Thursday, 3 March 2016

Cross Site Scripting (XSS) in Apptentive

So here I am with another finding of mine.I found Stored XSS in Apptentive. It was pretty easy to bypass their blacklist.

Vulnerable parameters were the account name of an account and the company name.So I created an account with a pretty simple payload

/<svg/onload=prompt(1)>''

Now as I refreshed my dashboard Payload got executed.



Team Fixed it pretty fast but it took them 4 months to send my token of appreciation...

Got some swags and Letter of Appreciation






Muhammad Abdullah



Posted by at No comments:

Tuesday, 1 March 2016

XSS in Beatsbydre.com

In 2014 Apple Acquired Beats. Just after acquisition I thought of testing it. So I ended up finding multiple XSS in their main domain http://beatsbydre.com. 

 So what was next?? other than reporting the Bug

 Vulnerable Links were like below
http://www.beatsbydre.com/earphones/tour/red/900-00101-01.html?maxLimitError=--></
SCRIPT>">'><SCRIPT>prompt(String.fromCharCode(34, 120, 115, 115, 32, 98, 121, 32, 77, 117, 104, 97, 109, 109, 97, 100, 32, 32, 65, 98, 100, 117, 108, 108, 97, 104, 34))</SCRIPT>



http://www.beatsbydre.com/headphones/mixr/beats-mixr.html?bvrrp=9218-en_us/reviews/product/5/beats-mixr.htm&icid="><img src=1 onerror=prompt(document.domain);>//
 
Simple Vectors were used...
 
At First Apple refused to address the Vulnerability
 

 


But later on they accepted the report.
 
As per Apple's Policy Only HOF was offered as a reward..
 
 


Muhammad Abdullah
Posted by at No comments:

XSS in SteamCommunity

This is My Second Writeup ,An old finding of mine.
So,this was year 2013 ,I guess Dec was the month. I was new to Bug hunting at that time. A starter in this field. I was searching around to hunt a site. Then I said why don't I try Steam. Its a big company surely it would have bugs in their services and probably they would reward (At that time Valve had no Proper Security Program). So I tested their main domain and no luck.

Then I tried

http://steamcommunity.com

Luckily the search Bar was vulnerable to XSS and simple XSS vector

"><img src=x onerror=prompt(1)>"

got executed






POC...


So Reported it and After 2-3 days Devs Replied ,confirming the Vulnerability. And Devs be like


So,I dig deeper and found 4 more XSS bugs and reported them.Their Response was quick and appreciable.

So as a Reward got some Swags and a Complete Valve game Bundle.



Muhammad Abdullah

Posted by at No comments:
Subscribe to: Comments (Atom)