Razer US: DLL Hijacking Vulnerability in synapse-2

The Synapse 2 installer was subject to a DLL planting attack in the Downloads folder. This was fixed in May of 2019...

Razer US: [zvault.razerzone.com] URL validation bypass

The researcher discovered that a page on our zVault that intended to perform redirection which allowed a URL bypass due to a coding flaw. The flaw was an attempt at sanitation that could actually be leveraged to redirect to a URL string useful for phishing. He provided an analysis of the code and...

Razer US: Reflected XSS on https://press.razerzone.com

The researcher discovered a post reflected XSS on press.razerzone.com that allowed the delivery of a script payload via Firefox and demonstrated via a video. This was reported on 11/27 and deployed to production on 12/27...

Razer US: Reflected XSS on domain support.razerzone.com

The researcher hisxo discovered a reflected XSS vulnerability on support.razerzone.com. hisxo also worked with H1 Triage to provide a valid PoC that demonstrated payload delivery using Burp Suite. We appreciate the extra work and look forward to working with the researcher in the future...

Razer US: Reflected XSS in deals.razerzone.com via the interesting parameter.

Summary --- deals.razerzone.com is vulnerable to Reflected XSS via the interesting parameter. Affected Code --- html var ThisPageOn = "recommended", pageNum = 2, isLoading = false, delIntresItem = 0, delNotIntresItem = 0, delOwnedItem = 0, intres = -1 abba alert1 ; var ownedLang = "OWNED",...

Razer US: Reflected XSS on the https://deals.razerzone.com/json/translation endpoint

Thanks to SP1D3RS for the great report and working with the team on this one. This was a trivial POST-XSS, caused by using text/html Content-Type on the JSON endpoint, and ability to control the part of the response using unsanitized input. Why I disclosed it if this is a trivial issue? I pretty...

Razer US: Reflected XSS in razer-id.razerzone.com

The researcher discovered a reflective XSS that allowed the injection of a javascript scheme into a URL on the razer-id server. This was reported on 9/21 and the fix deployed to production on 10/19...

Razer US: Authenticated DOM-based XSS in deals.razerzone.com via the rurl parameter.

The tester discovered the deals.razerzone.com website was vulnerable to open redirect via the rurl parameter e.g. https://deals.razerzone.com/user/ssologin?rurl= and that the parameter was also vulnerable DOM-based XSS. Also, the initial fix for this was a little too specific and edio was able to...

Razer US: Open redirect in razer-id.razerzone.com via the redirect parameter.

Summary --- razer-id.razerzone.com is vulnerable to Open redirects via the redirect parameter. Browsers Verified In --- Google Chrome 60.0.3112.113 Official Build 64-bit Mozilla Firefox 55.0.2 64-bit PoC --- The following URL will redirect your users to https://google.com...