Author

Topic: Bug Bounty for my Home Server. Can only Pay in iota..$25 us (Read 225 times)

member
Activity: 99
Merit: 11

Sorry for late reply (due to work)

I got  in contact with the distributors of the search and told them about the bug


They made some changes. So hopefully its all fixed..



newbie
Activity: 6
Merit: 0
Could you reproduce the bug?
newbie
Activity: 6
Merit: 0
Thank you very much!

URL: http://udopage.com/ssep/index.php

Method="POST"

data="isajax=1&sugest=xxx"

Parameter BUG: sugest

Payload(Bitcointalk does not allow me to place the payload): https://i.ibb.co/hcS58QN/p-iota.png

Type Vulnerability: SQL Injection Boolean



The problem is that it is not filtered correctly in some parameters, and with a type of vulnerability like this, you can extract data from the server databases.
newbie
Activity: 6
Merit: 0
IOTA: FUIVHP9YPIQEFJWDISSJGYRORVLBYLZRCROHIDVPJJNSJHFCKVMPJJLASGV9VXRULJIVATQHJUI9JXO SCDURNSYBZC

Remove the space between "FUIVHP9YPIQEFJWDISSJGYRORVLBYLZRCROHIDVPJJNSJHFCKVMPJJLASGV9VXRULJIVATQHJUI9JXO" and "SCDURNSYBZC"
member
Activity: 99
Merit: 11
that's not a valid iota address. Its 91 characters long. Iota is 90

I do appreciate your help.

Ive taken my site down and would appreciate knowing what you did.

Its up to you but I want to share with many people how wonderful these coins are

and would like our interaction to be here.

I appreciate your need for privacy of tools and techniques.

Please try with another address. Its got to be an iota address.

Thank You..
newbie
Activity: 6
Merit: 0
Thank you very much! I wish we could have contact by some other means (discord, email, etc.) To give you detailed information about this.

Wallet IOTA: GRELNOAVDELGRVFFPXLGWWYWIGARGYZDHYKYUMNDDHWFZAVEBCOH9MQXBCEWEARCVEXVCSNQZNZVDHP CXJUYHOFROW
member
Activity: 99
Merit: 11
Wow.. Cool


thank You so much.  If its OK post your iota receive address here. Or PM it to me.

I'm ready to send you $25  American..

I don't do discord..

newbie
Activity: 6
Merit: 0
Hi, good day. I can help you with that. For better dialogue contact me through discord.-
member
Activity: 99
Merit: 11
Hi

I have my own homer server running from a Raspberry Pi.

I want to pay someone to fine any exploits on my site that gives them the ability to edit my site  I'll will pay $25 in iota only.

Joining the forums and making an edit is not an exploit. The same goes for the feed back page.

You must tell me how you did it.

This is a one off payment to the first person who edits my site and posts poof in this thread so I can correctly determine who is first.


Sorry Guys, I will try to pay more in future. I'm just testing the water.

Have fun. My site is....

http://udopage.com/






Jump to: