Saturday, August 22, 2015

XSS in Magento (Bug Bounty)

I got a XSS Vulnerability in Magento Commerce (www.magentocommerce.com/magento-connect/). They have a bug bounty program. I have reported it to their security team via email. However they didnt replied to me even a single reply. But, after 2 months.. They have replied and gave me a bounty of $60 :)
http://magento.com/security

Video POC:




 This is the Video POC.
    
POC Image:







Reward:

 



Timeline:

June 4 ----------- Reported

August 4 -------- Fixed

August 25 ------ Replied and gave  $60 bounty


2 comments:

  1. Great blog. All posts have something to learn. Your work is very good and i appreciate you and hoping for some more informative posts.keep writing
    magento development company in bangalore 

    ReplyDelete