Saturday, October 10, 2015

Subdomain takeover in staging.wepay.com (Bug Bounty)

I found an "abandoned" subdomain of WePay that can be taken over, thus vulnerable to Subdomain takeover. I reported it to Wepay and fixed it after 2 hours (which is pretty fast). The vulnerable site was staging.wepay.com. If youre gonna visit that site, you will encounter an error saying "Unknown domain:staging.wepay.com" indicating that nobody owns that domain and anyone can take and register it to a hosting site. The CNAME/is pointing to Fastly.




Image:


Reward:

$100

XSS in Pinterest Developers (Bug Bounty)

I recently found an XSS in Pinterest developer website. It only took 2 days for Pinterest to fix it. At first glance, Pinterest told me that it is self-xss but I sent further info and realized it is a reflected xss and that it is eligible for a bounty.




Steps to reproduce: 

               1. Go to developers.pinterest.com
               2. then go to widget builder
               3. In the custom image enter the payload
               4. XSS pop-up




Image:




Reward:

$50


  

XSS in Heroku (Bug Bounty)

I found a Cross site scripting in dashboard.heroku.com. Heroku has their bug bounty program hosted in Bugcrowd. This is my first bug in bugcrowd. The bug was fixed after 2 weeks and rewarded me with a $200 bounty.


Steps to reproduce:

         1. Go to dashboard.heroku.com
         2. Go to "Deploy tab"
         3. Click "New Pipeline"
         4. Enter XSS payload
         5. Click "Create Pipeline" and XSS pop-up


Image:









Reward:

$200