Friday, November 13, 2015

Stored XSS in Parse (Bug Bounty)

I found a Stored Cross Site Scripting vulnerability in Parse, a Facebook Acquisition. The Stored XSS was located in the App dashboard. I have reported it to Facebook and have rewarded me with a $1000 bounty and I was also listed in their "Whitehat List" for the year 2015. The issue was fixed by the Facebook security team. Here is the video for more details. 
WhiteHat list: https://www.facebook.com/whitehat/thanks


Video:
 

  

Reward:

$1000
 

No comments:

Post a Comment