[IRCCloud] History and Another XSS Bug Bounty
Personally, I have been a user of IRC since 2004 on some private networks and some other well-known ones such as Freenode. However, it was always inconvenient to have to set up an IRC Bouncer, so when IRCCloud came around, I was excited to try it and see if it provided me with a method of staying connected to all the required networks without having to download a new client on every computer I was on (as it’s a web service).
After trying the Beta which was a free option before they publicly released the paid version, I thought I’d try and find some vulnerabilities to report to them – for no other reason than to ensure that the service that I am using can’t be exploited to disclose any of my information or data.
The first issue I identified was that the application has a pastebin feature for when the user pastes a large amount of text, they get the option for uploading to their own proprietary pastebin service.
Read the full report on HackerOne.