IDOR to view order information of users and personal information
👉 https://hackerone.com/reports/1323406
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Affirm
🔹 Reported By: #xfiltrer
🔹 State: 🟢 Resolved
🔹 Disclosed: December 6, 2021, 6:39pm (UTC)
👉 https://hackerone.com/reports/1323406
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Affirm
🔹 Reported By: #xfiltrer
🔹 State: 🟢 Resolved
🔹 Disclosed: December 6, 2021, 6:39pm (UTC)
Full read SSRF in www.evernote.com that can leak aws metadata and local file inclusion
👉 https://hackerone.com/reports/1189367
🔹 Severity: Critical | 💰 5,000 USD
🔹 Reported To: Evernote
🔹 Reported By: #neolexsecurity
🔹 State: 🟢 Resolved
🔹 Disclosed: December 6, 2021, 9:41pm (UTC)
👉 https://hackerone.com/reports/1189367
🔹 Severity: Critical | 💰 5,000 USD
🔹 Reported To: Evernote
🔹 Reported By: #neolexsecurity
🔹 State: 🟢 Resolved
🔹 Disclosed: December 6, 2021, 9:41pm (UTC)
Blind XSS
👉 https://hackerone.com/reports/1091118
🔹 Severity: Low
🔹 Reported To: Rocket.Chat
🔹 Reported By: #cyberasset
🔹 State: 🟢 Resolved
🔹 Disclosed: December 7, 2021, 7:15am (UTC)
👉 https://hackerone.com/reports/1091118
🔹 Severity: Low
🔹 Reported To: Rocket.Chat
🔹 Reported By: #cyberasset
🔹 State: 🟢 Resolved
🔹 Disclosed: December 7, 2021, 7:15am (UTC)
Guard WKS lookup: Evil WKS server forces connections to last forever
👉 https://hackerone.com/reports/1016691
🔹 Severity: Low | 💰 444 USD
🔹 Reported To: Open-Xchange
🔹 Reported By: #afewgoats
🔹 State: 🟢 Resolved
🔹 Disclosed: December 7, 2021, 10:49am (UTC)
👉 https://hackerone.com/reports/1016691
🔹 Severity: Low | 💰 444 USD
🔹 Reported To: Open-Xchange
🔹 Reported By: #afewgoats
🔹 State: 🟢 Resolved
🔹 Disclosed: December 7, 2021, 10:49am (UTC)
Bypass a fix for report #708013
👉 https://hackerone.com/reports/1363672
🔹 Severity: Medium | 💰 3,500 USD
🔹 Reported To: Shopify
🔹 Reported By: #scaramouche31
🔹 State: 🟢 Resolved
🔹 Disclosed: December 7, 2021, 1:14pm (UTC)
👉 https://hackerone.com/reports/1363672
🔹 Severity: Medium | 💰 3,500 USD
🔹 Reported To: Shopify
🔹 Reported By: #scaramouche31
🔹 State: 🟢 Resolved
🔹 Disclosed: December 7, 2021, 1:14pm (UTC)
Authentication Bypass - Email Verification code bypass in account registration process.
👉 https://hackerone.com/reports/1406471
🔹 Severity: Critical
🔹 Reported To: UPchieve
🔹 Reported By: #anas_44
🔹 State: 🟤 Duplicate
🔹 Disclosed: December 7, 2021, 6:57pm (UTC)
👉 https://hackerone.com/reports/1406471
🔹 Severity: Critical
🔹 Reported To: UPchieve
🔹 Reported By: #anas_44
🔹 State: 🟤 Duplicate
🔹 Disclosed: December 7, 2021, 6:57pm (UTC)
CORS origin validation failure
👉 https://hackerone.com/reports/1404986
🔹 Severity: Medium
🔹 Reported To: UPchieve
🔹 Reported By: #jupiter-47
🔹 State: 🟢 Resolved
🔹 Disclosed: December 7, 2021, 8:24pm (UTC)
👉 https://hackerone.com/reports/1404986
🔹 Severity: Medium
🔹 Reported To: UPchieve
🔹 Reported By: #jupiter-47
🔹 State: 🟢 Resolved
🔹 Disclosed: December 7, 2021, 8:24pm (UTC)
[allods.mail.ru] - WebCache Poisoning Host Header lead to Potential Stored XSS
👉 https://hackerone.com/reports/1262408
🔹 Severity: Medium
🔹 Reported To: Mail.ru
🔹 Reported By: #0xd0ff9
🔹 State: 🟢 Resolved
🔹 Disclosed: December 8, 2021, 2:01am (UTC)
👉 https://hackerone.com/reports/1262408
🔹 Severity: Medium
🔹 Reported To: Mail.ru
🔹 Reported By: #0xd0ff9
🔹 State: 🟢 Resolved
🔹 Disclosed: December 8, 2021, 2:01am (UTC)
Account Takeover through registration to the same email address
👉 https://hackerone.com/reports/1224008
🔹 Severity: High | 💰 100 USD
🔹 Reported To: QIWI
🔹 Reported By: #avolume
🔹 State: 🟢 Resolved
🔹 Disclosed: December 8, 2021, 9:17am (UTC)
👉 https://hackerone.com/reports/1224008
🔹 Severity: High | 💰 100 USD
🔹 Reported To: QIWI
🔹 Reported By: #avolume
🔹 State: 🟢 Resolved
🔹 Disclosed: December 8, 2021, 9:17am (UTC)
php info file and sql backup at vendor's subdomain
👉 https://hackerone.com/reports/1358249
🔹 Severity: Low | 💰 200 USD
🔹 Reported To: Semrush
🔹 Reported By: #rivalsec
🔹 State: 🟢 Resolved
🔹 Disclosed: December 8, 2021, 2:12pm (UTC)
👉 https://hackerone.com/reports/1358249
🔹 Severity: Low | 💰 200 USD
🔹 Reported To: Semrush
🔹 Reported By: #rivalsec
🔹 State: 🟢 Resolved
🔹 Disclosed: December 8, 2021, 2:12pm (UTC)
[Transportation Management Services Solution 2.0] Improper authorization at tmss.gsa.gov leads to data exposure of all registered users
👉 https://hackerone.com/reports/1175980
🔹 Severity: Critical
🔹 Reported To: U.S. General Services Administration
🔹 Reported By: #alexandrio
🔹 State: 🟢 Resolved
🔹 Disclosed: December 8, 2021, 3:36pm (UTC)
👉 https://hackerone.com/reports/1175980
🔹 Severity: Critical
🔹 Reported To: U.S. General Services Administration
🔹 Reported By: #alexandrio
🔹 State: 🟢 Resolved
🔹 Disclosed: December 8, 2021, 3:36pm (UTC)
Exposed kubernetes dashboard
👉 https://hackerone.com/reports/1418101
🔹 Severity: Medium
🔹 Reported To: 8x8
🔹 Reported By: #bugkill3r
🔹 State: 🟢 Resolved
🔹 Disclosed: December 9, 2021, 2:02am (UTC)
👉 https://hackerone.com/reports/1418101
🔹 Severity: Medium
🔹 Reported To: 8x8
🔹 Reported By: #bugkill3r
🔹 State: 🟢 Resolved
🔹 Disclosed: December 9, 2021, 2:02am (UTC)
clickjacking vulnerability
👉 https://hackerone.com/reports/1199904
🔹 Severity: No Rating
🔹 Reported To: Sifchain
🔹 Reported By: #sravani_1234
🔹 State: Spam
🔹 Disclosed: December 9, 2021, 5:49pm (UTC)
👉 https://hackerone.com/reports/1199904
🔹 Severity: No Rating
🔹 Reported To: Sifchain
🔹 Reported By: #sravani_1234
🔹 State: Spam
🔹 Disclosed: December 9, 2021, 5:49pm (UTC)
Clickjacking at sifchain.finance
👉 https://hackerone.com/reports/1212595
🔹 Severity: Medium
🔹 Reported To: Sifchain
🔹 Reported By: #manjithgowthaman
🔹 State: Spam
🔹 Disclosed: December 9, 2021, 5:49pm (UTC)
👉 https://hackerone.com/reports/1212595
🔹 Severity: Medium
🔹 Reported To: Sifchain
🔹 Reported By: #manjithgowthaman
🔹 State: Spam
🔹 Disclosed: December 9, 2021, 5:49pm (UTC)
Wrong Url in Main page of sifchain.finance
👉 https://hackerone.com/reports/1195512
🔹 Severity: Low
🔹 Reported To: Sifchain
🔹 Reported By: #beebeek
🔹 State: 🟤 Duplicate
🔹 Disclosed: December 9, 2021, 5:50pm (UTC)
👉 https://hackerone.com/reports/1195512
🔹 Severity: Low
🔹 Reported To: Sifchain
🔹 Reported By: #beebeek
🔹 State: 🟤 Duplicate
🔹 Disclosed: December 9, 2021, 5:50pm (UTC)
Wrong Implementation of Url in https://docs.sifchain.finance/
👉 https://hackerone.com/reports/1198877
🔹 Severity: Low
🔹 Reported To: Sifchain
🔹 Reported By: #sar00n
🔹 State: 🔴 N/A
🔹 Disclosed: December 9, 2021, 5:50pm (UTC)
👉 https://hackerone.com/reports/1198877
🔹 Severity: Low
🔹 Reported To: Sifchain
🔹 Reported By: #sar00n
🔹 State: 🔴 N/A
🔹 Disclosed: December 9, 2021, 5:50pm (UTC)
CSRF in newsletter form
👉 https://hackerone.com/reports/1190705
🔹 Severity: No Rating
🔹 Reported To: Sifchain
🔹 Reported By: #ph0b0s
🔹 State: 🔴 N/A
🔹 Disclosed: December 9, 2021, 5:50pm (UTC)
👉 https://hackerone.com/reports/1190705
🔹 Severity: No Rating
🔹 Reported To: Sifchain
🔹 Reported By: #ph0b0s
🔹 State: 🔴 N/A
🔹 Disclosed: December 9, 2021, 5:50pm (UTC)
Session Token in URL
👉 https://hackerone.com/reports/1197078
🔹 Severity: No Rating
🔹 Reported To: Sifchain
🔹 Reported By: #little_one
🔹 State: 🔴 N/A
🔹 Disclosed: December 9, 2021, 5:51pm (UTC)
👉 https://hackerone.com/reports/1197078
🔹 Severity: No Rating
🔹 Reported To: Sifchain
🔹 Reported By: #little_one
🔹 State: 🔴 N/A
🔹 Disclosed: December 9, 2021, 5:51pm (UTC)
No Valid SPF Records at sifchain.finance
👉 https://hackerone.com/reports/1188725
🔹 Severity: No Rating
🔹 Reported To: Sifchain
🔹 Reported By: #n33dm0n3y
🔹 State: ⚪️ Informative
🔹 Disclosed: December 9, 2021, 5:51pm (UTC)
👉 https://hackerone.com/reports/1188725
🔹 Severity: No Rating
🔹 Reported To: Sifchain
🔹 Reported By: #n33dm0n3y
🔹 State: ⚪️ Informative
🔹 Disclosed: December 9, 2021, 5:51pm (UTC)
Clickjacking /framing on sensitive Subdomain
👉 https://hackerone.com/reports/1195209
🔹 Severity: No Rating
🔹 Reported To: Sifchain
🔹 Reported By: #ilxax1
🔹 State: 🔴 N/A
🔹 Disclosed: December 9, 2021, 5:51pm (UTC)
👉 https://hackerone.com/reports/1195209
🔹 Severity: No Rating
🔹 Reported To: Sifchain
🔹 Reported By: #ilxax1
🔹 State: 🔴 N/A
🔹 Disclosed: December 9, 2021, 5:51pm (UTC)
Sifchain Privacy Policy Webpage Uses Wordpress Default Template. Does Not Display Correct Privacy Policy.
👉 https://hackerone.com/reports/1196049
🔹 Severity: No Rating
🔹 Reported To: Sifchain
🔹 Reported By: #masq31
🔹 State: 🔴 N/A
🔹 Disclosed: December 9, 2021, 5:52pm (UTC)
👉 https://hackerone.com/reports/1196049
🔹 Severity: No Rating
🔹 Reported To: Sifchain
🔹 Reported By: #masq31
🔹 State: 🔴 N/A
🔹 Disclosed: December 9, 2021, 5:52pm (UTC)