Title: SQL Injection Vulnerability in eBay.com sub domains
Author: Yogesh D Jaygadkar
Reported: December 27, 2012
Fixed: Jan 15, 2013
Public Released: Jan 25, 2013
Thanks To: Darshit Ashara
Greets : Rahul Bro, Aasim, Sandeep, Sagar
Description:
Last Month I reported SQL Injection vulnerabilities in eBay.com sub domains. You can see how many days they took for patching & allowing me to publish the vulnerability. But finally
Hi Friends & All Big Bros
Yesterday i received my first white hat bounty from etsy.com for finding password related vulnerability.
In etsy.com, when users reset their password, they receives password reset link which is as below.
h##ps://www.etsy.com/confirm.php?email=[User Email ID]&code=[Token code]&action=reset_password&utm_source=account&utm_medi um=trans_email&utm_campaign=forgot_password_1
I
Find latest posts
View Articles
View Blog Entries