … my ‘ebay classifieds whitehat’ :-)
Really nice, isnt’t it :-) ?
In my opinion the bug bounty program is one of the good ones, fast feedback and a nice contact, too. 
By the way, the vulnerability is not fixed yet, so I will publish the advisory to a later time.

Yahoo Bug Bounty Program Vulnerability #2 Open Redirect

In Dec ’13 I reported a Open Redirect (and two other vulnerabilities, first in Nov ’13) to the Yahoo Bug Bounty Program. Sadly, I’ve got no response or feedback for any of this issues,  so I wrote a new message to them (this time via email).
Last week they told me that Open redirects are no longer in scope of the bug bounty programm :-/
So here is my advisory for this issue:
Continue reading "Yahoo Bug Bounty Program Vulnerability #2 Open Redirect"
Imprint | Contact | Privacy Statement