1Shoppingcart.com

We are adding an additional reward bonus for file upload vulnerabilities leading to remote code execution. This can be in the form of either a direct file upload into a web accessible location, a file upload into another location executed on the web server via directory traversal, or a file uploaded into another location which is then moved into a web accessible location. What we are looking for here is the ability to upload and execute any of the various ASP executable file types, e.g. .asp, .aspx, .ashx, etc. It is enough to simply demonstrate code execution on the server. Do not attempt to escalate privileges on the webserver or pivot in the environment.

The additional bonus for successful file upload and code execution is $1000. This will be in addition to the general P1 reward of $1500 and the RCE bonus of $500, meaning that the total reward for a finding of this type is $3000. We would appreciate the prioritization of these vulnerabilities. Thank you and happy hunting!