It seemed to me that this type of error does not appear in popular websites or portals anymore.. and yet - recently I managed to find some more or less serious errors like Cross-site scripting (XSS) as some time has passed and they were all patched, I decided to share the details.
- Telekomhilft in user data, specifically a field called 'dtag.user.profile.contact.label' after entering the following payload:
I got a bug bounty of € 250
2. Allegro, or rather the discussion forum at spolecznosc.allegro.pl, also had a trivial error leading to the execution of arbitrary code. Unfortunately, according to the rules available on the hackerone portal, this subpage is not included in the bug bounty program.