I was
looking for some sources, but unfortunately I wasn’t able to find any. Next
thing was checking where I have Java installed (so I will know what/where I can
check. Kind of ‘test lab’ was: Ubuntu 12, Kali Linux, WinXP, Win7. (Exact version
of Java installed on that OS’s you will find below.)
Showing posts with label bugbounty. Show all posts
Showing posts with label bugbounty. Show all posts
Friday, 2 October 2015
My Java SIGSEGV's
During
couple of last days I was checking lcamtuf’s American Fuzzy Lop against
some (“non-instrumented”) binaries.
Tuesday, 19 November 2013
[EN] Microsoft's bug bounty - updated
Yesterday was a day full of surprises.
Another nice email, this time from MS ;)
* Update @ 05.12.2013 *
http://technet.microsoft.com/en-us/security/cc308589.aspx
Thanks! ;)
Remember about responsible disclosure!
Cheers,
o/
Another nice email, this time from MS ;)
* Update @ 05.12.2013 *
http://technet.microsoft.com/en-us/security/cc308589.aspx
Thanks! ;)
Remember about responsible disclosure!
Cheers,
o/
[EN] LinkedIn Bug Bounty
It was a real pleasure to work with LinkedIn Security Team!
Thanks guys. ;)
 |
| LinkedIn bugbounty |
Thanks guys. ;)
Monday, 30 September 2013
[EN] XSS at Microsoft page
Hi,
durning bugbounty tests I decide to try at Microsoft's page.
After a while, I found one bug.
Of course there was a nice contact about the whole case, but
after asking about any response - no contact to this day. :)
So... public ;)
Similar story to one, described few minutes ago about linkedin.com.
* Update @ 11/10.2013 *
Finally I've got an answer about this case, and it should be presented at their page.
In case of any news I will publish here the details.
Enjoy and remember to do only legal things ;)
Cheers
o/
durning bugbounty tests I decide to try at Microsoft's page.
After a while, I found one bug.
Of course there was a nice contact about the whole case, but
after asking about any response - no contact to this day. :)
So... public ;)
Similar story to one, described few minutes ago about linkedin.com.
* Update @ 11/10.2013 *
Finally I've got an answer about this case, and it should be presented at their page.
In case of any news I will publish here the details.
Enjoy and remember to do only legal things ;)
Cheers
o/
[EN] Another XSS at LinkedIn.com
Hi,
durning few tests in few different bugbounty programs,
at 19.09 this year I found another persistent XSS in our nice job portal
www.linkedin.com
Durning mails with IT support I think it is patched now, but
if you wanna try - here you have a short list of steps to reproduce:
1. Log-in to your account
2. Go to contact lists, to 'imported contacts'
3. Edit one contact
4. In a new windows, in edited person, surename is vulnerable
to persistent XSS.
Below screen from sample 'attack':
* Update @ 01.10.2013 *
'Seems to patchet at production.' ;)
* Update @ 04.10.2013 *
LinkedIn Team once again surprised me about their answer. :)
This is realy good Team!
Good job guys!
Enjoy and remember, do only legal things ;)
Cheers
o/
durning few tests in few different bugbounty programs,
at 19.09 this year I found another persistent XSS in our nice job portal
www.linkedin.com
Durning mails with IT support I think it is patched now, but
if you wanna try - here you have a short list of steps to reproduce:
1. Log-in to your account
2. Go to contact lists, to 'imported contacts'
3. Edit one contact
4. In a new windows, in edited person, surename is vulnerable
to persistent XSS.
Below screen from sample 'attack':
* Update @ 01.10.2013 *
'Seems to patchet at production.' ;)
* Update @ 04.10.2013 *
LinkedIn Team once again surprised me about their answer. :)
This is realy good Team!
Good job guys!
Enjoy and remember, do only legal things ;)
Cheers
o/
Subscribe to:
Posts (Atom)