Copy.com is a Barracuda Networks file sharing service, which offers 15GB of a free cloud storage for your files.
When I first read about Copy.com I almost immediately registered for an account. 15GB of a free storage was very tempting. Few moments later I started reporting vulnerabilities.
1. Company settings page – „Company Name” and „Directory Name” did not escape quote sign, which allowed an injection like:
3. Billing settings page – „Name on Card” and all „Address” fields did not escape quote sign, which again allowed an injection like:
[May 16th 2013] - bugs #1 & #2 were reported [May 17th 2013] - bug #2 was fixed [June 19th 2013] - second contact, because bug #1 was not fixed. Bug was fixed soon after. [June 25th 2013] - bug #3 was reported [July 10th 2013] - bug #3 was fixed
I would like to thank Zack, Tom and Brian for a flawless work with a bug fixing procedures.
If you would like to receive a free 20 GB (15+5GB) of a free cloud storage, please use this link, which will give us both an additional 5GB bonus space (client installation is needed). Thank you.