Welcome everybody, this is Muhaddis and today I am sharing one of my recent discoveries in MAGIX Inc. Magix Software GmbH is the largest subsidiary of Bellevue Investments. Its managing director is Klaus Schmidt. The company is an international software publisher with a focus on multimedia software and services and is headquartered in Berlin.
As I wanted to be featured in their security researchers Hall of Fame and my fortunes go with me this time moreover. As they have an exceptionally immense web scope that opens entryways for me to upgrade my skills and make my position in the Hall of Fame. Before beginning pentesting I approached their responsible disclosure policy and quickly investigated the security researchers zone.
In the Hall of Fame a couple of researchers reported about Magix.Info it's one of MAGIX sub-associations. I began pentesting and in the meantime, I established three security vulnerabilities in Magix.Info and was feeling fantastic from inside.
- Stored Cross Site Scripting (XSS)
- Open Redirection Leads To Cross Site Scripting
- Broken Authentication and Sessions Management Flaw
At first, I requested authorization to test their site incorporating sub-areas and in a couple of hours, I get a positive response from their specialized technical staff that I am permitted to do as such.
Without sitting around idly I composed an itemized write about it and sent them to their responsible security team.
Four months I have been pinging them about updates about that issue and their web domains are as yet vulnerable however I didn't get any response from them. I mailed them again asking for updates and they answered, Sorry, but you may have to be a little more specific about which problem you reported. Can you provide the date/time and/or subject line of your original report email? I just went back in my mails, had a look and could only find a previous request from you for us to give permission for some security testing, which we did. I couldn't find any actual report yet. Thanks.
I resent that old reported mail to them and following three days I got mail that, Thanks for your feedback and the contribution to the security of our website. We have forwarded this matter to our colleagues at website development and administration for their attention. They will evaluate the situation and take the necessary steps. We will be standing by for their feedback and keep you posted.
In this interim, I sat tight more two months for it and on August 22 I got a response that,
I was glad to contribute and expressed gratitude toward my patience. Further, they acknowledged me by adding my name on the top of their security researchers hall of fame (A nine days wonder).
I am grateful to MAGIX for acknowledging and. I thank MAGIX for acknowledgement and I thanks to you too for your profitable time reading this article.