Everton FC Shop!

Yet another XSS on Everton FC website. Working in chrome and firefox!! Last time i emailed and disclosed an XSS to them they did not even reply back and say thank you! I will disclose the XSS url in 30 days. Timeline: Reported to OBB […]

Read more

#Quidco Self XSS

Simple DOM XSS this time as I didnt see any values reflected. Simple Payload Used…   #<img src=x onerror=prompt(/OPENBUGBOUNTY/)>   Timeline: March 18th – DM sent to quidco March 30th – Tweeted them https://twitter.com/Random_Robbie/status/847353071449423874 March 30th – Response received https://twitter.com/quidco/status/847400878990532608 Patched at some point with out telling […]

Read more