Mars - HackerOne Reports
View on HackerOne64
Total Reports
11
Critical
11
High
30
Medium
10
Low
CRLF Inection at `██████████`
Reported by:
mo3giza
|
Disclosed:
Low
Weakness: CRLF Injection
IDOR in one subdomain of █████████ -> change information of pets without athorization!
Reported by:
haoshokunoo
|
Disclosed:
Medium
Weakness: Insecure Direct Object Reference (IDOR)
No CSRF protection when adding an item to cart
Reported by:
themarkib0x0
|
Disclosed:
Low
Weakness: Cross-Site Request Forgery (CSRF)
Stored XSS + CSRF in "apellido" value
Reported by:
never_die
|
Disclosed:
Medium
Weakness: Cross-site Scripting (XSS) - Stored
Reflected HTML Injection via contact (faq) search parameter on ██████████
Reported by:
the-white-evil
|
Disclosed:
Medium
Weakness: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
RXSS on ████ via q parameter
Reported by:
mo_salah12
|
Disclosed:
Low
Weakness: Cross-site Scripting (XSS) - Reflected
█████████ when adding branches to your account
Reported by:
kh4rish34v3n
|
Disclosed:
Critical
Weakness: Insecure Direct Object Reference (IDOR)
[XSS] Reflected XSS via POST request in (███████)
Reported by:
morphykutay
|
Disclosed:
Medium
Weakness: Cross-site Scripting (XSS) - Reflected
Jolokia Reflected XSS
Reported by:
ramzanrl
|
Disclosed:
Medium
Weakness: Cross-site Scripting (XSS) - Reflected
CVEs:
CVE-2018-1000129
CSRF to delete a pet
Reported by:
dd_06
|
Disclosed:
Medium
Weakness: Cross-Site Request Forgery (CSRF)
Reflected HTML Injection via contact (faq) search parameter on ███]=
Reported by:
the-white-evil
|
Disclosed:
Medium
Weakness: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
████ ' can add animal to other account ' at ██████
Reported by:
0xs4m
|
Disclosed:
Medium
Weakness: Insecure Direct Object Reference (IDOR)
' Full Account Takeover ' at █████
Reported by:
0xs4m
|
Disclosed:
Critical
Weakness: Improper Access Control - Generic
phpinfo() exposed on ██████████
Reported by:
thpless
|
Disclosed:
Weakness: Misconfiguration
Reflected xss on ████████
Reported by:
blax17
|
Disclosed:
Medium
Weakness: Cross-site Scripting (XSS) - Reflected
Bug Report #23JAN135 (subdomain takeover via shopify )
Reported by:
kuriyama
|
Disclosed:
High
Weakness: Privilege Escalation
Bug Report #23JAN136 (subdomain takeover via shopify )
Reported by:
kuriyama
|
Disclosed:
High
Weakness: Privilege Escalation
subdomain takeover at █████████
Reported by:
skoll101
|
Disclosed:
High
Weakness: Misconfiguration
debug.log File Exposure that exposes (user/████) username and password at █████████
Reported by:
skoll101
|
Disclosed:
High
Weakness: Cleartext Storage of Sensitive Information
Response Manipulation lead to bypass verification code while making appointment at `█████████`
Reported by:
mo3giza
|
Disclosed:
Medium
Weakness: Business Logic Errors
Page 1 of 4
Next