Welcome everybody, this is Muhaddis and today I am sharing one of my recentdiscoveries in MAGIX Inc. Magix Software GmbH is the largest subsidiary of Bellevue Investments. Its managing director is Klaus Schmidt. The company is an international software publisher with a focus on multimedia software and services and is headquartered in Berlin.
As I wanted to featured in their security researchers Hall of Fame and my fortunes go with me this time moreover. As they have exceptionally immense web scope that open entryways for me to upgrade my skills and make my position in Hall of Fame. Before began pentesting I approach to their responsible disclosure policy and fast investigated security researchers zone.
In Hall of Fame couple of researchers reported about Magix.Info it’s one of MAGIX sub association. I began pentesting and in mean time I established three security vulnerabilities in Magix.Info and was feeling fantastic from inside.
- Stored Cross Site Scripting (XSS)
- Open Redirection Leads To Cross Site Scripiting
- Broken Authentication and Sessions Management Flaw
At first I requested authorization to test their site incorporating sub areas and in couple of hours I get a positive response from their specialized technical staff that I am permitted to do as such.
Without sitting around idly I composed an itemized write about it and sent them to their responsible security team.
Four months I have been pinging them about updates about that issues and their web domains are as yet vulnerable however I didn’t get any response from them. I mailed them again about asking updates and they answered that, Sorry, but you may have to be a little more specific which problem you reported. Can you provide the date/time and/or subject line of your original report e-mail? I just want back in my mails, had a look and could only find a previous request from you for us to give permission for some security testing, which we did. I couldn’t find any actual report yet. Thanks.
I resent that old reported mail to them and following three days I got mail that, Thanks for your feedback and the contribution to the security of our website. We have forwarded this matter to our colleagues at website development and administration for their attention. They will evaluate the situation and take the necessary steps. We will be standing by for their feedback and keep you posted.
In this interim I sat tight more two months for it and on August 22 I got response that,
I was glad to contributing and expressed gratitude toward to my patience. Further they acknowledged me by adding my name on the top of their security researchers hall of fame (A nine days wonder).
I am grateful to MAGIX for acknowledge and. I thanks to MAGIX for acknowledgement and I thanks to you too for your profitable time reading this article.