darksecurity.de | Entries from February 2014

Warning: opendir(/var/www/html/web1/serendipity/plugins/serendipity_event_dpsyntaxhighlighter/sh/3.0.83.2/scripts/): failed to open dir: No such file or directory in /var/www/html/web1/serendipity/plugins/serendipity_event_dpsyntaxhighlighter/serendipity_event_dpsyntaxhighlighter.php on line 26

Warning: Invalid argument supplied for foreach() in /var/www/html/web1/serendipity/plugins/serendipity_event_dpsyntaxhighlighter/serendipity_event_dpsyntaxhighlighter.php on line 170
Skip to content

My experiences with the GiftCards.com Bug Bounty Program

Posted by Stefan Schurtz on Tuesday, February 18. 2014

Since November 2013 I reported seven Cross-site Scripting vulnerabilities to the Giftcard Bug Bounty Program. Sadly, only one of them wasn’t a duplicate :-/. Strange? Perhaps, but not impossible given the simplicity of the vulnerabilities.

But, what I really don’t understand: Why do they still work until today?

Continue reading "My experiences with the GiftCards.com Bug Bounty Program"

SSCHADV2014-003 - Serendipity 1.7.5 (Backend) - Multiple security vulnerabilities

Posted by Stefan Schurtz on Thursday, February 6. 2014

^Advisory:	Serendipity 1.7.5 (Backend) – Multiple security vulnerabilities
Advisory ID:	SSCHADV2014-003
Author:	Stefan Schurtz
Affected Software:	Successfully tested on Serendipity 1.7.5
Vendor URL:	http://www.s9y.org/
Vendor Status:	fixed