Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

CS Money - HackerOne Reports

View on HackerOne

24

Total Reports

2

Critical

2

High

13

Medium

5

Low

Origin IP found, Cloudflare bypassed

Reported by: sawmj | Disclosed:

Medium

Weakness: Violation of Secure Design Principles

Cookie poisoning leads to DOS and Privacy Violation

Reported by: benjamin-mauss | Disclosed:

High

Weakness: Privacy Violation

Bounty: $700.00

Internal Path Disclosure

Reported by: mr_vrush | Disclosed:

Low

Weakness: File and Directory Information Exposure

Bounty: $100.00

ReDoS at wiki.cs.money graphQL endpoint (AND probably a kind of command injection)

Reported by: mvm | Disclosed:

Medium

Weakness: Uncontrolled Resource Consumption

Bounty: $250.00

Pixel Flood Attack leads to Application level DoS

Reported by: mr_vrush | Disclosed:

Low

Weakness: Uncontrolled Resource Consumption

Bounty: $200.00

Application DOS via specially crafted payload on 3d.cs.money

Reported by: enigmaticjohn | Disclosed:

Medium

Improper authentication in the load sell inventory page

Reported by: niggy | Disclosed:

Weakness: Improper Authentication - Generic

Previously created sessions continue being valid after MFA activation

Reported by: benjamin-mauss | Disclosed:

Medium

Manipulate Uneditable Messages in Support

Reported by: ahmd_halabi | Disclosed:

High

Weakness: Business Logic Errors

Blind Based SQL Injection in 3d.sc.money

Reported by: sawmj | Disclosed:

Weakness: SQL Injection

Able to upload backgrounds before entering 2FA

Reported by: mr_vrush | Disclosed:

Medium

Weakness: Improper Authentication - Generic

Content Spoofing/Text Injection in https://support.cs.money and JS file not minified and uglyfied which makes it clearly readable

Reported by: rootishere | Disclosed:

Low

Weakness: User Interface (UI) Misrepresentation of Critical Information

Bypass restrict of member subscription to use custom background in https://3d.cs.money without prime subscription

Reported by: khoabda1 | Disclosed:

Medium

Bypass Filter on link of build

Reported by: khoabda1 | Disclosed:

Low

IDOR in https://3d.cs.money/

Reported by: khoabda1 | Disclosed:

Medium

Weakness: Insecure Direct Object Reference (IDOR)

Attacker can generate cancelled transctions in a user's transaction history using only Steam ID

Reported by: pmnh | Disclosed:

Medium

Weakness: Improper Authorization

Bounty: $300.00

SSRF via 3d.cs.money/pasteLinkToImage

Reported by: putsi | Disclosed:

Medium

Weakness: Server-Side Request Forgery (SSRF)

Html injection on subscription email

Reported by: benjamin-mauss | Disclosed:

Medium

Weakness: Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)

Bounty: $300.00

Site-wide CSRF on Safari due to CORS misconfiguration (not localhost)

Reported by: nnez | Disclosed:

Medium

Weakness: Cross-Site Request Forgery (CSRF)

Bounty: $300.00

[cs.money] Open Redirect Leads to Account Takeover

Reported by: abdilahrf_ | Disclosed:

Medium

Weakness: Improper Authentication - Generic

Page 1 of 2 Next