juansacco
New
Netherlands
Offline
|
Hello guys. My name is Juan Sacco and I love your products ( I do not have any but still.. )
Well I am a security researcher and I was looking when just by curiosity I found a SQL Injection and a XSS scripting on DJI.COM ( Besides other things ).
This is really critical because for instance, the XSS is stored. And this could allow any malicious user to control or modify / steal other users credentials, credit cards, etc. from the shop or forum.. And well the SQL Injection can be used directly to modify the site.
I am trying since yesterday to contact someone from DJI.. tried every email you have on the page without luck.
Could you put me in contact as soon as possible with one of your technical engineers so I can report this?
My only intention is to report this to help you guys to have a better and more secure site, knowing that you have a online store at dji.com if this vulnerabilities are used by an attacker he could potentially do a lot of damage not only to your site, to your online presence.
Besides. I would like to know if there is any reward for reporting this?
Linkedin: https://www.linkedin.com/profile/view?id=30640166
Website: http://exploitpack.com
Thanks.
JSacco
|
|