Authentication Bypass - Email Verification code bypass in account registration process.
👉 https://hackerone.com/reports/1406471
🔹 Severity: Critical
🔹 Reported To: UPchieve
🔹 Reported By: #anas_44
🔹 State: 🟤 Duplicate
🔹 Disclosed: December 7, 2021, 6:57pm (UTC)
👉 https://hackerone.com/reports/1406471
🔹 Severity: Critical
🔹 Reported To: UPchieve
🔹 Reported By: #anas_44
🔹 State: 🟤 Duplicate
🔹 Disclosed: December 7, 2021, 6:57pm (UTC)
CORS origin validation failure
👉 https://hackerone.com/reports/1404986
🔹 Severity: Medium
🔹 Reported To: UPchieve
🔹 Reported By: #jupiter-47
🔹 State: 🟢 Resolved
🔹 Disclosed: December 7, 2021, 8:24pm (UTC)
👉 https://hackerone.com/reports/1404986
🔹 Severity: Medium
🔹 Reported To: UPchieve
🔹 Reported By: #jupiter-47
🔹 State: 🟢 Resolved
🔹 Disclosed: December 7, 2021, 8:24pm (UTC)
[allods.mail.ru] - WebCache Poisoning Host Header lead to Potential Stored XSS
👉 https://hackerone.com/reports/1262408
🔹 Severity: Medium
🔹 Reported To: Mail.ru
🔹 Reported By: #0xd0ff9
🔹 State: 🟢 Resolved
🔹 Disclosed: December 8, 2021, 2:01am (UTC)
👉 https://hackerone.com/reports/1262408
🔹 Severity: Medium
🔹 Reported To: Mail.ru
🔹 Reported By: #0xd0ff9
🔹 State: 🟢 Resolved
🔹 Disclosed: December 8, 2021, 2:01am (UTC)
Account Takeover through registration to the same email address
👉 https://hackerone.com/reports/1224008
🔹 Severity: High | 💰 100 USD
🔹 Reported To: QIWI
🔹 Reported By: #avolume
🔹 State: 🟢 Resolved
🔹 Disclosed: December 8, 2021, 9:17am (UTC)
👉 https://hackerone.com/reports/1224008
🔹 Severity: High | 💰 100 USD
🔹 Reported To: QIWI
🔹 Reported By: #avolume
🔹 State: 🟢 Resolved
🔹 Disclosed: December 8, 2021, 9:17am (UTC)
php info file and sql backup at vendor's subdomain
👉 https://hackerone.com/reports/1358249
🔹 Severity: Low | 💰 200 USD
🔹 Reported To: Semrush
🔹 Reported By: #rivalsec
🔹 State: 🟢 Resolved
🔹 Disclosed: December 8, 2021, 2:12pm (UTC)
👉 https://hackerone.com/reports/1358249
🔹 Severity: Low | 💰 200 USD
🔹 Reported To: Semrush
🔹 Reported By: #rivalsec
🔹 State: 🟢 Resolved
🔹 Disclosed: December 8, 2021, 2:12pm (UTC)
[Transportation Management Services Solution 2.0] Improper authorization at tmss.gsa.gov leads to data exposure of all registered users
👉 https://hackerone.com/reports/1175980
🔹 Severity: Critical
🔹 Reported To: U.S. General Services Administration
🔹 Reported By: #alexandrio
🔹 State: 🟢 Resolved
🔹 Disclosed: December 8, 2021, 3:36pm (UTC)
👉 https://hackerone.com/reports/1175980
🔹 Severity: Critical
🔹 Reported To: U.S. General Services Administration
🔹 Reported By: #alexandrio
🔹 State: 🟢 Resolved
🔹 Disclosed: December 8, 2021, 3:36pm (UTC)
Exposed kubernetes dashboard
👉 https://hackerone.com/reports/1418101
🔹 Severity: Medium
🔹 Reported To: 8x8
🔹 Reported By: #bugkill3r
🔹 State: 🟢 Resolved
🔹 Disclosed: December 9, 2021, 2:02am (UTC)
👉 https://hackerone.com/reports/1418101
🔹 Severity: Medium
🔹 Reported To: 8x8
🔹 Reported By: #bugkill3r
🔹 State: 🟢 Resolved
🔹 Disclosed: December 9, 2021, 2:02am (UTC)
clickjacking vulnerability
👉 https://hackerone.com/reports/1199904
🔹 Severity: No Rating
🔹 Reported To: Sifchain
🔹 Reported By: #sravani_1234
🔹 State: Spam
🔹 Disclosed: December 9, 2021, 5:49pm (UTC)
👉 https://hackerone.com/reports/1199904
🔹 Severity: No Rating
🔹 Reported To: Sifchain
🔹 Reported By: #sravani_1234
🔹 State: Spam
🔹 Disclosed: December 9, 2021, 5:49pm (UTC)
Clickjacking at sifchain.finance
👉 https://hackerone.com/reports/1212595
🔹 Severity: Medium
🔹 Reported To: Sifchain
🔹 Reported By: #manjithgowthaman
🔹 State: Spam
🔹 Disclosed: December 9, 2021, 5:49pm (UTC)
👉 https://hackerone.com/reports/1212595
🔹 Severity: Medium
🔹 Reported To: Sifchain
🔹 Reported By: #manjithgowthaman
🔹 State: Spam
🔹 Disclosed: December 9, 2021, 5:49pm (UTC)
Wrong Url in Main page of sifchain.finance
👉 https://hackerone.com/reports/1195512
🔹 Severity: Low
🔹 Reported To: Sifchain
🔹 Reported By: #beebeek
🔹 State: 🟤 Duplicate
🔹 Disclosed: December 9, 2021, 5:50pm (UTC)
👉 https://hackerone.com/reports/1195512
🔹 Severity: Low
🔹 Reported To: Sifchain
🔹 Reported By: #beebeek
🔹 State: 🟤 Duplicate
🔹 Disclosed: December 9, 2021, 5:50pm (UTC)
Wrong Implementation of Url in https://docs.sifchain.finance/
👉 https://hackerone.com/reports/1198877
🔹 Severity: Low
🔹 Reported To: Sifchain
🔹 Reported By: #sar00n
🔹 State: 🔴 N/A
🔹 Disclosed: December 9, 2021, 5:50pm (UTC)
👉 https://hackerone.com/reports/1198877
🔹 Severity: Low
🔹 Reported To: Sifchain
🔹 Reported By: #sar00n
🔹 State: 🔴 N/A
🔹 Disclosed: December 9, 2021, 5:50pm (UTC)
CSRF in newsletter form
👉 https://hackerone.com/reports/1190705
🔹 Severity: No Rating
🔹 Reported To: Sifchain
🔹 Reported By: #ph0b0s
🔹 State: 🔴 N/A
🔹 Disclosed: December 9, 2021, 5:50pm (UTC)
👉 https://hackerone.com/reports/1190705
🔹 Severity: No Rating
🔹 Reported To: Sifchain
🔹 Reported By: #ph0b0s
🔹 State: 🔴 N/A
🔹 Disclosed: December 9, 2021, 5:50pm (UTC)
Session Token in URL
👉 https://hackerone.com/reports/1197078
🔹 Severity: No Rating
🔹 Reported To: Sifchain
🔹 Reported By: #little_one
🔹 State: 🔴 N/A
🔹 Disclosed: December 9, 2021, 5:51pm (UTC)
👉 https://hackerone.com/reports/1197078
🔹 Severity: No Rating
🔹 Reported To: Sifchain
🔹 Reported By: #little_one
🔹 State: 🔴 N/A
🔹 Disclosed: December 9, 2021, 5:51pm (UTC)
No Valid SPF Records at sifchain.finance
👉 https://hackerone.com/reports/1188725
🔹 Severity: No Rating
🔹 Reported To: Sifchain
🔹 Reported By: #n33dm0n3y
🔹 State: ⚪️ Informative
🔹 Disclosed: December 9, 2021, 5:51pm (UTC)
👉 https://hackerone.com/reports/1188725
🔹 Severity: No Rating
🔹 Reported To: Sifchain
🔹 Reported By: #n33dm0n3y
🔹 State: ⚪️ Informative
🔹 Disclosed: December 9, 2021, 5:51pm (UTC)
Clickjacking /framing on sensitive Subdomain
👉 https://hackerone.com/reports/1195209
🔹 Severity: No Rating
🔹 Reported To: Sifchain
🔹 Reported By: #ilxax1
🔹 State: 🔴 N/A
🔹 Disclosed: December 9, 2021, 5:51pm (UTC)
👉 https://hackerone.com/reports/1195209
🔹 Severity: No Rating
🔹 Reported To: Sifchain
🔹 Reported By: #ilxax1
🔹 State: 🔴 N/A
🔹 Disclosed: December 9, 2021, 5:51pm (UTC)
Sifchain Privacy Policy Webpage Uses Wordpress Default Template. Does Not Display Correct Privacy Policy.
👉 https://hackerone.com/reports/1196049
🔹 Severity: No Rating
🔹 Reported To: Sifchain
🔹 Reported By: #masq31
🔹 State: 🔴 N/A
🔹 Disclosed: December 9, 2021, 5:52pm (UTC)
👉 https://hackerone.com/reports/1196049
🔹 Severity: No Rating
🔹 Reported To: Sifchain
🔹 Reported By: #masq31
🔹 State: 🔴 N/A
🔹 Disclosed: December 9, 2021, 5:52pm (UTC)
Information Disclosure at one of your subdomain
👉 https://hackerone.com/reports/1195423
🔹 Severity: No Rating
🔹 Reported To: Sifchain
🔹 Reported By: #omemishra
🔹 State: 🔴 N/A
🔹 Disclosed: December 9, 2021, 5:52pm (UTC)
👉 https://hackerone.com/reports/1195423
🔹 Severity: No Rating
🔹 Reported To: Sifchain
🔹 Reported By: #omemishra
🔹 State: 🔴 N/A
🔹 Disclosed: December 9, 2021, 5:52pm (UTC)
No Rate Limit in email leads to huge Mass mailings
👉 https://hackerone.com/reports/1185903
🔹 Severity: No Rating
🔹 Reported To: Sifchain
🔹 Reported By: #sudhakarsurya
🔹 State: 🔴 N/A
🔹 Disclosed: December 9, 2021, 5:52pm (UTC)
👉 https://hackerone.com/reports/1185903
🔹 Severity: No Rating
🔹 Reported To: Sifchain
🔹 Reported By: #sudhakarsurya
🔹 State: 🔴 N/A
🔹 Disclosed: December 9, 2021, 5:52pm (UTC)
Design Issues at Main Domain
👉 https://hackerone.com/reports/1188652
🔹 Severity: Low
🔹 Reported To: Sifchain
🔹 Reported By: #n33dm0n3y
🔹 State: 🟤 Duplicate
🔹 Disclosed: December 9, 2021, 6:49pm (UTC)
👉 https://hackerone.com/reports/1188652
🔹 Severity: Low
🔹 Reported To: Sifchain
🔹 Reported By: #n33dm0n3y
🔹 State: 🟤 Duplicate
🔹 Disclosed: December 9, 2021, 6:49pm (UTC)
Username disclosure at Main Domain
👉 https://hackerone.com/reports/1188662
🔹 Severity: Low
🔹 Reported To: Sifchain
🔹 Reported By: #n33dm0n3y
🔹 State: 🟤 Duplicate
🔹 Disclosed: December 9, 2021, 6:50pm (UTC)
👉 https://hackerone.com/reports/1188662
🔹 Severity: Low
🔹 Reported To: Sifchain
🔹 Reported By: #n33dm0n3y
🔹 State: 🟤 Duplicate
🔹 Disclosed: December 9, 2021, 6:50pm (UTC)
No valid SPF record found
👉 https://hackerone.com/reports/1187001
🔹 Severity: No Rating
🔹 Reported To: Sifchain
🔹 Reported By: #tamilarasi11
🔹 State: 🔴 N/A
🔹 Disclosed: December 9, 2021, 7:17pm (UTC)
👉 https://hackerone.com/reports/1187001
🔹 Severity: No Rating
🔹 Reported To: Sifchain
🔹 Reported By: #tamilarasi11
🔹 State: 🔴 N/A
🔹 Disclosed: December 9, 2021, 7:17pm (UTC)