Full Disclosure mailing list archives
Re: PayPal.com XSS Vulnerability
From: Vulnerability Lab <research () vulnerability-lab com>
Date: Wed, 29 May 2013 20:15:13 +0100
Let me provide an answer regarding the conversation of the young researcher < Paypal and the 13 more paypal xss post. Priority #1 - PayPal checks if all rules are successful granted Priority #2 - PayPal checks & validate the issue #1 The guy did not read the participation rules and made at the end a full disclosure for fame #2 The issue was already reported and paypal is preparing a patch with priority influence If you do not want to see or accept the truth ... you should as minimum grant the researcher the credits. The little indian forcer scene from the govt with the mohit kumar mythology wants there bugs patched within one day and tomorrow get a payout but in the real world this is not possible easily. They also have concepts to prevent and check the affects of patches and co. In this case the little guy had no knowledge about the issue was already reported multiple times and the others was all silent. At the end he lost all ... he got no money, his bug got not accepted and he will not get anymore the possibility to report future issues because he broke the policy with a full disclosure for no reason. I will continue to report my issues to paypal to get bug bounty rewards since yet all was correct. When i saw the news i was a bit stunned how evil the news groups published the news against paypal since the facts are on the table. ~bkm -- VULNERABILITY RESEARCH LABORATORY LABORATORY RESEARCH TEAM CONTACT: research () vulnerability-lab com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: PayPal.com XSS Vulnerability, (continued)
- Re: PayPal.com XSS Vulnerability Jeffrey Walton (May 28)
- Re: PayPal.com XSS Vulnerability Robert Kugler (May 28)
- Re: PayPal.com XSS Vulnerability Robert Kugler (May 29)
- Re: PayPal.com XSS Vulnerability Źmicier Januszkiewicz (May 29)
- Re: PayPal.com XSS Vulnerability Źmicier Januszkiewicz (May 29)
- Re: PayPal.com XSS Vulnerability Julius Kivimäki (May 29)
- Re: PayPal.com XSS Vulnerability James Condron (May 29)
- Re: PayPal.com XSS Vulnerability Jeffrey Walton (May 29)
- Re: PayPal.com XSS Vulnerability James Condron (May 29)
- Re: PayPal.com XSS Vulnerability Andre Helwig (May 29)
- Re: PayPal.com XSS Vulnerability Vulnerability Lab (May 29)
- Re: PayPal.com XSS Vulnerability Daniel Preussker (May 30)
- Re: PayPal.com XSS Vulnerability Źmicier Januszkiewicz (May 29)