Security gap in search function of Bundeswehr web application patched
About some time ago, we had a look at the latest Bundeswehr website (https://www.bundeswehrkarriere.de/) in our lab. We noticed an error in the output of the validation of an application. We then investigated this error in more detail and in the end we were able to provide the Bundeswehr with an exploitable vulnerability in the area of Persistent Input Validation / Cross Site Scripting. After half a year has passed we would like to share this with you and will report about it here.
It all began with a notice of the announcement of the new digital updates at the Bundeswehr and the new career portal. After we talked several times in the office about the secure programming of the web agencies for the Bundeswehr, we wanted to see how the security of the public web portal really is.
Advanced Persistent Threat Golden_hands - Digital Bank Robbery of the Year 2020
Facebook Security - 12.500$ Bug Bounty reward to Security Researcher
Bug Bounty Program Award Winners 2014 - Exclusive Interview by Microsoft & PayPal
Shopify | Buy Button | Persistent Embed POST Inject Vulnerability