Bug Bounty

Thu

Mar

Ebay Xcom - Multiple Remote Vulnerabilities Patched!

Submitted by Editorial_Staff_Team on Thu, 03/26/2015 - 10:36

Ebay Inc Xcom - 3 nasty flaws got fixed 2015 Q1

A core team researcher of the vulnerability laboratory discovered during the weekend several application-side input validation vulnerabilities in the official ebay inc xcom online service web-application. The vulnerabilities allow remote attacker to inject script codes with persistent attack vector to the application-side of the online service.

The vulnerabilities was reported in march 2014Q1 to the ebay inc security research team. The ebay inc xcom team will acknowledged the research and valid bug submissions by a new entry to the official hall of fame.

1.1 - Ebay Inc Xcom #4 - (Item Preview) Persistent Vulnerability

Sat

Feb

Ebay Inc Magento 2015Q1 - Official Bug Bounty Program rewards Security Researcher

Submitted by Editorial_Staff_Team on Sat, 02/14/2015 - 02:57

Application-Side Vulnerability in Magento Disclosed By Researcher

The famous and trusted "Ebay Inc Bug Bounty Program" rewards a researchers that discloses an issue in the official magento service. To report a magento service vulnerability it is required to use the Ebay Inc Bug Bounty Program tool.

The german researcher (Benjamin Kunz Mejri) discovered an application-side input validation issue with connected mail encoding web vulnerability to ebay in 2014 Q1. Two days ago the "Ebay Inc Bug Bounty Program" notified the Vulnerability Labs core team researcher about the successful implemented patch. The company paid a reward of 500€ due to the valid vulnerability report. The issue is highlighted with details as one of the rare Tier 2 Application issues.