Glovo - HackerOne Reports
View on HackerOne8
Total Reports
2
Critical
1
High
5
Medium
0
Low
Integer overflow vulnerability
Reported by:
0f1c3r
|
Disclosed:
Critical
Weakness: Integer Overflow
Reflected XSS on delivery.glovoapp.com
Reported by:
celesian
|
Disclosed:
Medium
Weakness: Cross-site Scripting (XSS) - Reflected
Server Side Template Injection on Name parameter during Sign Up process
Reported by:
battle_angel
|
Disclosed:
High
Weakness: Code Injection
Django debug enabled showing information about system, database, configuration files
Reported by:
omarelfarsaoui
|
Disclosed:
Medium
Weakness: Information Disclosure
chainning bugs to get full disclosure of Users addresses
Reported by:
spaceboy20
|
Disclosed:
Medium
Weakness: Information Disclosure
Moodle XSS on evolve.glovoapp.com
Reported by:
sn3akysnak3
|
Disclosed:
Medium
Weakness: Cross-site Scripting (XSS) - Reflected
Getting a free delivery by singing up from "[email protected]"
Reported by:
cmuppin
|
Disclosed:
Medium
Weakness: Privilege Escalation
Exposed valid AWS, Mysql, Sendgrid and other secrets
Reported by:
mehdisadir
|
Disclosed:
Critical
Weakness: Use of Hard-coded Credentials