Monday, 23 December 2013

Barracuda Bug Bounty Program

Barracuda Bug Bounty



Reflected XSS :- https://www.barracuda.com/"><img src=x onerror=prompt(1)>






By Now This Is Only Fixed , I Will Post Other Poc's Soon , When They Get Fixed


Barracuda Rewarded 300$ for 5 of  my reports , And Others Reports Are Getting Validated
















at

10 comments:

  1. Rahul Sharma11 February 2014 at 04:03

    Hello,

    Just want to know, How can you put a malicious script in img src=x onerror=prompt(1) (I am unable to enter the tag in this.)

    as it will only throw a pop up with value 1.
    If I want to get the cookies, How can I use something like document.getcookie()

    Or How it is harmful to a user. Can you please explain this??

    ReplyDelete
    Replies
    1. Unknown19 February 2014 at 17:30

      Hi Rahul, I'm not the author of this blog but I want to reply your comment.
      The best way to know how to use the vulnerability is by learning Javascript. Because the code executed "on error" is Javascript.
      Go to http://codecademy.com or something like that.

      Delete
    2. N B Sri Harsha15 March 2014 at 12:08

      Hi Rahul , To Get Cookies u Can Use document.cookie

      Delete
    3. vamsi19 March 2014 at 03:23

      hai mr. sri harsha.....

      if u don mine....wil u plz suggest me best site to learn the xss...hope u ll

      Delete
    4. N B Sri Harsha19 March 2014 at 03:40

      here it is

      http://owasp.com/index.php/Main_Page

      Delete
  2. Anonymous24 June 2014 at 12:52

    Hi, I would like to know what is the username and password to login into these test URLs which are mentioned on their website.

    ReplyDelete
    Replies
    1. N B Sri Harsha4 July 2014 at 08:19

      create a new account here :)

      https://login.barracudanetworks.com/new_user/?service=

      Delete
    2. Unknown17 February 2015 at 03:25

      Bro how i can bypass XSS Filters , and how i know if payload are injected?

      Delete
  3. Alvir16 April 2020 at 05:28

    I never thought I will come in contact with a real and potential hacker until I knew   brillianthckers800 at Gmail and he delivered a professional job,he is intelligent and understanding to control jobs that comes his way
    Contact him and be happy

    ReplyDelete
  4. PINNED COMMENT23 March 2022 at 10:54

    Blogging has become so mainstream it has lost it's flare. Coming across your webpage was such a relief. I am especially intrigued by the delivery and wordplay. We'd like to contribute to your efforts by offering you a TOEFL CERTIFICATE FOR SALE​ ​ .

    The rise of social emojis has left the English language in a chokehold. Just like you, we can show your audience how to obtain a GET TOEFL CERTIFICATE ONLINE​ ​ which will greatly improve their language powers and abilities.

    Join our ELITE GROUP​ ​ of experts from the British Council and black hat hackers.

    ReplyDelete