livejournal.com XSS vulnerability -Open Bug Bounty Community Forum

livejournal.com XSS vulnerability

6 posts •Page 1 of 1

rSecur: Posts:13; Joined:Wed Sep 21, 2016 6:36 am

livejournal.com XSS vulnerability

Quote

Post by rSecur » Wed Sep 21, 2016 6:38 am

livejournal.com XSS vulnerability

rSecur: Posts:13; Joined:Wed Sep 21, 2016 6:36 am

livejournal.com XSS vulnerability

Quote

Post by rSecur » Wed Sep 21, 2016 6:38 am

Vulnerable URL - http://www.livejournal.com/gsearch/?jou ... ('XSSPOSED ')</script> not work in all tested browsers (IE/FF/Chrome/Opera), it's quoted and filtered, why it have Patched:No status?

tbmnull: Posts:183; Joined:Wed Dec 02, 2015 7:38 am

Re: livejournal.com XSS vulnerability

Quote

Post by tbmnull » Wed Sep 21, 2016 9:50 am

why are you so interested with livejournal.com ?

rSecur: Posts:13; Joined:Wed Sep 21, 2016 6:36 am

Re: livejournal.com XSS vulnerability

Quote

Post by rSecur » Thu Sep 22, 2016 8:47 am

I'm security officer of this resource.

tbmnull: Posts:183; Joined:Wed Dec 02, 2015 7:38 am

Re: livejournal.com XSS vulnerability

Quote

Post by tbmnull » Fri Sep 23, 2016 4:44 am

I've requested for patch.

You have an Alexa rank 237 ! and you should think of rewarding researchers for a token of appreciation.

tbmnull: Posts:183; Joined:Wed Dec 02, 2015 7:38 am

Re: livejournal.com XSS vulnerability

Quote

Post by tbmnull » Fri Sep 23, 2016 9:05 am

now patched!
https://www.openbugbounty.org/incidents/96276/

you can focus on this one:
https://www.openbugbounty.org/incidents/170103/

6 posts •Page 1 of 1

Return to “Submissions Discussion”

Who is online

Users browsing this forum: No registered users and 2 guests