Verify Patch behavior?
-
- Posts:10
- Joined:Tue Apr 13, 2021 7:16 am
Please excuse the presumably stupid question.
But then why does the page owner have the "verify patch" button?
What does the button do?
This has already been asked by the author of the article.
I will pass the information to the Researcher that he can initiate the process.
But then why does the page owner have the "verify patch" button?
What does the button do?
This has already been asked by the author of the article.
I will pass the information to the Researcher that he can initiate the process.
Re: Verify Patch behavior?
Verified website owner also can run patch verification process via this buttonMrMoney84315336 wrote: ↑Tue Apr 20, 2021 6:19 amPlease excuse the presumably stupid question.
But then why does the page owner have the "verify patch" button?
What does the button do?
This has already been asked by the author of the article.
I will pass the information to the Researcher that he can initiate the process.
-
- Posts:3
- Joined:Tue Dec 22, 2020 4:32 pm
Re: Verify Patch behavior?
Hello administrator, how are you?
Could you mark the report as already corrected?
https://www.openbugbounty.org/reports/1986536/
I checked it here and it is already fixed, the problem is when I checked the platform, it returned as "not fixed" and the button to check if it has been fixed no longer appears.
Hugs!
Could you mark the report as already corrected?
https://www.openbugbounty.org/reports/1986536/
I checked it here and it is already fixed, the problem is when I checked the platform, it returned as "not fixed" and the button to check if it has been fixed no longer appears.
Hugs!
Last edited by gabrielbc2013 on Sun Apr 25, 2021 1:30 pm, edited 1 time in total.
Re: Verify Patch behavior?
Vulnerability still exist and not patchedgabrielbc2013 wrote: ↑Thu Apr 22, 2021 12:15 pmHello administrator, how are you?
Could you mark the report as already corrected?
https://www.openbugbounty.org/reports/1986536/
I checked it here and it is already fixed, the problem is when I checked the platform, it returned as "not fixed" and the button to check if it has been fixed no longer appears.
Hugs!
-
- Posts:10
- Joined:Tue Apr 13, 2021 7:16 am
Re: Verify Patch behavior?
Thank you for the quick reply.x1admin wrote: ↑Wed Apr 21, 2021 6:14 amVerified website owner also can run patch verification process via this buttonMrMoney84315336 wrote: ↑Tue Apr 20, 2021 6:19 amPlease excuse the presumably stupid question.
But then why does the page owner have the "verify patch" button?
What does the button do?
This has already been asked by the author of the article.
I will pass the information to the Researcher that he can initiate the process.
Please check this function.
Because even after several days, problems are not been set to fixed or in verification.
When I click the "verify patch" button as the owner.
The next problem we have.
For our main page "mr-money.de" we do not get any email notification that there are new Reports!
According to "mail.log and access.log" your mail server did not even try to deliver the mails to us.
I am aware that you are a free service.
Please make sure that the basic functions like "verify patch" and "mail notification" work.
-
- Posts:10
- Joined:Tue Apr 13, 2021 7:16 am
Re: Verify Patch behavior?
Another suggestion for improvement.
How about a history for patch verification?
That way the researcher and owner could see where it hangs.
E.g.: Researcher has not clicked the "verify patch" button, but the owner has clicked it every day.
Furthermore, you could also see in it that there were problems verifying the patch.
At the moment you don't see anything of the same at all.
You also don't get any feedback that there was a problem.
https://www.openbugbounty.org/reports/1989452/
Also not whether there is a verification process in the queue.
How about a history for patch verification?
That way the researcher and owner could see where it hangs.
E.g.: Researcher has not clicked the "verify patch" button, but the owner has clicked it every day.
Furthermore, you could also see in it that there were problems verifying the patch.
At the moment you don't see anything of the same at all.
You also don't get any feedback that there was a problem.
https://www.openbugbounty.org/reports/1989452/
Also not whether there is a verification process in the queue.
Re: Verify Patch behavior?
Same Issue.
Report: OBB-1994565
- identified as website owner
- issue fixed
- patch button appears but it doesn't do anything
¿Maybe it's related to the cloudflare protection?
Regards.
Report: OBB-1994565
- identified as website owner
- issue fixed
- patch button appears but it doesn't do anything
¿Maybe it's related to the cloudflare protection?
Regards.
-
- Posts:10
- Joined:Tue Apr 13, 2021 7:16 am
Re: Verify Patch behavior?
The "Verify Patch" button still does not work, reports from 2021 are still marked as unpatched.MrMoney84315336 wrote: ↑Fri Apr 23, 2021 6:45 amThank you for the quick reply.x1admin wrote: ↑Wed Apr 21, 2021 6:14 amVerified website owner also can run patch verification process via this buttonMrMoney84315336 wrote: ↑Tue Apr 20, 2021 6:19 amPlease excuse the presumably stupid question.
But then why does the page owner have the "verify patch" button?
What does the button do?
This has already been asked by the author of the article.
I will pass the information to the Researcher that he can initiate the process.
Please check this function.
Because even after several days, problems are not been set to fixed or in verification.
When I click the "verify patch" button as the owner.
The next problem we have.
For our main page "mr-money.de" we do not get any email notification that there are new Reports!
According to "mail.log and access.log" your mail server did not even try to deliver the mails to us.
I am aware that you are a free service.
Please make sure that the basic functions like "verify patch" and "mail notification" work.
Regardless, the Researcher has also reported that these have been fixed.
for example: https://www.openbugbounty.org/reports/2 ... 0b95b1e10/
Additionally, one of the developers broke the claiming of web pages.
It is no longer possible to verify hyphenated pages because the regex now fails.
https://www.openbugbounty.org/claim-a-website/
on line 585 function check_host
Instead of ^http([s])*:\/\/([a-z0-9_\.-\/])+$ it should be ^http([s])*:\/\/([a-z0-9_\.\/-])+$
Those who have a hyphenated website must run this function in the F12 DevTools console.
This will fix the check_host function and you can submit the URL.
Code: Select all
function check_host(el){
var pattern = /^http([s])*:\/\/([a-z0-9_\.\/-])+$/i;
if($(el).val() != '') {
if(pattern.test($(el).val())){
$(el).css({'border' : '1px solid #c7c7c7'});
$('#verifyb').prop('disabled',false);
$('#verifyb').css('opacity','1');
}
else {
$(el).css({'border' : '1px solid #ff0000'});
$('#verifyb').prop('disabled',true);
$('#verifyb').css('opacity','0.2');
}
}
};
Who is online
Users browsing this forum: No registered users and 2 guests