Here are the my last advisory which I’ve reported in 2013 to the Yahoo Bug Bounty Program. And again…the same story for this report as for my others :-/
If you’re interested, you can read it here:
Screenshots:
Video:
Here is my advisory for the XSS on de-mg42.mail.yahoo.com:
Continue reading "Yahoo Bug Bounty Program Vulnerability #3 XSS on de-mg42.mail.yahoo.com"
In Nov ’13 I reported a Cross-site Scripting vulnerability to the Yahoo Bug Bounty Program. As for my other reports, I’ve got no response or feedback, so I wrote a message to them via email this time and so on … blah blah :)
To cut a long story short, for all my reports the communication with Yahoo was really bad and of course: No bounty!
It seems this XSS is fixed, so here is my advisory:
Continue reading "Yahoo Bug Bounty Program Vulnerability #1 XSS on ads.yahoo.com"
Since November 2013 I reported seven Cross-site Scripting vulnerabilities to the Giftcard Bug Bounty Program. Sadly, only one of them wasn’t a duplicate :-/. Strange? Perhaps, but not impossible given the simplicity of the vulnerabilities.
But, what I really don’t understand: Why do they still work until today?
Continue reading "My experiences with the GiftCards.com Bug Bounty Program"
Advisory:
|
Serendipity 1.7.5 (Backend) – Multiple security vulnerabilities
|
Advisory ID:
|
SSCHADV2014-003
|
Author:
|
Stefan Schurtz
|
Affected Software:
|
Successfully tested on Serendipity 1.7.5
|
Vendor URL:
|
|
Vendor Status:
|
fixed
|
======================
Vulnerability Description
======================
The Serendipity 1.7.5 backend is prone to multiple security vulnerabilities
Continue reading "SSCHADV2014-003 - Serendipity 1.7.5 (Backend) - Multiple security vulnerabilities"
Advisory:
|
ssl.bing.com – Cross-site Scripting vulnerability
|
Advisory ID:
|
SSCHADV2013-012
|
Author:
|
Stefan Schurtz
|
Affected Software:
|
Successfully tested on ssl.bing.com
|
Vendor URL:
|
|
Vendor Status:
|
fixed
|
======================
Vulnerability Description
======================
The website ‘ssl.bing.com’ is prone to a Cross-site Scripting vulnerability
Continue reading "SSCHADV2013-012 - ssl.bing.com - Cross-site Scripting vulnerability"