In-scope domain can also be in Error - Open Redirection @Mailboxes


Hi All,

Long time back while participating into Dropbox Acquisitions program, I found Open Redirection ,CSRF- Account takeover and other low hanging fruits on Mailboxes platform.

Well Initially Mailboxes domain was in-scope for Dropbox Acquisitions.

Later on after my submission they said :-


So they removed their in-scope URL after my submission.

The point in sharing this bug is that even after sharing a valid vulnerability to the program owner and spending hours and days in hunting bug, they refused to acknowledge my efforts, citing the in-scope domain as an error.


Nevertheless, I thought to share my finding with you guys.


Video POC:-




Thanks You.



Share this

Related Posts

Previous
Next Post »

2 comments

Write comments
Anonymous
24 February 2016 at 16:41 delete

Sorry to hear about that...

Think I'll start doing bug bounties myself as I am quite good at spotting flaws and application development.

Reply
avatar
24 February 2016 at 21:01 delete

Yahh Some program like this No comments :/ But good learning though.

Reply
avatar