Meraki Bugbounty - Simple XSS

A couple of days ago started a Bug-Bounty programm. We hoped with a bit of luck to be able to discover a couple of vunerabilities.

The Bug Bounty included the main domain as well as all subdomains matching “*” . Firstly we tried to get a list of every domain that fit that requirement and it’s function. That was quite difficult and there was nothing for us to complain about. Websites that launches Bug Bounty programms ussually have most of their vunerabilities fixed already. That makes it a quite demanding task to find any other vunerabilities. Luckly for us we were eventually able to find a security breach that has not yet been discovered.

We sent a report with what we found the very same evening (Sunday; 17.03.2013). We haven’t heard back from Merkai tech support for more than three days. We thought it was quite odd that we haven’t heard back sooner as a matter of fact that meraki is known for it’s quick fixes. We then decided to ask about the situation once more via twitter . After doing so the our expectaion for a quick answer was then met. Merkai assured us to be the first to find the XSS-issue and that they would deal with the breach as soon as possible.

We were pleased to hear that and that they eventually fixed it the way it’s suppossed to as soon as they could. Finally we’ve received a 200$ reward for this issue.


Screenshot of the xss issue.