miércoles, 12 de febrero de 2014

Stored XSS on Risk.io [T-Shirt + Bugcrowd points, No fixed]

Hi all! This time I want to post my Stored XSS on Risk.io platform.
I joined their Bugcrowd bounty inside the Bugcrowd platform (bugcrowd.com). Then I reported the XSS and the Bugcrowd Team validated it, so I received 10 points and a T-Shirt.
But... they said me I would get my T-Shirt in the first week of 2014 and I got it yesterday. Why? Because the Risk.io team said that they would post the T-Shirts themselves.
I contacted with @jcran and Bugcrowd Support and they warned them. So, I got my T-Shirt, and I really like it.

The bug:
1. Create a new connector (mine was a Metasploit connector) and put your XSS payload in the "Username" field. Create your connector and click in the "Connectors" tab. Results?


Regards and thanks to @jcran because of his help!

No hay comentarios:

Publicar un comentario

Please, leave a comment! Thank you!