Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

Kartpay - HackerOne Reports

View on HackerOne

19

Total Reports

2

Critical

2

High

4

Medium

6

Low

Misconfiguration of Merchant id in jwt header + Weird Debug mode enabling behavior leads to exposed OTP of mobile number.

Reported by: basant0x01 | Disclosed:

High

Weakness: Improper Authentication - Generic

Host Header Injection

Reported by: streetdragon | Disclosed:

Medium

Weakness: HTTP Request Smuggling

Application Design issue for Phone Number field in Registration.

Reported by: eissen5c | Disclosed:

Low

Weakness: Information Exposure Through an Error Message

Captcha protection Bypass on Forgot password page

Reported by: bb00x | Disclosed:

Low

Weakness: Violation of Secure Design Principles

Being able to change account contents even after password change

Reported by: bubbletroublesnuggle | Disclosed:

Medium

Weakness: Insufficient Session Expiration

URl redirection

Reported by: ziel | Disclosed:

Medium

Weakness: Open Redirect

Duplicate Entry of email leads to 500 Server Error which disclosing the SQL Database table information

Reported by: basant0x01 | Disclosed:

Critical

Weakness: Information Disclosure

Full Path Disclosure of Server through 500 Server Error

Reported by: basant0x01 | Disclosed:

Low

Weakness: Information Disclosure

Disclosure of Merchant_id into the source code without entered OTP code leads to Victims MID takeover.

Reported by: basant0x01 | Disclosed:

Critical

Weakness: Information Disclosure

Bypass _token in forms [Merchant.Kartpay.com ]

Reported by: zxdrrr | Disclosed:

Option method enabled in kartpay Webservers

Reported by: lollol1 | Disclosed:

Low

Weakness: Information Disclosure

SMTP Failure Leads to Chain of Internal System Failure

Reported by: bb00x | Disclosed:

High

Weakness: Information Disclosure

Application Error disclosure, Verification token seen error and user able to change password

Reported by: amol01 | Disclosed:

Weakness: Improper Authentication - Generic

Error Page Content Spoofing or Text Injection [https://vpn.kartpay.com/]

Reported by: c00lbugs | Disclosed:

Weakness: Violation of Secure Design Principles

XSS in https://merchant.kartpay.com/settlements

Reported by: c00lbugs | Disclosed:

bypass captcha in the form forgot password

Reported by: hami | Disclosed:

Low

Weakness: Violation of Secure Design Principles

Admin/Info lekage

Reported by: abhhi | Disclosed:

Low

Weakness: Information Disclosure

Reflected XSS on https://merchant.kartpay.com/payment_settings [status]

Reported by: august1808 | Disclosed:

Weakness: Cross-site Scripting (XSS) - Reflected

Referer issue in Kartpay.com

Reported by: aslanemre | Disclosed:

Medium

Weakness: Open Redirect