Saturday, June 25, 2016

Bug hunting story - - XSS

I wrote quite a lot about in my previous post, so won't elaborate on this again. Just dropping here Proof of Concept videos + bonus.
Those were pretty awful XSS. Most of them did get executed if you just visited my profile or had my news in your feed(Samy worm anyone?)

Bonus? = regression :(
If you go to
and click on 'scoop it' as a logged user, you'll get kicked with my old stored XSS(also mentioned in previous article).

Some vulns were trivial like: .
and some required some shenanigans. Eitherway, it's a shame to release a feature vulnerable to simplest of XSS payloads.

Oh boy, that was a lot of back and forths of:
- "we fixed it, thanks"
- "no you haven't, here is a bypass for your fix"
- "oh thanks, we fixed it again"
- "not yet, here is a bypass for your second fix"... 

Their PR Team sent me a hoodie - still using it, it's the most comfortable hoodie I ever had. This was a warm gift:

No comments:

Post a Comment