No Valid SPF Records at sifchain.finance
👉 https://hackerone.com/reports/1188725
🔹 Severity: No Rating
🔹 Reported To: Sifchain
🔹 Reported By: #n33dm0n3y
🔹 State: ⚪️ Informative
🔹 Disclosed: December 9, 2021, 5:51pm (UTC)
👉 https://hackerone.com/reports/1188725
🔹 Severity: No Rating
🔹 Reported To: Sifchain
🔹 Reported By: #n33dm0n3y
🔹 State: ⚪️ Informative
🔹 Disclosed: December 9, 2021, 5:51pm (UTC)
Clickjacking /framing on sensitive Subdomain
👉 https://hackerone.com/reports/1195209
🔹 Severity: No Rating
🔹 Reported To: Sifchain
🔹 Reported By: #ilxax1
🔹 State: 🔴 N/A
🔹 Disclosed: December 9, 2021, 5:51pm (UTC)
👉 https://hackerone.com/reports/1195209
🔹 Severity: No Rating
🔹 Reported To: Sifchain
🔹 Reported By: #ilxax1
🔹 State: 🔴 N/A
🔹 Disclosed: December 9, 2021, 5:51pm (UTC)
Sifchain Privacy Policy Webpage Uses Wordpress Default Template. Does Not Display Correct Privacy Policy.
👉 https://hackerone.com/reports/1196049
🔹 Severity: No Rating
🔹 Reported To: Sifchain
🔹 Reported By: #masq31
🔹 State: 🔴 N/A
🔹 Disclosed: December 9, 2021, 5:52pm (UTC)
👉 https://hackerone.com/reports/1196049
🔹 Severity: No Rating
🔹 Reported To: Sifchain
🔹 Reported By: #masq31
🔹 State: 🔴 N/A
🔹 Disclosed: December 9, 2021, 5:52pm (UTC)
Information Disclosure at one of your subdomain
👉 https://hackerone.com/reports/1195423
🔹 Severity: No Rating
🔹 Reported To: Sifchain
🔹 Reported By: #omemishra
🔹 State: 🔴 N/A
🔹 Disclosed: December 9, 2021, 5:52pm (UTC)
👉 https://hackerone.com/reports/1195423
🔹 Severity: No Rating
🔹 Reported To: Sifchain
🔹 Reported By: #omemishra
🔹 State: 🔴 N/A
🔹 Disclosed: December 9, 2021, 5:52pm (UTC)
No Rate Limit in email leads to huge Mass mailings
👉 https://hackerone.com/reports/1185903
🔹 Severity: No Rating
🔹 Reported To: Sifchain
🔹 Reported By: #sudhakarsurya
🔹 State: 🔴 N/A
🔹 Disclosed: December 9, 2021, 5:52pm (UTC)
👉 https://hackerone.com/reports/1185903
🔹 Severity: No Rating
🔹 Reported To: Sifchain
🔹 Reported By: #sudhakarsurya
🔹 State: 🔴 N/A
🔹 Disclosed: December 9, 2021, 5:52pm (UTC)
Design Issues at Main Domain
👉 https://hackerone.com/reports/1188652
🔹 Severity: Low
🔹 Reported To: Sifchain
🔹 Reported By: #n33dm0n3y
🔹 State: 🟤 Duplicate
🔹 Disclosed: December 9, 2021, 6:49pm (UTC)
👉 https://hackerone.com/reports/1188652
🔹 Severity: Low
🔹 Reported To: Sifchain
🔹 Reported By: #n33dm0n3y
🔹 State: 🟤 Duplicate
🔹 Disclosed: December 9, 2021, 6:49pm (UTC)
Username disclosure at Main Domain
👉 https://hackerone.com/reports/1188662
🔹 Severity: Low
🔹 Reported To: Sifchain
🔹 Reported By: #n33dm0n3y
🔹 State: 🟤 Duplicate
🔹 Disclosed: December 9, 2021, 6:50pm (UTC)
👉 https://hackerone.com/reports/1188662
🔹 Severity: Low
🔹 Reported To: Sifchain
🔹 Reported By: #n33dm0n3y
🔹 State: 🟤 Duplicate
🔹 Disclosed: December 9, 2021, 6:50pm (UTC)
No valid SPF record found
👉 https://hackerone.com/reports/1187001
🔹 Severity: No Rating
🔹 Reported To: Sifchain
🔹 Reported By: #tamilarasi11
🔹 State: 🔴 N/A
🔹 Disclosed: December 9, 2021, 7:17pm (UTC)
👉 https://hackerone.com/reports/1187001
🔹 Severity: No Rating
🔹 Reported To: Sifchain
🔹 Reported By: #tamilarasi11
🔹 State: 🔴 N/A
🔹 Disclosed: December 9, 2021, 7:17pm (UTC)
Vulnerability : Email Spoofing
👉 https://hackerone.com/reports/1180668
🔹 Severity: No Rating
🔹 Reported To: Sifchain
🔹 Reported By: #tajammul
🔹 State: 🟤 Duplicate
🔹 Disclosed: December 9, 2021, 7:18pm (UTC)
👉 https://hackerone.com/reports/1180668
🔹 Severity: No Rating
🔹 Reported To: Sifchain
🔹 Reported By: #tajammul
🔹 State: 🟤 Duplicate
🔹 Disclosed: December 9, 2021, 7:18pm (UTC)
CORS (Cross-Origin Resource Sharing) origin validation failure
👉 https://hackerone.com/reports/1192147
🔹 Severity: No Rating
🔹 Reported To: Sifchain
🔹 Reported By: #11holefinder
🔹 State: 🟤 Duplicate
🔹 Disclosed: December 9, 2021, 7:18pm (UTC)
👉 https://hackerone.com/reports/1192147
🔹 Severity: No Rating
🔹 Reported To: Sifchain
🔹 Reported By: #11holefinder
🔹 State: 🟤 Duplicate
🔹 Disclosed: December 9, 2021, 7:18pm (UTC)
Linux Desktop application "sifnoded" executable does not use Pie / no ASLR
👉 https://hackerone.com/reports/1188633
🔹 Severity: No Rating
🔹 Reported To: Sifchain
🔹 Reported By: #n33dm0n3y
🔹 State: ⚪️ Informative
🔹 Disclosed: December 9, 2021, 7:48pm (UTC)
👉 https://hackerone.com/reports/1188633
🔹 Severity: No Rating
🔹 Reported To: Sifchain
🔹 Reported By: #n33dm0n3y
🔹 State: ⚪️ Informative
🔹 Disclosed: December 9, 2021, 7:48pm (UTC)
Misconfiguration Certificate Authority Authorization Rule
👉 https://hackerone.com/reports/1186740
🔹 Severity: No Rating
🔹 Reported To: Sifchain
🔹 Reported By: #d4rk_r0s3
🔹 State: ⚪️ Informative
🔹 Disclosed: December 9, 2021, 7:49pm (UTC)
👉 https://hackerone.com/reports/1186740
🔹 Severity: No Rating
🔹 Reported To: Sifchain
🔹 Reported By: #d4rk_r0s3
🔹 State: ⚪️ Informative
🔹 Disclosed: December 9, 2021, 7:49pm (UTC)
Endpoint without access control leads to order informations and status changes
👉 https://hackerone.com/reports/1050753
🔹 Severity: Critical | 💰 1,000 USD
🔹 Reported To: Azbuka Vkusa
🔹 Reported By: #cabelo
🔹 State: 🟢 Resolved
🔹 Disclosed: December 9, 2021, 9:35pm (UTC)
👉 https://hackerone.com/reports/1050753
🔹 Severity: Critical | 💰 1,000 USD
🔹 Reported To: Azbuka Vkusa
🔹 Reported By: #cabelo
🔹 State: 🟢 Resolved
🔹 Disclosed: December 9, 2021, 9:35pm (UTC)
[BrakTooth] Bluetooth vulnerability allows attacker to disconnect or deny reconnection to BT devices connected to a target. Attack #2
👉 https://hackerone.com/reports/1397602
🔹 Severity: No Rating | 💰 3,000 USD
🔹 Reported To: Intel Corporation
🔹 Reported By: #matheus_garbelini
🔹 State: 🟢 Resolved
🔹 Disclosed: December 11, 2021, 3:40am (UTC)
👉 https://hackerone.com/reports/1397602
🔹 Severity: No Rating | 💰 3,000 USD
🔹 Reported To: Intel Corporation
🔹 Reported By: #matheus_garbelini
🔹 State: 🟢 Resolved
🔹 Disclosed: December 11, 2021, 3:40am (UTC)
[BrakTooth] Bluetooth vulnerability allows attacker to disconnect or deny reconnection to BT devices connected to a target. Attack #1
👉 https://hackerone.com/reports/1397601
🔹 Severity: No Rating | 💰 3,000 USD
🔹 Reported To: Intel Corporation
🔹 Reported By: #matheus_garbelini
🔹 State: 🟢 Resolved
🔹 Disclosed: December 11, 2021, 3:41am (UTC)
👉 https://hackerone.com/reports/1397601
🔹 Severity: No Rating | 💰 3,000 USD
🔹 Reported To: Intel Corporation
🔹 Reported By: #matheus_garbelini
🔹 State: 🟢 Resolved
🔹 Disclosed: December 11, 2021, 3:41am (UTC)
Missing captcha and rate limit protection in help form
👉 https://hackerone.com/reports/1165223
🔹 Severity: Medium
🔹 Reported To: MTN Group
🔹 Reported By: #aliyugombe
🔹 State: 🟢 Resolved
🔹 Disclosed: December 11, 2021, 1:47pm (UTC)
👉 https://hackerone.com/reports/1165223
🔹 Severity: Medium
🔹 Reported To: MTN Group
🔹 Reported By: #aliyugombe
🔹 State: 🟢 Resolved
🔹 Disclosed: December 11, 2021, 1:47pm (UTC)
RXSS - http://macademy.mtnonline.com
👉 https://hackerone.com/reports/1091165
🔹 Severity: Medium
🔹 Reported To: MTN Group
🔹 Reported By: #0xelkomy
🔹 State: 🟢 Resolved
🔹 Disclosed: December 11, 2021, 3:31pm (UTC)
👉 https://hackerone.com/reports/1091165
🔹 Severity: Medium
🔹 Reported To: MTN Group
🔹 Reported By: #0xelkomy
🔹 State: 🟢 Resolved
🔹 Disclosed: December 11, 2021, 3:31pm (UTC)
add class vulnerable Stored XSS
👉 https://hackerone.com/reports/1215179
🔹 Severity: Medium
🔹 Reported To: Mail.ru
🔹 Reported By: #mrirfan__07
🔹 State: 🟢 Resolved
🔹 Disclosed: December 12, 2021, 3:46am (UTC)
👉 https://hackerone.com/reports/1215179
🔹 Severity: Medium
🔹 Reported To: Mail.ru
🔹 Reported By: #mrirfan__07
🔹 State: 🟢 Resolved
🔹 Disclosed: December 12, 2021, 3:46am (UTC)
Error Page Content Spoofing or Text Injection
👉 https://hackerone.com/reports/1421413
🔹 Severity: No Rating
🔹 Reported To: Judge.me
🔹 Reported By: #tefa_
🔹 State: 🔴 N/A
🔹 Disclosed: December 13, 2021, 7:16am (UTC)
👉 https://hackerone.com/reports/1421413
🔹 Severity: No Rating
🔹 Reported To: Judge.me
🔹 Reported By: #tefa_
🔹 State: 🔴 N/A
🔹 Disclosed: December 13, 2021, 7:16am (UTC)
Vulnerabilities in exported activity WebView
👉 https://hackerone.com/reports/414101
🔹 Severity: Medium | 💰 350 USD
🔹 Reported To: Shipt
🔹 Reported By: #shell_c0de
🔹 State: 🟢 Resolved
🔹 Disclosed: December 13, 2021, 7:30pm (UTC)
👉 https://hackerone.com/reports/414101
🔹 Severity: Medium | 💰 350 USD
🔹 Reported To: Shipt
🔹 Reported By: #shell_c0de
🔹 State: 🟢 Resolved
🔹 Disclosed: December 13, 2021, 7:30pm (UTC)
No Rate limit on change password leads to account takeover
👉 https://hackerone.com/reports/1165285
🔹 Severity: Low
🔹 Reported To: Reddit
🔹 Reported By: #dreamispossible
🔹 State: 🟤 Duplicate
🔹 Disclosed: December 13, 2021, 10:47pm (UTC)
👉 https://hackerone.com/reports/1165285
🔹 Severity: Low
🔹 Reported To: Reddit
🔹 Reported By: #dreamispossible
🔹 State: 🟤 Duplicate
🔹 Disclosed: December 13, 2021, 10:47pm (UTC)