View RSS Feed

Inxroot

  1. SQL Injection Vulnerability in ebay

    Title: SQL Injection Vulnerability in eBay.com sub domains
    Author: Yogesh D Jaygadkar
    Reported: December 27, 2012
    Fixed: Jan 15, 2013
    Public Released: Jan 25, 2013
    Thanks To: Darshit Ashara
    Greets : Rahul Bro, Aasim, Sandeep, Sagar

    Description:

    Last Month I reported SQL Injection vulnerabilities in eBay.com sub domains. You can see how many days they took for patching & allowing me to publish the vulnerability. But finally ...
    Categories
    Uncategorized
  2. Password Reset Vulnerability in etsy.com

    Hi Friends & All Big Bros

    Yesterday i received my first white hat bounty from etsy.com for finding password related vulnerability.

    In etsy.com, when users reset their password, they receives password reset link which is as below.


    h##ps://www.etsy.com/confirm.php?email=[User Email ID]&code=[Token code]&action=reset_password&utm_source=account&utm_medi um=trans_email&utm_campaign=forgot_password_1

    I ...