I was working on Zengine's bug bounty program on Cobalt.io back in July 2015. As this was an an old program, most of the low hanging fruits were already reported. I didn't expect to find a XSS when I saw Shashank on top of the list.
It all started with creating a test account on Zengine and writing an XSS payload in new plugin name. After you create a plugin it gets listed on marketplace. I was not sure if I'll find something in the application as data validation protection was intact. After navigating to all pages manually, I was kind of bored and I clicked browse plugins in the marketplace (don't remember exactly how I reached there as I lost the POC video from dropbox). To my surprise I saw a cute little prompt from payload which I wrote earlier in my new plugin. Zengine Security team patched the issue in less than 24 hours.
Zengine rewarded me $1200 for the finding with appreciation.
Timeline:
July 9th, 2015 - Report Sent
July 10th, 2015 - Bug Patched, Bounty Rewarded
Thanks for Reading! Comments and suggestions are welcome.
No comments:
Post a Comment