Hi!
This is the first POC of mine for this blog.I will be sharing the Cross Site Scripting Aka XSS vulnerability which I found in HACKPAD (By DropBox).
So,XSS in Hackpad
It was Feb 2,2015.I saw DropBox Program
on Hackerone.com,and tried to hunt dropbox for bugs.But I wasn't
lucky.So I thought why not go for acquisitions.I searched Google for
Dropbox acquisition and HackPad was the most recent one.
So,What was next.I created an account
and started testing it.I think it was my lucky day.I put a simple vector
in search bar (<ScRiPt>prompt(document.domain)</ScRipt>)
and it got executed.I was surprised on it.Search bar !!! and its
vulnerable.
So I reported DropBox and bug was accepted and after 40 days it was fixed..
No bounty for that as it was not included in Bounty program but in reward I got
HALL OF FAME:
TIMELINE:
~REPORTED ON :15th FEB,2015
~FIXED ON : 25th MARCH,2015
REWARD:
~DROPBOX SWAG
~1TB DROPBOX STORAGE
POC:Cross Site Scripting (XSS) in Hackpad(By DropBox)
HackPad
,
POC
,
Proof of Concept
,
XSS
Edit
0 comments:
Post a Comment