In-scope domain can also be in Error - Open Redirection @Mailboxes

Hi All,

Long time back while participating into Dropbox Acquisitions program, I found Open Redirection ,CSRF- Account takeover and other low hanging fruits on Mailboxes platform.

Well Initially Mailboxes domain was in-scope for Dropbox Acquisitions.

Later on after my submission they said :-

So they removed their in-scope URL after my submission.

The point in sharing this bug is that even after sharing a valid vulnerability to the program owner and spending hours and days in hunting bug, they refused to acknowledge my efforts, citing the in-scope domain as an error.

Nevertheless, I thought to share my finding with you guys.

Video POC:-

Thanks You.

Share this

Related Posts

Next Post »


Write comments
24 February 2016 at 16:41 delete

Sorry to hear about that...

Think I'll start doing bug bounties myself as I am quite good at spotting flaws and application development.

24 February 2016 at 21:01 delete

Yahh Some program like this No comments :/ But good learning though.