Page 2 of 2
Re: Verify Patch behavior?
Posted: Tue Apr 20, 2021 6:19 am
by MrMoney84315336
Please excuse the presumably stupid question.
But then why does the page owner have the "verify patch" button?
What does the button do?
This has already been asked by the author of the article.
I will pass the information to the Researcher that he can initiate the process.
Re: Verify Patch behavior?
Posted: Wed Apr 21, 2021 6:14 am
by x1admin
MrMoney84315336 wrote: ↑Tue Apr 20, 2021 6:19 am
Please excuse the presumably stupid question.
But then why does the page owner have the "verify patch" button?
What does the button do?
This has already been asked by the author of the article.
I will pass the information to the Researcher that he can initiate the process.
Verified website owner also can run patch verification process via this button
Re: Verify Patch behavior?
Posted: Thu Apr 22, 2021 12:15 pm
by gabrielbc2013
Hello administrator, how are you?
Could you mark the report as already corrected?
https://www.openbugbounty.org/reports/1986536/
I checked it here and it is already fixed, the problem is when I checked the platform, it returned as "not fixed" and the button to check if it has been fixed no longer appears.
Hugs!
Re: Verify Patch behavior?
Posted: Fri Apr 23, 2021 6:20 am
by x1admin
gabrielbc2013 wrote: ↑Thu Apr 22, 2021 12:15 pm
Hello administrator, how are you?
Could you mark the report as already corrected?
https://www.openbugbounty.org/reports/1986536/
I checked it here and it is already fixed, the problem is when I checked the platform, it returned as "not fixed" and the button to check if it has been fixed no longer appears.
Hugs!
Vulnerability still exist and not patched
Re: Verify Patch behavior?
Posted: Fri Apr 23, 2021 6:45 am
by MrMoney84315336
x1admin wrote: ↑Wed Apr 21, 2021 6:14 am
MrMoney84315336 wrote: ↑Tue Apr 20, 2021 6:19 am
Please excuse the presumably stupid question.
But then why does the page owner have the "verify patch" button?
What does the button do?
This has already been asked by the author of the article.
I will pass the information to the Researcher that he can initiate the process.
Verified website owner also can run patch verification process via this button
Thank you for the quick reply.
Please check this function.
Because even after several days, problems are not been set to fixed or in verification.
When I click the "verify patch" button as the owner.
The next problem we have.
For our main page "mr-money.de" we do not get any email notification that there are new Reports!
According to "mail.log and access.log" your mail server did not even try to deliver the mails to us.
I am aware that you are a free service.
Please make sure that the basic functions like "verify patch" and "mail notification" work.
Re: Verify Patch behavior?
Posted: Fri Apr 23, 2021 6:55 am
by MrMoney84315336
Another suggestion for improvement.
How about a history for patch verification?
That way the researcher and owner could see where it hangs.
E.g.: Researcher has not clicked the "verify patch" button, but the owner has clicked it every day.
Furthermore, you could also see in it that there were problems verifying the patch.
At the moment you don't see anything of the same at all.
You also don't get any feedback that there was a problem.
https://www.openbugbounty.org/reports/1989452/
Also not whether there is a verification process in the queue.
Re: Verify Patch behavior?
Posted: Wed Oct 27, 2021 2:56 pm
by robnavrey
Same Issue.
Report: OBB-1994565
- identified as website owner
- issue fixed
- patch button appears but it doesn't do anything
¿Maybe it's related to the cloudflare protection?
Regards.
Re: Verify Patch behavior?
Posted: Wed Jul 27, 2022 6:23 am
by MrMoney84315336
MrMoney84315336 wrote: ↑Fri Apr 23, 2021 6:45 am
x1admin wrote: ↑Wed Apr 21, 2021 6:14 am
MrMoney84315336 wrote: ↑Tue Apr 20, 2021 6:19 am
Please excuse the presumably stupid question.
But then why does the page owner have the "verify patch" button?
What does the button do?
This has already been asked by the author of the article.
I will pass the information to the Researcher that he can initiate the process.
Verified website owner also can run patch verification process via this button
Thank you for the quick reply.
Please check this function.
Because even after several days, problems are not been set to fixed or in verification.
When I click the "verify patch" button as the owner.
The next problem we have.
For our main page "mr-money.de" we do not get any email notification that there are new Reports!
According to "mail.log and access.log" your mail server did not even try to deliver the mails to us.
I am aware that you are a free service.
Please make sure that the basic functions like "verify patch" and "mail notification" work.
The "Verify Patch" button still does not work, reports from 2021 are still marked as unpatched.
Regardless, the Researcher has also reported that these have been fixed.
for example:
https://www.openbugbounty.org/reports/2 ... 0b95b1e10/
Additionally, one of the developers broke the claiming of web pages.
It is no longer possible to verify hyphenated pages because the regex now fails.
https://www.openbugbounty.org/claim-a-website/
on line 585 function check_host
Instead of ^http([s])*:\/\/([a-z0-9_\.-\/])+$ it should be ^http([s])*:\/\/([a-z0-9_\.\/-])+$
Those who have a hyphenated website must run this function in the F12 DevTools console.
This will fix the check_host function and you can submit the URL.
Code: Select all
function check_host(el){
var pattern = /^http([s])*:\/\/([a-z0-9_\.\/-])+$/i;
if($(el).val() != '') {
if(pattern.test($(el).val())){
$(el).css({'border' : '1px solid #c7c7c7'});
$('#verifyb').prop('disabled',false);
$('#verifyb').css('opacity','1');
}
else {
$(el).css({'border' : '1px solid #ff0000'});
$('#verifyb').prop('disabled',true);
$('#verifyb').css('opacity','0.2');
}
}
};