Warning: opendir(/var/www/html/web1/serendipity/plugins/serendipity_event_dpsyntaxhighlighter/sh/3.0.83.2/scripts/): failed to open dir: No such file or directory in /var/www/html/web1/serendipity/plugins/serendipity_event_dpsyntaxhighlighter/serendipity_event_dpsyntaxhighlighter.php on line 26

Warning: Invalid argument supplied for foreach() in /var/www/html/web1/serendipity/plugins/serendipity_event_dpsyntaxhighlighter/serendipity_event_dpsyntaxhighlighter.php on line 170
Skip to content

SSCHADV2013-012 - ssl.bing.com - Cross-site Scripting vulnerability

Advisory:
ssl.bing.com – Cross-site Scripting vulnerability
Advisory ID:
SSCHADV2013-012
Author:
Stefan Schurtz
Affected Software:
Successfully tested on ssl.bing.com
Vendor URL:
Vendor Status:
fixed
 
======================
Vulnerability Description
======================
 
The website ‘ssl.bing.com’ is prone to a Cross-site Scripting vulnerability
 

Continue reading "SSCHADV2013-012 - ssl.bing.com - Cross-site Scripting vulnerability"

MARKPLAATS.nl Bug Bounty Program #Bounty received

Today I received my bounty for a vulnerability, which I reported for the MARKPLAATS.nl Bug Bounty Program.
 
And here it is … my ‘ebay classifieds whitehat’ :-)
 
 
 
 
 
Really nice, isnt’t it :-) ?
 
In my opinion the MARKPLAATS.nl bug bounty program is one of the good ones, fast feedback and a nice contact, too. 
 
By the way, the vulnerability is not fixed yet, so I will publish the advisory to a later time.
 

Yahoo Bug Bounty Program Vulnerability #2 Open Redirect

In Dec ’13 I reported a Open Redirect (and two other vulnerabilities, first in Nov ’13) to the Yahoo Bug Bounty Program. Sadly, I’ve got no response or feedback for any of this issues,  so I wrote a new message to them (this time via email).
 
Last week they told me that Open redirects are no longer in scope of the bug bounty programm :-/
 
So here is my advisory for this issue:
 
 
Continue reading "Yahoo Bug Bounty Program Vulnerability #2 Open Redirect"

SSCHADV2014-001 - Wordpress Plugin WP-Members Version 2.8.9 - Stored and reflected Cross-site Scripting vulnerabilities

Advisory:
Wordpress Plugin WP-Members 2.8.9 – Multiple Cross-site Scripting vulnerabilities
Advisory ID:
SSCHADV2014-001
Author:
Stefan Schurtz
Affected Software:
Successfully tested on WP-Members Version 2.8.9
Vendor URL:
Vendor Status:
fixed
 
======================
Vulnerability Description
======================
 
The Wordpress plugin "WP-Members 2.8.9" is prone to reflected and stored XSS vulnerabilities
 
Continue reading "SSCHADV2014-001 - Wordpress Plugin WP-Members Version 2.8.9 - Stored and reflected Cross-site Scripting vulnerabilities"
Imprint | Contact | Privacy Statement

Warning: opendir(/var/www/html/web1/serendipity/plugins/serendipity_event_dpsyntaxhighlighter/sh/3.0.83.2/scripts/): failed to open dir: No such file or directory in /var/www/html/web1/serendipity/plugins/serendipity_event_dpsyntaxhighlighter/serendipity_event_dpsyntaxhighlighter.php on line 26

Warning: Invalid argument supplied for foreach() in /var/www/html/web1/serendipity/plugins/serendipity_event_dpsyntaxhighlighter/serendipity_event_dpsyntaxhighlighter.php on line 170