SSCHADV2013-012 - ssl.bing.com - Cross-site Scripting vulnerability
Advisory:
|
ssl.bing.com – Cross-site Scripting vulnerability
|
Advisory ID:
|
SSCHADV2013-012
|
Author:
|
Stefan Schurtz
|
Affected Software:
|
Successfully tested on ssl.bing.com
|
Vendor URL:
|
|
Vendor Status:
|
fixed
|
======================
Vulnerability Description
======================
Vulnerability Description
======================
The website ‘ssl.bing.com’ is prone to a Cross-site Scripting vulnerability
MARKPLAATS.nl Bug Bounty Program #Bounty received
Today I received my bounty for a vulnerability, which I reported for the MARKPLAATS.nl Bug Bounty Program.
And here it is … my ‘ebay classifieds whitehat’ :-)
|
|
Really nice, isnt’t it :-) ?
In my opinion the MARKPLAATS.nl bug bounty program is one of the good ones, fast feedback and a nice contact, too.
By the way, the vulnerability is not fixed yet, so I will publish the advisory to a later time.
Yahoo Bug Bounty Program Vulnerability #2 Open Redirect
In Dec ’13 I reported a Open Redirect (and two other vulnerabilities, first in Nov ’13) to the Yahoo Bug Bounty Program. Sadly, I’ve got no response or feedback for any of this issues, so I wrote a new message to them (this time via email).
Last week they told me that Open redirects are no longer in scope of the bug bounty programm :-/
So here is my advisory for this issue:
SSCHADV2014-001 - Wordpress Plugin WP-Members Version 2.8.9 - Stored and reflected Cross-site Scripting vulnerabilities
Advisory:
|
Wordpress Plugin WP-Members 2.8.9 – Multiple Cross-site Scripting vulnerabilities
|
Advisory ID:
|
SSCHADV2014-001
|
Author:
|
Stefan Schurtz
|
Affected Software:
|
Successfully tested on WP-Members Version 2.8.9
|
Vendor URL:
|
|
Vendor Status:
|
fixed
|
======================
Vulnerability Description
======================
Vulnerability Description
======================
The Wordpress plugin "WP-Members 2.8.9" is prone to reflected and stored XSS vulnerabilities