Warning: opendir(/var/www/html/web1/serendipity/plugins/serendipity_event_dpsyntaxhighlighter/sh/3.0.83.2/scripts/): failed to open dir: No such file or directory in /var/www/html/web1/serendipity/plugins/serendipity_event_dpsyntaxhighlighter/serendipity_event_dpsyntaxhighlighter.php on line 26

Warning: Invalid argument supplied for foreach() in /var/www/html/web1/serendipity/plugins/serendipity_event_dpsyntaxhighlighter/serendipity_event_dpsyntaxhighlighter.php on line 170
Skip to content

Support me and my work ...

…there are now many different ways in which you can support someone today.
 
Unfortunately, there are still work or activities that are not supported by the state or by anyone else. This includes, for example, honorary work in animal shelters. I am active for years in the animal protection and have so far all my animals only from animal shelters (except one stray tomcat).
 
And of course you also support my work in the area of IT security and bug hunting…
 
Continue reading "Support me and my work ..."

Bug Bounty status for May 2020

I did a little bit of researching and bug hunting again and the status for this month is:
 
- united-domains – Low (paid out)
- united-domains – High (paid out)
- united-domains – High (not paid out yet)
- united-domains – one pending
- Yandex – Hall of fame only ;-)
 
I think this was a very good restart ;-) Let’s see what will happen in the next weeks. Even if summer is just around the corner…

Back online.....

It has been a long time since the last post and I see that many things are no longer up to date. I will update the page bit by bit and see how things are going on here :-)

The bug hunt begins again…

 

SSCHADV2014-004 - reg.ebay.com - Cross-site Scripting vulnerability

Advisory:
reg.ebay.com – Cross-site Scripting vulnerability
Advisory ID:
SSCHADV2014-004
Author:
Stefan Schurtz
Affected Software:
Successfully tested on reg.ebay.com
Vendor URL:
Vendor Status:
informed
 
======================
Vulnerability Description
======================
 
The website reg.ebay.com is prone to a cross-site Scripting vulnerability
 
Continue reading "SSCHADV2014-004 - reg.ebay.com - Cross-site Scripting vulnerability"

SSCHADV2014-005 - ocsnext.ebay.com - Open Redirect

Advisory:
ocsnext.ebay.com – Open Redirect
Advisory ID:
SSCHADV2014-005
Author:
Stefan Schurtz
Affected Software:
Successfully tested on ocsnext.ebay.com
Vendor URL:
Vendor Status:
fixed
 
======================
Vulnerability Description
======================
 
The website "ocsnext.ebay.com" is prone to open redirect with a special provided url
 
Continue reading "SSCHADV2014-005 - ocsnext.ebay.com - Open Redirect"

Yahoo Bug Bounty Program Vulnerability #4 #5 #6 Cross-site Scripting vulnerabilities

In Jan ’14 I reported three Cross-site Scripting vulnerabilities to the Yahoo Bug Bounty Program. And I know, it is really really hard, but … again … no feedback or bounty :)
 
Screenshots:
 
XSS on ‘celebrity.yahoo.com
XSS on ‘movies.yahoo.com
XSS on ‘music.yahoo.com’
 
Here is the advisory:
 
Continue reading "Yahoo Bug Bounty Program Vulnerability #4 #5 #6 Cross-site Scripting vulnerabilities"
Imprint | Contact | Privacy Statement

Warning: opendir(/var/www/html/web1/serendipity/plugins/serendipity_event_dpsyntaxhighlighter/sh/3.0.83.2/scripts/): failed to open dir: No such file or directory in /var/www/html/web1/serendipity/plugins/serendipity_event_dpsyntaxhighlighter/serendipity_event_dpsyntaxhighlighter.php on line 26

Warning: Invalid argument supplied for foreach() in /var/www/html/web1/serendipity/plugins/serendipity_event_dpsyntaxhighlighter/serendipity_event_dpsyntaxhighlighter.php on line 170