Submissions Requiring Manual Approval
-
- Posts:296
- Joined:Mon Nov 23, 2015 6:43 pm
- Contact:
Hey,
I just submitted XSS vulnerabilities for the following domains, it seems they need manual approval so it would be great if you could -
bit.do
acer.su
toptenreviews.com
siemens.sk
blackanddecker.com
epson-europe.com
lexmark.com (x2)
adobe.com
wmo.int
Thanks in advance!
I just submitted XSS vulnerabilities for the following domains, it seems they need manual approval so it would be great if you could -
bit.do
acer.su
toptenreviews.com
siemens.sk
blackanddecker.com
epson-europe.com
lexmark.com (x2)
adobe.com
wmo.int
Thanks in advance!
Re: Submissions Requiring Manual Approval
only js redirects to data can be approved as xss
-
- Posts:296
- Joined:Mon Nov 23, 2015 6:43 pm
- Contact:
Re: Submissions Requiring Manual Approval
Oh I see, I don't think I get the concept about them yet, sorryx1admin wrote:only js redirects to data can be approved as xss
How do you verify if it's a js one? Would appreciate any guidance here so I can only submit the correct ones in the future
Re: Submissions Requiring Manual Approval
now we dont accept redirect to data as xss because this xss dont work in all browsers
Re: Submissions Requiring Manual Approval
This logic is ridiculous. 90% of xss aren't working in chrome.x1admin wrote:now we dont accept redirect to data as xss because this xss dont work in all browsers
Re: Submissions Requiring Manual Approval
Agreed, I think the logic to disallow redirects to base64 encoded payloads is purely the wrong choice; you dont see bug bounty programs counting it out of scope?ret2libc wrote:This logic is ridiculous. 90% of xss aren't working in chrome.x1admin wrote:now we dont accept redirect to data as xss because this xss dont work in all browsers
If it can be used maliciously it should be classed as a vulnerability; surely?
Firefox is still one of the top 3 browsers worldwide so why disallow a vuln that utilizes its features?
Re: Submissions Requiring Manual Approval
we accept this vulnerabilities as open redirect
Re: Submissions Requiring Manual Approval
well this makes some more sense since the javascript isnt executing in the context of the vuln domain... but still, owasp.org would disagree with you on thisx1admin wrote:we accept this vulnerabilities as open redirect
Re: Submissions Requiring Manual Approval
you can still have something being vuln to open redirect while disallowing redirection to a data: uri with inputs
Who is online
Users browsing this forum: No registered users and 2 guests