bugbounty
-
[Bugbounty Study] #Facebook _ CSRFStudy/Bugbounty Study 2020. 4. 13. 23:48
# Facebook CSRF (Instagram Partial Account Takeover) _ $12,500 https://ysamm.com/?p=379 Facebook CSRF bug which lead to Instagram Partial account takeover. – Bug bounty write-ups Description This bug could allow an attacker to link victim’s Instagram account to his Facebook page and then have full control of The Instagram account by just making the victim visit a malicious website and without th..
-
[Bugbounty Study] #Google _ XSSStudy/Bugbounty Study 2020. 3. 30. 23:55
# Google Translator XSS _ \$3133.70 https://medium.com/monetary/how-did-i-earn-3133-70-from-google-translator-9becf942dbdc How did I earn $3133.70 from Google Translator? A bug may seem simple but not at all simple when you need to be … Vietnamese. medium.com 베트남어를 영어로 번영하는 과정에서 우연히 태그가 들어갔고, 아래와 같이 태그가 적용되어 출력되는 것을 확인할 수 있었다. 개발자 도구(F12)를 이용하여 HTML 태그가 실행되고 있는 것을 확인하였다. Google은 encode HTML 태그를 ..
-
[Bugbounty Study] #Shopify _ Open Redirect to XSSStudy/Bugbounty Study 2020. 3. 30. 18:15
#Shopify XSS _ \$1750 https://medium.com/@ashketchum/how-i-earned-1750-at-shopify-bug-bounty-program-ca7821990d08 How I Earned $1750 at Shopify Bug Bounty Program Introduction medium.com Shopify의 your-store.myshopify.com를 살펴보다 설정의 로그인 서비스를 발견하였다. 위와 같이 Enable Google Apps for login에 체크하여, Staff이 구글을 통해 로그인을 시도하면 어떤 방식으로 권한을 주는지 살펴보았다. Log in with Google을 하면 볼 수 있는 "google_apps_uri" 파라미터에서 Open Re..
-
[Bugbounty Study] #Mail.Ru _ Account TakeoverStudy/Bugbounty Study 2020. 3. 23. 20:22
# Mail.Ru Ext.B Scope (geekbrains.ru) Account Takeover _ \$1500 https://medium.com/@godofdarkness.msf/mail-ru-ext-b-scope-account-takeover-1500-abdb1560e5f9 Mail.Ru Ext.B Scope Account Takeover [ $1500 ] Hi i want to share how i found account takeover bug in geekbrains.ru . medium.com 해당 사이트는 많은 애플리케이션들과 OAuth* 인증을 공유하고 있다. OAuth 로그인을 위한 이메일 주소를 확인한다. (gmail로 로그인한 후 다시 twitter로 로그인해도 같은 계정이다.) [..
-
[Bugbounty Study] #Starbucks _ XSS & LFIStudy/Bugbounty Study 2020. 3. 22. 06:53
# Reflected Cross site Scripting (XSS) _ $375 https://hackerone.com/reports/438240 Starbucks disclosed on HackerOne: Reflected Cross site Scripting... **Summary:** Reflected Cross site Scripting (XSS) on https://www.starbucks.com/account/signin?ReturnUrl **Description:** The attacker can execute javascript on the victims account just after the authentication process. **Platform(s) Affected:** ww..