OLX - HackerOne Reports
View on HackerOne60
Total Reports
4
Critical
8
High
16
Medium
2
Low
yaman.olx.ph/wordpress is using a very vulnerable version of WordPress and contains directory listing
Reported by:
mohamedsherif
|
Disclosed:
Critical
Weakness: Cross-Site Request Forgery (CSRF)
Bypassing Phone Verification For Posting AD On OLX
Reported by:
abhishekbaru
|
Disclosed:
Weakness: Improper Authentication - Generic
XSS inside HTML Link Tag
Reported by:
kustirama
|
Disclosed:
Medium
Weakness: Cross-site Scripting (XSS) - Reflected
Manipulating joinolx.com Job Vacancy alert subscription emails (HTML Injection / Script Injection)
Reported by:
thezawad
|
Disclosed:
Weakness: Cross-site Scripting (XSS) - Generic
XSS on Home page olx.com.ar via auto save search text
Reported by:
c37hun
|
Disclosed:
Weakness: Cross-site Scripting (XSS) - Generic
OLX is vulnerable to clickjaking
Reported by:
piyushsonikumar1671
|
Disclosed:
Medium
web cache deception in https://tradus.com lead to name/user_id enumeration and other info
Reported by:
f_m
|
Disclosed:
Medium
Weakness: Violation of Secure Design Principles
blog.praca.olx.pl database credentials exposure
Reported by:
hdbreaker
|
Disclosed:
Medium
Weakness: Information Disclosure
XSS Reflected at SEARCH >>
Reported by:
atsvetkov1337
|
Disclosed:
High
Weakness: Cross-site Scripting (XSS) - Reflected
cross-site scripting in get request
Reported by:
wonderwomen007
|
Disclosed:
Weakness: Cross-site Scripting (XSS) - Generic
stored XSS in olx.pl - ogloszenie TITLE element - moderator acc can be hacked
Reported by:
lucasm
|
Disclosed:
Weakness: Cross-site Scripting (XSS) - Generic
Reflected XSS in www.olx.ph
Reported by:
kasperkarlsson
|
Disclosed:
Weakness: Cross-site Scripting (XSS) - Generic
Arbitrary File Reading
Reported by:
konqi
|
Disclosed:
Reflected Cross Site scripting Attack (XSS)
Reported by:
nileshsapariya
|
Disclosed:
Weakness: Cross-site Scripting (XSS) - Generic
XSS @ *.letgo.com
Reported by:
thezawad
|
Disclosed:
Weakness: Cross-site Scripting (XSS) - Generic
All Active user sessions should be destroyed when user change his password!
Reported by:
smii3
|
Disclosed:
Weakness: Improper Authentication - Generic
Reflected XSS on m.olx.co.id via ad_type parameter
Reported by:
ameytakekar
|
Disclosed:
Medium
Weakness: Cross-site Scripting (XSS) - Reflected
XSS in OLX.pl ("title" in new advertisement)
Reported by:
d4w
|
Disclosed:
Weakness: Cross-site Scripting (XSS) - Stored
Bypass CSP frame-ancestors at olx.co.za, olx.com.gh
Reported by:
b9b86c2fc8409c628fb3de6
|
Disclosed:
Weakness: UI Redressing (Clickjacking)
Able to list user's public name, username, phone number, address, facebook ID...
Reported by:
lukeberner
|
Disclosed:
Weakness: Information Disclosure
Page 1 of 3
Next