Hi ,
I'm working as a Information Security Consultant for a startup company.
we do services like Web Application Penetration Testing, Wi-Fi Penetration Testing and we are also indulged in UTM - Unified Theft Management product .
As we do WAPT for many companies worldwide we come across different servers,databases,frameworks etc..,..
And i do participate in bug bounty programs and i'm here to share my findings with you people.
I do find cross-site-scripting, sql injection, cross-site-request-forgery, directory listings, remote code executions.
In the billing page after adding all the card details i injected the payloads in the billing address fields and here goes the result i got 5 cross-site-scripting vulnerabilities.
Here goes all the screenshots and for this i have made a POC video and i attached it as well PFA below.
They closed this bug saying its DUPLICATE
.png)
I Thought this bug will get duplicated but they replied after 2 months saying that the bug is valid but the scope is reduced and awarded me with 5 Kudo Points.
This site is for applying jobs online.
I found these bugs in creation process of a new resume.
But to my surprise all these were DUPLICATED.
I'm working as a Information Security Consultant for a startup company.
we do services like Web Application Penetration Testing, Wi-Fi Penetration Testing and we are also indulged in UTM - Unified Theft Management product .
As we do WAPT for many companies worldwide we come across different servers,databases,frameworks etc..,..
And i do participate in bug bounty programs and i'm here to share my findings with you people.
I do find cross-site-scripting, sql injection, cross-site-request-forgery, directory listings, remote code executions.
Cross-Site-Scripting in www.ellislab.com
In the billing page after adding all the card details i injected the payloads in the billing address fields and here goes the result i got 5 cross-site-scripting vulnerabilities.
Here goes all the screenshots and for this i have made a POC video and i attached it as well PFA below.
Cross-Site-Scripting in www.stopthehacker.com/support
Cross-Site-Scripting in www.thesaurus.com
Cross-Site-Scripting in yahoo.software.informer.com
Sql Injection in whmcs.com
I Thought this bug will get duplicated but they replied after 2 months saying that the bug is valid but the scope is reduced and awarded me with 5 Kudo Points.
Cross-Site-Scripting in www.indeed.com
This site is for applying jobs online.
I found these bugs in creation process of a new resume.
But to my surprise all these were DUPLICATED.
Cross-Site-Scripting in www.domacom.com.au
No comments:
Post a Comment