HackerOne
-
[Bugbounty Study] #Shopify _ Open Redirect to XSSStudy/Bugbounty Study 2020. 3. 30. 18:15
#Shopify XSS _ \$1750 https://medium.com/@ashketchum/how-i-earned-1750-at-shopify-bug-bounty-program-ca7821990d08 How I Earned $1750 at Shopify Bug Bounty Program Introduction medium.com Shopify의 your-store.myshopify.com를 살펴보다 설정의 로그인 서비스를 발견하였다. 위와 같이 Enable Google Apps for login에 체크하여, Staff이 구글을 통해 로그인을 시도하면 어떤 방식으로 권한을 주는지 살펴보았다. Log in with Google을 하면 볼 수 있는 "google_apps_uri" 파라미터에서 Open Re..
-
[Bugbounty Study] #Starbucks _ XSS & LFIStudy/Bugbounty Study 2020. 3. 22. 06:53
# Reflected Cross site Scripting (XSS) _ $375 https://hackerone.com/reports/438240 Starbucks disclosed on HackerOne: Reflected Cross site Scripting... **Summary:** Reflected Cross site Scripting (XSS) on https://www.starbucks.com/account/signin?ReturnUrl **Description:** The attacker can execute javascript on the victims account just after the authentication process. **Platform(s) Affected:** ww..