|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: samuel alp (samuelalp95
gmail.com)
Date: Thu Jun 13 2013 - 04:14:56 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi People
Found a XSS on german Paypal website last week and reported it exactly 7
days ago.
Their response was one we very well know
Another researcher already discovered the bug.
So, someone else found the Vulnerability before me and reported it.
Fine, looks like I was too slow. I can live with that.
Now, i received an answer exactly 7 Days ago. That means they had more than
a week to fix this
https://www.paypal.de/Einkaufswelt/H%C3%A4ndlerverzeichnis/?c=" ||
alert('XSS') || "
All they'd have to do is escape quotation marks or remove them since
they're not used anyways.
The Approximate time that takes is ~15 Seconds.
I am amazed by how long it takes some huge companys to close holes in their
websites
______________________________________________________
Samuel Alp
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]