Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

Bumble - HackerOne Reports

View on HackerOne

25

Total Reports

1

Critical

4

High

8

Medium

6

Low

Identify unique user ID of all the profiles

Reported by: covertlyovert | Disclosed:

Medium

Weakness: Insecure Direct Object Reference (IDOR)

Bumble API exposes read status of chat messages

Reported by: ndrong | Disclosed:

Medium

Weakness: Information Disclosure

Bounty: $600.00

crossdomain.xml too permissive on eu1.badoo.com, us1.badoo.com, etc.

Reported by: stefanovettorazzi | Disclosed:

Weakness: Violation of Secure Design Principles

SSO through odnoklassniki uses http rather than https

Reported by: matthijsmelissen | Disclosed:

Low

Weakness: Cleartext Transmission of Sensitive Information

CSRF Attack on (m.badoo.com)deleting account and erasing imported contacts

Reported by: tikoo_sahil | Disclosed:

Medium

Weakness: Cross-Site Request Forgery (CSRF)

Bounty: $280.00

Leak of authorization urls leads to account takeover

Reported by: 0x3c3e | Disclosed:

Weakness: Violation of Secure Design Principles

Open redirect helps to steal Facebook access_token

Reported by: stefanovettorazzi | Disclosed:

Weakness: Open Redirect

Unvalidated redirect on team.badoo.com

Reported by: tsug0d | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Generic

Bounty: $140.00

On Singing up with a Phone number , The 4 digit OTP does not expires for a long time leading to an easy attack and make a verified account easilty

Reported by: theuniversaldude | Disclosed:

High

Weakness: Violation of Secure Design Principles

XSS DI BIODATA

Reported by: rijall404 | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Stored

Compromising the user ID

Reported by: jarvis0x1 | Disclosed:

High

Weakness: Information Disclosure

The login of Hotor Not is Vulnerable to bruteforce.

Reported by: oo7hacker3 | Disclosed:

High

Weakness: Improper Restriction of Authentication Attempts

Reflected XSS

Reported by: 0xnazmul | Disclosed:

Critical

Weakness: Cross-site Scripting (XSS) - Reflected

Bounty: $1000.00

Misconfigured oauth leads to Pre account takeover

Reported by: dhakal_bibek | Disclosed:

Low

Weakness: Business Logic Errors

Possible (we need to wait for some time) takeover of subdomain badootech.badoo.com which is pointing to Medium servers

Reported by: w2w | Disclosed:

Medium

Weakness: Business Logic Errors

Bruteforce password recovery code

Reported by: 0x3c3e | Disclosed:

Weakness: Violation of Secure Design Principles

Leave inaccessible messaging system with a message (https://us1.badoo.com)

Reported by: ahiezer | Disclosed:

Medium

Arbitrary modification value "session" (Cookie) in badoo.com

Reported by: ahiezer | Disclosed:

Low

CSRF bug

Reported by: dark_heaven | Disclosed:

Weakness: Cross-Site Request Forgery (CSRF)

Race Condition on "Get free Badoo Premium" which allows to get more days of free premium for Free.

Reported by: th4nu_0x0 | Disclosed:

Low

Page 1 of 2 Next