Verify Patch behavior?

Questions or suggestions about the platform
MrMoney84315336
Posts:10
Joined:Tue Apr 13, 2021 7:16 am
Re: Verify Patch behavior?

Post by MrMoney84315336 » Tue Apr 20, 2021 6:19 am

Please excuse the presumably stupid question.
But then why does the page owner have the "verify patch" button?
What does the button do?
This has already been asked by the author of the article.

I will pass the information to the Researcher that he can initiate the process.

User avatar
x1admin
Site Admin
Posts:3101
Joined:Sun Nov 15, 2015 7:04 pm

Re: Verify Patch behavior?

Post by x1admin » Wed Apr 21, 2021 6:14 am

MrMoney84315336 wrote:
Tue Apr 20, 2021 6:19 am
Please excuse the presumably stupid question.
But then why does the page owner have the "verify patch" button?
What does the button do?
This has already been asked by the author of the article.

I will pass the information to the Researcher that he can initiate the process.
Verified website owner also can run patch verification process via this button

gabrielbc2013
Posts:3
Joined:Tue Dec 22, 2020 4:32 pm

Re: Verify Patch behavior?

Post by gabrielbc2013 » Thu Apr 22, 2021 12:15 pm

Hello administrator, how are you?

Could you mark the report as already corrected?

https://www.openbugbounty.org/reports/1986536/

I checked it here and it is already fixed, the problem is when I checked the platform, it returned as "not fixed" and the button to check if it has been fixed no longer appears.

Hugs!
Last edited by gabrielbc2013 on Sun Apr 25, 2021 1:30 pm, edited 1 time in total.

User avatar
x1admin
Site Admin
Posts:3101
Joined:Sun Nov 15, 2015 7:04 pm

Re: Verify Patch behavior?

Post by x1admin » Fri Apr 23, 2021 6:20 am

gabrielbc2013 wrote:
Thu Apr 22, 2021 12:15 pm
Hello administrator, how are you?

Could you mark the report as already corrected?

https://www.openbugbounty.org/reports/1986536/

I checked it here and it is already fixed, the problem is when I checked the platform, it returned as "not fixed" and the button to check if it has been fixed no longer appears.

Hugs!
Vulnerability still exist and not patched

MrMoney84315336
Posts:10
Joined:Tue Apr 13, 2021 7:16 am

Re: Verify Patch behavior?

Post by MrMoney84315336 » Fri Apr 23, 2021 6:45 am

x1admin wrote:
Wed Apr 21, 2021 6:14 am
MrMoney84315336 wrote:
Tue Apr 20, 2021 6:19 am
Please excuse the presumably stupid question.
But then why does the page owner have the "verify patch" button?
What does the button do?
This has already been asked by the author of the article.

I will pass the information to the Researcher that he can initiate the process.
Verified website owner also can run patch verification process via this button
Thank you for the quick reply.

Please check this function.
Because even after several days, problems are not been set to fixed or in verification.
When I click the "verify patch" button as the owner.

The next problem we have.
For our main page "mr-money.de" we do not get any email notification that there are new Reports!
According to "mail.log and access.log" your mail server did not even try to deliver the mails to us.

I am aware that you are a free service.
Please make sure that the basic functions like "verify patch" and "mail notification" work.

MrMoney84315336
Posts:10
Joined:Tue Apr 13, 2021 7:16 am

Re: Verify Patch behavior?

Post by MrMoney84315336 » Fri Apr 23, 2021 6:55 am

Another suggestion for improvement.

How about a history for patch verification?
That way the researcher and owner could see where it hangs.
E.g.: Researcher has not clicked the "verify patch" button, but the owner has clicked it every day.
Furthermore, you could also see in it that there were problems verifying the patch.
At the moment you don't see anything of the same at all.
You also don't get any feedback that there was a problem.

https://www.openbugbounty.org/reports/1989452/

Also not whether there is a verification process in the queue.

robnavrey
Posts:4
Joined:Thu Sep 05, 2019 7:01 am
Contact:

Re: Verify Patch behavior?

Post by robnavrey » Wed Oct 27, 2021 2:56 pm

Same Issue.

Report: OBB-1994565

- identified as website owner
- issue fixed
- patch button appears but it doesn't do anything

¿Maybe it's related to the cloudflare protection?

Regards.

MrMoney84315336
Posts:10
Joined:Tue Apr 13, 2021 7:16 am

Re: Verify Patch behavior?

Post by MrMoney84315336 » Wed Jul 27, 2022 6:23 am

MrMoney84315336 wrote:
Fri Apr 23, 2021 6:45 am
x1admin wrote:
Wed Apr 21, 2021 6:14 am
MrMoney84315336 wrote:
Tue Apr 20, 2021 6:19 am
Please excuse the presumably stupid question.
But then why does the page owner have the "verify patch" button?
What does the button do?
This has already been asked by the author of the article.

I will pass the information to the Researcher that he can initiate the process.
Verified website owner also can run patch verification process via this button
Thank you for the quick reply.

Please check this function.
Because even after several days, problems are not been set to fixed or in verification.
When I click the "verify patch" button as the owner.

The next problem we have.
For our main page "mr-money.de" we do not get any email notification that there are new Reports!
According to "mail.log and access.log" your mail server did not even try to deliver the mails to us.

I am aware that you are a free service.
Please make sure that the basic functions like "verify patch" and "mail notification" work.
The "Verify Patch" button still does not work, reports from 2021 are still marked as unpatched.
Regardless, the Researcher has also reported that these have been fixed.

for example: https://www.openbugbounty.org/reports/2 ... 0b95b1e10/

Additionally, one of the developers broke the claiming of web pages.
It is no longer possible to verify hyphenated pages because the regex now fails.

https://www.openbugbounty.org/claim-a-website/
on line 585 function check_host
Instead of ^http([s])*:\/\/([a-z0-9_\.-\/])+$ it should be ^http([s])*:\/\/([a-z0-9_\.\/-])+$

Those who have a hyphenated website must run this function in the F12 DevTools console.
This will fix the check_host function and you can submit the URL.

Code: Select all

function check_host(el){
var pattern = /^http([s])*:\/\/([a-z0-9_\.\/-])+$/i;
if($(el).val() != '') {
if(pattern.test($(el).val())){
$(el).css({'border' : '1px solid #c7c7c7'});
$('#verifyb').prop('disabled',false);
$('#verifyb').css('opacity','1');
}
else {
$(el).css({'border' : '1px solid #ff0000'});
$('#verifyb').prop('disabled',true);
$('#verifyb').css('opacity','0.2');
}
}
};

Post Reply

Who is online

Users browsing this forum: No registered users and 2 guests