darksecurity.de
https://darksecurity.de/
en
https://darksecurity.de/templates/2k11/img/s9y_banner_small.png
RSS: darksecurity.de -
https://darksecurity.de/
100
21
-
Bug Bounty status for May 2020
https://darksecurity.de/index.php?/268-Bug-Bounty-status-for-May-2020.html
<div><span style="font-size: small;"><span style="font-family: Tahoma;">I did a little bit of researching and bug hunting again and the status for this month is:<br />
</span></span></div>
<div> </div>
<div><span style="font-size: small;"><span style="font-family: Tahoma;">- united-domains – </span><strong><span style="font-family: Tahoma;">Low (paid out)</span></strong></span></div>
<div><span style="font-size: small;"><span style="font-family: Tahoma;">- united-domains – <strong>High (paid out)</strong><br type="_moz" />
</span></span></div>
<div><span style="font-size: small;"><span style="font-family: Tahoma;">- united-domains – <strong>High (not paid out yet)</strong><br type="_moz" />
</span></span></div>
<div><span style="font-size: small;"><span style="font-family: Tahoma;">- united-domains – <strong>one pending</strong></span></span></div>
<div><span style="font-size: small;"><span style="font-family: Tahoma;">- Yandex<strong> – Hall of fame only ;-)</strong></span></span></div>
<div> </div>
<div><span style="font-size: small;"><span style="font-family: Tahoma;">I think this was a very good restart ;-) Let’s see what will happen in the next weeks. Even if summer is just around the corner…</span></span></div>
darksecurity.de
nospam@example.com ()
Bug Bounty,
2020-06-07T06:58:47Z
https://darksecurity.de/wfwcomment.php?cid=268
0
https://darksecurity.de/rss.php?version=1.0&type=comments&cid=268
-
Support me and my work ...
https://darksecurity.de/index.php?/267-Support-me-and-my-work-....html
<div>
<div style="font-family: Tahoma;"><span style="font-size: small;"><span style="font-family: Tahoma;">…there are now many different ways in which you can support someone today.</span></span></div>
<div style="font-family: Tahoma;"> </div>
<div style="font-family: Tahoma;"><span style="font-size: small;">Unfortunately, there are still work or activities that are not supported by the state or by anyone else. This includes, for example, honorary work in animal shelters. I am active for years in the animal protection and have so far all my animals only from animal shelters (except one stray tomcat</span><span style="font-size: small;">).</span></div>
<div style="font-family: Tahoma;"> </div>
<div style=""><span style="font-size: small;"><span style="font-family: Tahoma;">And of course you also support my work in the area of IT security and bug hunting…</span></span></div>
<div style=""> </div>
</div> <a class="block_level" href="https://darksecurity.de/index.php?/267-Support-me-and-my-work-....html#extended">Continue reading "Support me and my work ..."</a>
darksecurity.de
nospam@example.com (Stefan Schurtz)
Allgemein,
2020-05-14T06:34:07Z
https://darksecurity.de/wfwcomment.php?cid=267
0
https://darksecurity.de/rss.php?version=1.0&type=comments&cid=267
-
Back online.....
https://darksecurity.de/index.php?/265-Back-online......html
<div><span style="font-size: small;"><span style="font-family: Tahoma;">It has been a long time since the last post and I see that many things are no longer up to date. I will update the page <strong>bit</strong> by <strong>bit</strong> and see how things are going on here :-)<br />
</span></span></div>
<div style="text-align: left;"><span style="font-size: small;"><span style="font-family: Tahoma;"><br />
</span></span><span style="font-size: small;"><span style="font-family: Tahoma;">The bug hunt begins again…</span></span></div>
<div style="text-align: left;"><span style="font-size: small;"><span style="font-family: Tahoma;"><br />
</span></span></div>
<div style="text-align: left;"> </div>
<div style="text-align: center;"><iframe src="https://rcm-eu.amazon-adsystem.com/e/cm?o=3&p=26&l=ur1&category=gift_certificates&banner=1FRYA4Y34G5SPX4CXAR2&f=ifr&linkID=f20729c085578b007688a0427a21a02c&t=sschurtz-21&tracking_id=sschurtz-21" width="468" height="60" scrolling="no" border="0" marginwidth="0" style="border:none;" frameborder="0"></iframe></div>
darksecurity.de
nospam@example.com (Stefan Schurtz)
Allgemein,
2020-05-14T05:27:40Z
https://darksecurity.de/wfwcomment.php?cid=265
0
https://darksecurity.de/rss.php?version=1.0&type=comments&cid=265
-
SSCHADV2014-004 - reg.ebay.com - Cross-site Scripting vulnerability
https://darksecurity.de/index.php?/263-SSCHADV2014-004-reg.ebay.com-Cross-site-Scripting-vulnerability.html
<table width="612" height="81" cellspacing="1" cellpadding="1" border="0">
<tbody>
<tr>
<td>
<div><sup><span style="font-size: small"><span style="font-family: Tahoma">Advisory:</span></span></sup></div>
</td>
<td>
<div><span style="font-size: small;"><span style="font-family: Tahoma;">reg.ebay.com – Cross-site Scripting vulnerability</span></span></div>
</td>
</tr>
<tr>
<td>
<div><span style="font-size: small"><span style="font-family: Tahoma">Advisory ID:</span></span></div>
</td>
<td>
<div><span style="font-size: small;"><span style="font-family: Tahoma;">SSCHADV2014-004</span></span></div>
</td>
</tr>
<tr>
<td>
<div><span style="font-size: small"><span style="font-family: Tahoma">Author:</span></span></div>
</td>
<td>
<div><span style="font-size: small"><span style="font-family: Tahoma">Stefan Schurtz</span></span></div>
</td>
</tr>
<tr>
<td>
<div><span style="font-size: small"><span style="font-family: Tahoma">Affected Software: </span></span></div>
</td>
<td>
<div><span style="font-size: small"><span style="font-family: Tahoma">Successfully tested on reg.ebay.com</span></span></div>
</td>
</tr>
<tr>
<td>
<div><span style="font-size: small"><span style="font-family: Tahoma">Vendor <span class="caps">URL</span>:</span></span></div>
</td>
<td>
<div><span style="font-size: small"><span style="font-family: Tahoma"><font color="#000000"><a href="http://www.ebay.com/" target="_blank"><span style="color: rgb(128, 0, 0);"><span style="font-size: small;"><span style="font-family: Tahoma;">http://www.ebay.com/</span></span></span></a></font></span></span></div>
</td>
</tr>
<tr>
<td>
<div><span style="font-size: small"><span style="font-family: Tahoma">Vendor Status:</span></span></div>
</td>
<td>
<div><span style="font-size: small"><span style="font-family: Tahoma">informed </span></span></div>
</td>
</tr>
</tbody>
</table>
<div><span style="font-size: small"><span style="font-family: Tahoma"> </span></span></div>
<div><span style="font-size: small"><span style="font-family: Tahoma">======================<br />
Vulnerability Description<br />
====================== </span></span></div>
<div><span style="font-size: small"><span style="font-family: Tahoma"> </span></span></div>
<div><span style="font-size: small;"><span style="font-family: Tahoma;">The website reg.ebay.com is prone to a cross-site Scripting vulnerability</span></span></div>
<div> </div> <a class="block_level" href="https://darksecurity.de/index.php?/263-SSCHADV2014-004-reg.ebay.com-Cross-site-Scripting-vulnerability.html#extended">Continue reading "SSCHADV2014-004 - reg.ebay.com - Cross-site Scripting vulnerability"</a>
darksecurity.de
nospam@example.com (Stefan Schurtz)
Security Advisories,
2014-05-26T21:31:23Z
https://darksecurity.de/wfwcomment.php?cid=263
0
https://darksecurity.de/rss.php?version=1.0&type=comments&cid=263
advisory
cross site scripting
security
sicherheit
xss
-
SSCHADV2014-005 - ocsnext.ebay.com - Open Redirect
https://darksecurity.de/index.php?/262-SSCHADV2014-005-ocsnext.ebay.com-Open-Redirect.html
<table width="612" height="81" cellspacing="1" cellpadding="1" border="0">
<tbody>
<tr>
<td>
<div><sup><span style="font-size: small"><span style="font-family: Tahoma">Advisory:</span></span></sup></div>
</td>
<td>
<div><span style="font-size: small;"><span style="font-family: Tahoma;">ocsnext.ebay.com – Open Redirect</span></span></div>
</td>
</tr>
<tr>
<td>
<div><span style="font-size: small"><span style="font-family: Tahoma">Advisory ID:</span></span></div>
</td>
<td>
<div><span style="font-size: small;"><span style="font-family: Tahoma;">SSCHADV2014-005</span></span></div>
</td>
</tr>
<tr>
<td>
<div><span style="font-size: small"><span style="font-family: Tahoma">Author:</span></span></div>
</td>
<td>
<div><span style="font-size: small"><span style="font-family: Tahoma">Stefan Schurtz</span></span></div>
</td>
</tr>
<tr>
<td>
<div><span style="font-size: small"><span style="font-family: Tahoma">Affected Software: </span></span></div>
</td>
<td>
<div><span style="font-size: small"><span style="font-family: Tahoma">Successfully tested on ocsnext.ebay.com</span></span></div>
</td>
</tr>
<tr>
<td>
<div><span style="font-size: small"><span style="font-family: Tahoma">Vendor <span class="caps">URL</span>:</span></span></div>
</td>
<td>
<div><span style="font-size: small"><span style="font-family: Tahoma"><font color="#000000"><a target="_blank" href="http://www.ebay.com/"><span style="color: rgb(128, 0, 0);"><span style="font-size: small;"><span style="font-family: Tahoma;">http://www.ebay.com/</span></span></span></a></font></span></span></div>
</td>
</tr>
<tr>
<td>
<div><span style="font-size: small"><span style="font-family: Tahoma">Vendor Status:</span></span></div>
</td>
<td>
<div><span style="font-size: small"><span style="font-family: Tahoma">fixed </span></span></div>
</td>
</tr>
</tbody>
</table>
<div><span style="font-size: small"><span style="font-family: Tahoma"> </span></span></div>
<div><span style="font-size: small"><span style="font-family: Tahoma">======================<br />
Vulnerability Description<br />
====================== </span></span></div>
<div><span style="font-size: small"><span style="font-family: Tahoma"> </span></span></div>
<div><span style="font-size: small;"><span style="font-family: Tahoma;">The website "ocsnext.ebay.com" is prone to open redirect with a special provided url</span></span></div>
<div> </div> <a class="block_level" href="https://darksecurity.de/index.php?/262-SSCHADV2014-005-ocsnext.ebay.com-Open-Redirect.html#extended">Continue reading "SSCHADV2014-005 - ocsnext.ebay.com - Open Redirect"</a>
darksecurity.de
nospam@example.com (Stefan Schurtz)
Security Advisories,
2014-05-24T08:49:38Z
https://darksecurity.de/wfwcomment.php?cid=262
0
https://darksecurity.de/rss.php?version=1.0&type=comments&cid=262
advisory
open redirection
security
sicherheit
-
Yahoo Bug Bounty Program Vulnerability #4 #5 #6 Cross-site Scripting vulnerabilities
https://darksecurity.de/index.php?/261-Yahoo-Bug-Bounty-Program-Vulnerability-4-5-6-Cross-site-Scripting-vulnerabilities.html
<div><span style="font-size: small;"><span style="font-family: Tahoma;">In Jan ’14 I reported three Cross-site Scripting vulnerabilities to the Yahoo Bug Bounty Program. And I know, it is really really hard, but … again … no feedback or bounty :)</span></span></div>
<div> </div>
<div><strong><span style="font-size: small;"><span style="font-family: Tahoma;">Screenshots</span></span></strong><span style="font-size: small;"><span style="font-family: Tahoma;">: </span></span></div>
<div> </div>
<table width="544" cellspacing="1" cellpadding="1" border="0" height="102">
<tbody>
<tr>
<td>
<div style="text-align: center;"><span style="font-size: small;"><span style="font-family: Tahoma;"><span class="caps">XSS</span> on ‘celebrity.yahoo.com</span></span>‘</div>
</td>
<td>
<div style="text-align: center;"><span style="font-family: Tahoma;"><span style="font-size: small;"><span class="caps">XSS</span> on ‘movies.yahoo.com</span>‘</span></div>
</td>
<td>
<div style="text-align: center;"><span style="font-size: small;"><span style="font-family: Tahoma;"><span class="caps">XSS</span> on ‘music.yahoo.com’</span></span></div>
</td>
</tr>
<tr>
<td>
<div><a rel="lightbox" href="http://darksecurity.de/picz/XSS-celebrity.yahoo.com.JPG"><img width="200" height="156" alt="" src="http://darksecurity.de/picz/tn_XSS-celebrity.yahoo.com.JPG" /></a></div>
</td>
<td>
<div><a rel="lightbox" href="http://darksecurity.de/picz/XSS-movies.yahoo.com.JPG"><img width="200" height="156" alt="" src="http://darksecurity.de/picz/tn_XSS-movies.yahoo.com.JPG" /></a></div>
</td>
<td>
<div><a rel="lightbox" href="http://darksecurity.de/picz/XSS-music.yahoo.com.JPG"><img width="200" height="156" alt="" src="http://darksecurity.de/picz/tn_XSS-music.yahoo.com.JPG" /></a></div>
</td>
</tr>
</tbody>
</table>
<div> </div>
<div>
<div><span style="font-size: small;"><span style="font-family: Tahoma;">Here is the advisory:</span></span></div>
<div> </div>
</div> <a class="block_level" href="https://darksecurity.de/index.php?/261-Yahoo-Bug-Bounty-Program-Vulnerability-4-5-6-Cross-site-Scripting-vulnerabilities.html#extended">Continue reading "Yahoo Bug Bounty Program Vulnerability #4 #5 #6 Cross-site Scripting vulnerabilities"</a>
darksecurity.de
nospam@example.com (Stefan Schurtz)
Bug Bounty,
2014-03-08T09:52:22Z
https://darksecurity.de/wfwcomment.php?cid=261
0
https://darksecurity.de/rss.php?version=1.0&type=comments&cid=261
advisory
bug bounty
cross site scripting
security
sicherheit
xss
-
Yahoo Bug Bounty Program Vulnerability #3 XSS on de-mg42.mail.yahoo.com
https://darksecurity.de/index.php?/260-Yahoo-Bug-Bounty-Program-Vulnerability-3-XSS-on-de-mg42.mail.yahoo.com.html
<div><span style="font-size: small;"><span style="font-family: Tahoma;">Here are the my last advisory which I’ve reported in 2013 to the Yahoo Bug Bounty Program. </span></span><span style="font-size: small;"><span style="font-family: Tahoma;">And again…the same story for this report as for my others :-/ </span></span></div>
<div> </div>
<div><span style="font-size: small;"><span style="font-family: Tahoma;">If you’re interested, you can read it here:</span></span></div>
<div> </div>
<div><span style="color: rgb(128, 0, 0);"> </span></div>
<div><a href="https://darksecurity.de/index.php?/259-Yahoo-Bug-Bounty-Program-Vulnerability-1-XSS-on-ads.yahoo.com.html"><span style="color: rgb(128, 0, 0);"><span style="font-size: small;"><span style="font-family: Tahoma;">Yahoo-Bug-Bounty-Program-Vulnerability-1-<span class="caps">XSS</span>-on-ads.yahoo.com</span></span></span></a></div>
<div><a href="https://darksecurity.de/index.php?/254-Yahoo-Bug-Bounty-Program-Vulnerability-2-Open-Redirect.html"><span style="color: rgb(128, 0, 0);"><span style="font-size: small;"><span style="font-family: Tahoma;">Yahoo-Bug-Bounty-Program-Vulnerability-2-Open-Redirect</span></span></span></a></div>
<div> </div>
<div><strong>Screenshots</strong>:</div>
<div> </div>
<table width="200" cellspacing="1" cellpadding="1" border="0">
<tbody>
<tr>
<td>
<div><a rel="lightbox" href="http://darksecurity.de/picz/Cookie-XSS-de-mg42.mail.yahoo.com.JPG"><img alt="" src="http://darksecurity.de/picz/tn_Cookie-XSS-de-mg42.mail.yahoo.com.JPG" /></a></div>
</td>
<td>
<div><a rel="lightbox" href="http://darksecurity.de/picz/Cookie-XSS-de-mg42.mail.yahoo.com.JPG"><img alt="" src="http://darksecurity.de/picz/tn_Cookie-XSS-de-mg42.mail.yahoo.com-1.JPG" /></a></div>
</td>
</tr>
</tbody>
</table>
<div> </div>
<div><strong>Video</strong>:</div>
<div> </div>
<div><iframe width="560" height="315" frameborder="0" src="//www.youtube.com/embed/cDRWRYuBB28" allowfullscreen=""></iframe></div>
<div> </div>
<div><span style="font-size: small;"><span style="font-family: Tahoma;">Here is my advisory for the <span class="caps">XSS</span> on de-mg42.mail.yahoo.com:</span></span></div>
<div> </div> <a class="block_level" href="https://darksecurity.de/index.php?/260-Yahoo-Bug-Bounty-Program-Vulnerability-3-XSS-on-de-mg42.mail.yahoo.com.html#extended">Continue reading "Yahoo Bug Bounty Program Vulnerability #3 XSS on de-mg42.mail.yahoo.com"</a>
darksecurity.de
nospam@example.com (Stefan Schurtz)
Bug Bounty,
2014-03-08T08:56:16Z
https://darksecurity.de/wfwcomment.php?cid=260
0
https://darksecurity.de/rss.php?version=1.0&type=comments&cid=260
advisory
bug bounty
cross site scripting
xss
-
Yahoo Bug Bounty Program Vulnerability #1 XSS on ads.yahoo.com
https://darksecurity.de/index.php?/259-Yahoo-Bug-Bounty-Program-Vulnerability-1-XSS-on-ads.yahoo.com.html
<div><span style="font-size: small;"><span style="font-family: Tahoma;">In Nov ’13 I reported a Cross-site Scripting vulnerability to the Yahoo Bug Bounty Program. As for my other reports, I’ve got no response or feedback,  so I wrote a message to them via email this time and so on … blah blah :)<br />
</span></span></div>
<div> </div>
<div><span style="font-size: small;"><span style="font-family: Tahoma;">To cut a long story short, f</span></span><span style="font-size: small;"><span style="font-family: Tahoma;">or all my reports the communication with Yahoo was really bad and of course: No bounty!  <br />
</span></span></div>
<div> </div>
<div><a rel="lightbox" href="http://darksecurity.de/picz/XSS-ads.yahoo.com.JPG"><img src="http://darksecurity.de/picz/tn_XSS-ads.yahoo.com.JPG" alt="" /></a></div>
<div><span style="font-size: small;"><span style="font-family: Tahoma;"> <br />
It seems this <span class="caps">XSS</span> is fixed, so here is my advisory:</span></span></div>
<div> </div> <a class="block_level" href="https://darksecurity.de/index.php?/259-Yahoo-Bug-Bounty-Program-Vulnerability-1-XSS-on-ads.yahoo.com.html#extended">Continue reading "Yahoo Bug Bounty Program Vulnerability #1 XSS on ads.yahoo.com"</a>
darksecurity.de
nospam@example.com (Stefan Schurtz)
Bug Bounty,
2014-03-08T08:18:30Z
https://darksecurity.de/wfwcomment.php?cid=259
0
https://darksecurity.de/rss.php?version=1.0&type=comments&cid=259
advisory
bug bounty
cross site scripting
security
sicherheit
xss
-
My experiences with the GiftCards.com Bug Bounty Program
https://darksecurity.de/index.php?/253-My-experiences-with-the-GiftCards.com-Bug-Bounty-Program.html
<div><span style="font-size: small;"><span style="font-family: Tahoma;">Since November 2013 I reported seven Cross-site Scripting vulnerabilities to the <a href="http://www.giftcards.com/responsible-vulnerability-disclosure-program" target="_blank">Giftcard Bug Bounty Program</a>. Sadly, only one of them</span></span><span style="font-size: small;"><span style="font-family: Tahoma;"> wasn’t a duplicate :-/. Strange? Perhaps, but </span></span><span style="font-size: small;"><span style="font-family: Tahoma;">not impossible given the simplicity of the vulnerabilities. </span></span></div>
<div> </div>
<div><span style="font-size: small;"><span style="font-family: Tahoma;">But, what I </span></span><span style="font-size: small;"><span style="font-family: Tahoma;"><span style="font-size: small;"><span style="font-family: Tahoma;">really </span></span>don’t understand: <span style="color: rgb(153, 51, 0);"><strong>Why do they still work until today?</strong></span><strong> </strong></span></span></div>
<div> </div>
<div> </div> <a class="block_level" href="https://darksecurity.de/index.php?/253-My-experiences-with-the-GiftCards.com-Bug-Bounty-Program.html#extended">Continue reading "My experiences with the GiftCards.com Bug Bounty Program"</a>
darksecurity.de
nospam@example.com (Stefan Schurtz)
Bug Bounty,
2014-02-18T05:54:00Z
https://darksecurity.de/wfwcomment.php?cid=253
0
https://darksecurity.de/rss.php?version=1.0&type=comments&cid=253
advisory
bug bounty
cross site scripting
security
sicherheit
xss
-
SSCHADV2014-003 - Serendipity 1.7.5 (Backend) - Multiple security vulnerabilities
https://darksecurity.de/index.php?/258-SSCHADV2014-003-Serendipity-1.7.5-Backend-Multiple-security-vulnerabilities.html
<table width="612" height="81" cellspacing="1" cellpadding="1" border="0">
<tbody>
<tr>
<td>
<div><sup><span style="font-size: small"><span style="font-family: Tahoma">Advisory:</span></span></sup></div>
</td>
<td>
<div><span style="font-size: small;"><span style="font-family: Tahoma;">Serendipity 1.7.5 (Backend) – Multiple security vulnerabilities</span></span></div>
</td>
</tr>
<tr>
<td>
<div><span style="font-size: small"><span style="font-family: Tahoma">Advisory ID:</span></span></div>
</td>
<td>
<div><span style="font-size: small;"><span style="font-family: Tahoma;">SSCHADV2014-003</span></span></div>
</td>
</tr>
<tr>
<td>
<div><span style="font-size: small"><span style="font-family: Tahoma">Author:</span></span></div>
</td>
<td>
<div><span style="font-size: small"><span style="font-family: Tahoma">Stefan Schurtz</span></span></div>
</td>
</tr>
<tr>
<td>
<div><span style="font-size: small"><span style="font-family: Tahoma">Affected Software: </span></span></div>
</td>
<td>
<div><span style="font-size: small"><span style="font-family: Tahoma">Successfully tested on Serendipity 1.7.5</span></span></div>
</td>
</tr>
<tr>
<td>
<div><span style="font-size: small"><span style="font-family: Tahoma">Vendor <span class="caps">URL</span>:</span></span></div>
</td>
<td>
<div><span style="font-size: small"><span style="font-family: Tahoma"><font color="#000000"><a href="http://www.s9y.org/" target="_blank"><span style="color: rgb(128, 0, 0);"><span style="font-size: small;"><span style="font-family: Tahoma;">http://www.s9y.org/</span></span></span></a></font></span></span></div>
</td>
</tr>
<tr>
<td>
<div><span style="font-size: small"><span style="font-family: Tahoma">Vendor Status:</span></span></div>
</td>
<td>
<div><span style="font-size: small"><span style="font-family: Tahoma">fixed </span></span></div>
</td>
</tr>
</tbody>
</table>
<div><span style="font-size: small"><span style="font-family: Tahoma"> </span></span></div>
<div><span style="font-size: small"><span style="font-family: Tahoma">======================<br />
Vulnerability Description<br />
====================== </span></span></div>
<div><span style="font-size: small"><span style="font-family: Tahoma"> </span></span></div>
<div><span style="font-size: small;"><span style="font-family: Tahoma;">The Serendipity 1.7.5 backend is prone to multiple security vulnerabilities</span></span></div>
<div> </div>
<div> </div> <a class="block_level" href="https://darksecurity.de/index.php?/258-SSCHADV2014-003-Serendipity-1.7.5-Backend-Multiple-security-vulnerabilities.html#extended">Continue reading "SSCHADV2014-003 - Serendipity 1.7.5 (Backend) - Multiple security vulnerabilities"</a>
darksecurity.de
nospam@example.com (Stefan Schurtz)
Security Advisories,
2014-02-06T18:44:23Z
https://darksecurity.de/wfwcomment.php?cid=258
0
https://darksecurity.de/rss.php?version=1.0&type=comments&cid=258
advisory
cross site scripting
security
sicherheit
sql injection
xss
-
[Video] - ssl.bing.com - Cross-site Scripting vulnerability
https://darksecurity.de/index.php?/257-Video-ssl.bing.com-Cross-site-Scripting-vulnerability.html
<div><span style="font-size: small;"><span style="font-family: Tahoma;">Short video about my advisory <a href="https://darksecurity.de/index.php?/256-SSCHADV2013-012-ssl.bing.com-Cross-site-Scripting-vulnerability.html"><span style="color: rgb(128, 0, 0);">SSCHADV2013-012 – ssl.bing.com – Cross-site Scripting vulnerability</span></a></span></span></div>
<div> </div>
<table width="200" cellspacing="1" cellpadding="1" border="0" align="center">
<tbody>
<tr>
<td><iframe width="560" height="315" frameborder="0" allowfullscreen="" src="//www.youtube.com/embed/CYYMFdG9PEI"></iframe></td>
</tr>
</tbody>
</table>
<p> </p>
darksecurity.de
nospam@example.com (Stefan Schurtz)
IT-Security,
2014-01-25T11:54:36Z
https://darksecurity.de/wfwcomment.php?cid=257
0
https://darksecurity.de/rss.php?version=1.0&type=comments&cid=257
cross site scripting
security
sicherheit
xss
-
SSCHADV2013-012 - ssl.bing.com - Cross-site Scripting vulnerability
https://darksecurity.de/index.php?/256-SSCHADV2013-012-ssl.bing.com-Cross-site-Scripting-vulnerability.html
<table width="612" height="81" cellspacing="1" cellpadding="1" border="0">
<tbody>
<tr>
<td>
<div><sup><span style="font-size: small"><span style="font-family: Tahoma">Advisory:</span></span></sup></div>
</td>
<td>
<div><span style="font-size: small;"><span style="font-family: Tahoma;">ssl.bing.com – Cross-site Scripting vulnerability</span></span></div>
</td>
</tr>
<tr>
<td>
<div><span style="font-size: small"><span style="font-family: Tahoma">Advisory ID:</span></span></div>
</td>
<td>
<div><span style="font-size: small;"><span style="font-family: Tahoma;">SSCHADV2013-012</span></span></div>
</td>
</tr>
<tr>
<td>
<div><span style="font-size: small"><span style="font-family: Tahoma">Author:</span></span></div>
</td>
<td>
<div><span style="font-size: small"><span style="font-family: Tahoma">Stefan Schurtz</span></span></div>
</td>
</tr>
<tr>
<td>
<div><span style="font-size: small"><span style="font-family: Tahoma">Affected Software: </span></span></div>
</td>
<td>
<div><span style="font-size: small"><span style="font-family: Tahoma">Successfully tested on </span></span><span style="font-size: small;"><span style="font-family: Tahoma;">ssl.bing.com</span></span></div>
</td>
</tr>
<tr>
<td>
<div><span style="font-size: small"><span style="font-family: Tahoma">Vendor <span class="caps">URL</span>:</span></span></div>
</td>
<td>
<div><span style="font-size: small"><span style="font-family: Tahoma"><font color="#000000"><a href="http://microsoft.com" target="_blank"><span style="color: rgb(128, 0, 0);"><span style="font-size: small;"><span style="font-family: Tahoma;">http://microsoft.com</span></span></span></a></font></span></span></div>
</td>
</tr>
<tr>
<td>
<div><span style="font-size: small"><span style="font-family: Tahoma">Vendor Status:</span></span></div>
</td>
<td>
<div><span style="font-size: small"><span style="font-family: Tahoma">fixed </span></span></div>
</td>
</tr>
</tbody>
</table>
<div><span style="font-size: small"><span style="font-family: Tahoma"> </span></span></div>
<div><span style="font-size: small"><span style="font-family: Tahoma">======================<br />
Vulnerability Description<br />
====================== </span></span></div>
<div><span style="font-size: small"><span style="font-family: Tahoma"> </span></span></div>
<div><span style="font-size: small;"><span style="font-family: Tahoma;">The website ‘ssl.bing.com’ is prone to a Cross-site Scripting vulnerability</span></span></div>
<div> </div>
<p><a rel="lightbox" href="http://darksecurity.de/picz/XSS-ssl.bing.JPG"><img src="http://darksecurity.de/picz/tn_XSS-ssl.bing.JPG" alt="" /></a></p> <a class="block_level" href="https://darksecurity.de/index.php?/256-SSCHADV2013-012-ssl.bing.com-Cross-site-Scripting-vulnerability.html#extended">Continue reading "SSCHADV2013-012 - ssl.bing.com - Cross-site Scripting vulnerability"</a>
darksecurity.de
nospam@example.com (Stefan Schurtz)
Security Advisories,
2014-01-25T11:23:55Z
https://darksecurity.de/wfwcomment.php?cid=256
0
https://darksecurity.de/rss.php?version=1.0&type=comments&cid=256
cross site scripting
security
sicherheit
xss
-
MARKPLAATS.nl Bug Bounty Program #Bounty received
https://darksecurity.de/index.php?/255-MARKPLAATS.nl-Bug-Bounty-Program-Bounty-received.html
<div><span style="font-size: small;"><span style="font-family: Tahoma;">Today I received my bounty for a vulnerability, which I reported for the <span class="caps">MARKPLAATS</span>.nl Bug Bounty Program. </span></span></div>
<div> </div>
<div><span style="font-size: small;"><span style="font-family: Tahoma;">And here it is … my ‘ebay classifieds whitehat’ :-)</span></span></div>
<div> </div>
<table width="494" height="73" cellspacing="1" cellpadding="1" border="0">
<tbody>
<tr>
<td>
<div><a rel="lightbox" href="http://darksecurity.de/picz/marktplaats.nl/1.png"><span style="font-size: small;"><span style="font-family: Tahoma;"><img width="100" height="66" alt="" src="http://darksecurity.de/picz/marktplaats.nl/tn_1.png" /></span></span></a>
<div> </div>
</div>
</td>
<td>
<div><a rel="lightbox" href="http://darksecurity.de/picz/marktplaats.nl/2.png"><span style="font-size: small;"><span style="font-family: Tahoma;"><img width="100" height="66" alt="" src="http://darksecurity.de/picz/marktplaats.nl/tn_2.png" /></span></span></a></div>
</td>
<td>
<div><a rel="lightbox" href="http://darksecurity.de/picz/marktplaats.nl/4.png"><span style="font-size: small;"><span style="font-family: Tahoma;"><img width="100" height="66" alt="" src="http://darksecurity.de/picz/marktplaats.nl/tn_4.png" /></span></span></a></div>
</td>
<td><span style="font-size: small;"><span style="font-family: Tahoma;"><a rel="lightbox" href="http://darksecurity.de/picz/marktplaats.nl/3.png"><img width="100" height="66" alt="" src="http://darksecurity.de/picz/marktplaats.nl/tn_3.png" /></a></span></span>
<div> </div>
</td>
<td><a rel="lightbox" href="http://darksecurity.de/picz/marktplaats.nl/5.jpg"><img width="100" height="66" alt="" src="http://darksecurity.de/picz/marktplaats.nl/tn_5.jpg" /></a>
<div> </div>
</td>
</tr>
</tbody>
</table>
<div> </div>
<div><span style="font-size: small;"><span style="font-family: Tahoma;">Really nice, isnt’t it :-) ? </span></span></div>
<div> </div>
<div><span style="font-size: small;"><span style="font-family: Tahoma;"> </span></span></div>
<div><span style="font-size: small;"><span style="font-family: Tahoma;">In my opinion the <span class="caps">MARKPLAATS</span>.nl bug bounty program is one of the good ones, fast feedback and a nice contact, too. </span></span></div>
<div> </div>
<div><span style="font-size: small;"><span style="font-family: Tahoma;">By the way, the vulnerability is not fixed yet, so I will publish the advisory to a later time. </span></span></div>
<div> </div>
darksecurity.de
nospam@example.com (Stefan Schurtz)
Bug Bounty,
2014-01-17T18:52:53Z
https://darksecurity.de/wfwcomment.php?cid=255
0
https://darksecurity.de/rss.php?version=1.0&type=comments&cid=255
bug bounty
markplaats.nl
security
sicherheit
-
Yahoo Bug Bounty Program Vulnerability #2 Open Redirect
https://darksecurity.de/index.php?/254-Yahoo-Bug-Bounty-Program-Vulnerability-2-Open-Redirect.html
<div><span style="font-size: small;"><span style="font-family: Tahoma;">In Dec ’13 I reported a Open Redirect (and two other vulnerabilities, first in Nov ’13) to the <a target="_blank" href="http://bugbounty.yahoo.com/">Yahoo Bug Bounty Program</a>. Sadly, I’ve got no response or feedback for any of this issues,  </span></span><span style="font-size: small;"><span style="font-family: Tahoma;">so I wrote a new message to them (this time via email).</span></span></div>
<div> </div>
<div><span style="font-size: small;"><span style="font-family: Tahoma;">Last week</span></span><span style="font-size: small;"><span style="font-family: Tahoma;"> they told me that Open redirects are no longer in scope of the bug bounty programm :-/ </span></span></div>
<div> </div>
<div><span style="font-size: small;"><span style="font-family: Tahoma;">So here is my advisory for this issue:<strong> </strong></span></span></div>
<div> </div>
<div> </div> <a class="block_level" href="https://darksecurity.de/index.php?/254-Yahoo-Bug-Bounty-Program-Vulnerability-2-Open-Redirect.html#extended">Continue reading "Yahoo Bug Bounty Program Vulnerability #2 Open Redirect"</a>
darksecurity.de
nospam@example.com ()
Bug Bounty,
2014-01-11T13:55:02Z
https://darksecurity.de/wfwcomment.php?cid=254
0
https://darksecurity.de/rss.php?version=1.0&type=comments&cid=254
advisory
bug bounty
open redirection
security
sicherheit
-
SSCHADV2014-001 - Wordpress Plugin WP-Members Version 2.8.9 - Stored and reflected Cross-site Scripting vulnerabilities
https://darksecurity.de/index.php?/252-SSCHADV2014-001-Wordpress-Plugin-WP-Members-Version-2.8.9-Stored-and-reflected-Cross-site-Scripting-vulnerabilities.html
<table width="612" height="81" cellspacing="1" cellpadding="1" border="0">
<tbody>
<tr>
<td>
<div><sup><span style="font-size: small"><span style="font-family: Tahoma">Advisory:</span></span></sup></div>
</td>
<td>
<div><span style="font-size: small;"><span style="font-family: Tahoma;">Wordpress Plugin WP-Members 2.8.9 – Multiple Cross-site Scripting </span></span><span style="font-size: small;"><span style="font-family: Tahoma;">vulnerabilities</span></span></div>
</td>
</tr>
<tr>
<td>
<div><span style="font-size: small"><span style="font-family: Tahoma">Advisory ID:</span></span></div>
</td>
<td>
<div><span style="font-size: small;"><span style="font-family: Tahoma;">SSCHADV2014-001</span></span></div>
</td>
</tr>
<tr>
<td>
<div><span style="font-size: small"><span style="font-family: Tahoma">Author:</span></span></div>
</td>
<td>
<div><span style="font-size: small"><span style="font-family: Tahoma">Stefan Schurtz</span></span></div>
</td>
</tr>
<tr>
<td>
<div><span style="font-size: small"><span style="font-family: Tahoma">Affected Software: </span></span></div>
</td>
<td>
<div><span style="font-size: small"><span style="font-family: Tahoma">Successfully tested on WP-Members Version 2.8.9</span></span></div>
</td>
</tr>
<tr>
<td>
<div><span style="font-size: small"><span style="font-family: Tahoma">Vendor <span class="caps">URL</span>:</span></span></div>
</td>
<td>
<div><span style="font-size: small"><span style="font-family: Tahoma"><font color="#000000"><a href="http://mr.hokya.com/ajax-comment-page/"><span style="color: rgb(128, 0, 0);"><span style="font-size: small;"><span style="font-family: Tahoma;">http://wordpress.org/plugins/wp-members/</span></span></span></a></font></span></span></div>
</td>
</tr>
<tr>
<td>
<div><span style="font-size: small"><span style="font-family: Tahoma">Vendor Status:</span></span></div>
</td>
<td>
<div><span style="font-size: small"><span style="font-family: Tahoma">fixed </span></span></div>
</td>
</tr>
</tbody>
</table>
<div><span style="font-size: small"><span style="font-family: Tahoma"> </span></span></div>
<div><span style="font-size: small"><span style="font-family: Tahoma">======================<br />
Vulnerability Description<br />
====================== </span></span></div>
<div><span style="font-size: small"><span style="font-family: Tahoma"> </span></span></div>
<div><span style="font-size: small;"><span style="font-family: Tahoma;">The Wordpress plugin "WP-Members 2.8.9" is prone to reflected and stored <span class="caps">XSS</span> vulnerabilities</span></span></div>
<div> </div> <a class="block_level" href="https://darksecurity.de/index.php?/252-SSCHADV2014-001-Wordpress-Plugin-WP-Members-Version-2.8.9-Stored-and-reflected-Cross-site-Scripting-vulnerabilities.html#extended">Continue reading "SSCHADV2014-001 - Wordpress Plugin WP-Members Version 2.8.9 - Stored and reflected Cross-site Scripting vulnerabilities"</a>
darksecurity.de
nospam@example.com (Stefan Schurtz)
Security Advisories,
2014-01-08T13:20:07Z
https://darksecurity.de/wfwcomment.php?cid=252
0
https://darksecurity.de/rss.php?version=1.0&type=comments&cid=252
advisory
cross site scripting
saarland
security
sicherheit
xss