Saturday, October 10, 2015

XSS in Pinterest Developers (Bug Bounty)

I recently found an XSS in Pinterest developer website. It only took 2 days for Pinterest to fix it. At first glance, Pinterest told me that it is self-xss but I sent further info and realized it is a reflected xss and that it is eligible for a bounty.




Steps to reproduce: 

               1. Go to developers.pinterest.com
               2. then go to widget builder
               3. In the custom image enter the payload
               4. XSS pop-up




Image:




Reward:

$50


  

No comments:

Post a Comment