Omise - HackerOne Reports
View on HackerOne28
Total Reports
1
Critical
2
High
14
Medium
7
Low
Found Origin IP's Lead To Access To [ Grafana Instance , PgHero Instance [ Can SQL Injection ]
Reported by:
elmahdi
|
Disclosed:
Medium
Weakness: Improper Access Control - Generic
Authenticity token doesnt expire after single use leading to CSRF
Reported by:
dark_haxor
|
Disclosed:
Weakness: Cross-Site Request Forgery (CSRF)
The endpoint '/test/webhooks' is vulnerable to DNS Rebinding
Reported by:
muhammadilyas
|
Disclosed:
Medium
Weakness: Server-Side Request Forgery (SSRF)
SSRF in webhooks leads to AWS private keys disclosure
Reported by:
honoki
|
Disclosed:
High
Weakness: Server-Side Request Forgery (SSRF)
Public and secret api key leaked via omise github repo(owned by omise)
Reported by:
noobwalid
|
Disclosed:
Weakness: Information Disclosure
Open S3 Bucket Accessible by any User
Reported by:
ravansurya
|
Disclosed:
Weakness: Information Disclosure
Bounty: $100.00
XSS via X-Forwarded-Host header
Reported by:
oblivionlight
|
Disclosed:
Medium
Weakness: Cross-site Scripting (XSS) - Reflected
Bounty: $200.00
PII Exposure via Email Confirmation Link – Email Embedded in Token & Leaked via Wayback Machine
Reported by:
mantu1738
|
Disclosed:
Medium
Weakness: Information Disclosure
Previous
Page 2 of 2