Bug Bounty

Thu

Feb

German Telekom Bug Bounty – 3x Remote Vulnerabilities

Submitted by Editorial_Staff_Team on Thu, 02/06/2014 - 22:55

German Telekom Bug Bounty – 3x Remote Vulnerabilities

The laboratory researcher Ibrahim Mosaad H. El-Sayed (the_storm) participated from december since february in the official German Telekom Bug Bounty Programme. Between his exploitation and documentation phase the scope has been restricted by the telekom (critical only!). As direct reaction ibrahim focused to report only high/critical severity remote vulnerabilities.

The first remote vulnerability is a code execution bug, the second vulnerability is a pre-auth remote sql injection issue and the third security problem was an arbitrary file upload bug. The severity of all 3 issue was high to critical and the reward amount per issue was set to 1000€ (3x 1000€).

1. Remote Code Execution

Thu

Oct

PayPal Bug Bounty Reward – Print Layout Vulnerabilities

Submitted by Editorial_Staff_Team on Thu, 10/17/2013 - 23:11

PayPal Bug Bounty Reward – Print Layout Vulnerabilities

The Vulnerability Laboratory research team discovered end of july multiple persistent input validation web vulnerabilities in an official PayPal Inc core web-application module. The vulnerability is located in the Print Packing Slips and Print Selected module when processing to request via POST method manipulated itemno, orderno, order or description parameters.