This week I wanted to hunt a bug in Ifixit.com. Well I was little interested in the search bar field. So I taught of fuzzing from there. It had a good filter to filter user input. But to my surprise I ended by bypassing the filter 🙂
My name got published in the Thanks section 😉
http://www.ifixit.com/Info/Responsible_Disclosure#Section_2013
I am sorry that I cannot disclose my vector or any sensitive data from the website. This issue has been already verified and patched.
Hmm… wait a sec for my bypassing I should be rewarded right? So here we go , got a nice t-shirt, some stickers and a cool Ifixit toolkit 😉
Thank you guys. This was really impressive.
