PortSwigger Web Security - HackerOne Reports
View on HackerOne32
Total Reports
0
Critical
5
High
9
Medium
11
Low
Browser Self XSS Protection not implemented
Reported by:
allenaleen
|
Disclosed:
Weakness: Information Disclosure
Order-phishing via Payment ID URL
Reported by:
sp1d3rs
|
Disclosed:
Low
Weakness: Cross-Site Request Forgery (CSRF)
cgi scripts wordlist entry for windmail.exe has payload that sends arbitrary file read result to third-party
Reported by:
floyd
|
Disclosed:
Low
Weakness: Information Disclosure
Bounty: $200.00
HTML Injection in Swing can disclose netNTLM hash or cause DoS
Reported by:
issuefinder
|
Disclosed:
Medium
Weakness: Information Disclosure
Bounty: $1000.00
HTTP OPTION Method is Enabled on portswigger.net
Reported by:
wragg-s
|
Disclosed:
Low
Weakness: Violation of Secure Design Principles
DLL Hijacking in Burp Suite Pro 2.0.19 Installer
Reported by:
freetom
|
Disclosed:
Medium
Weakness: Privilege Escalation
Burp Suite extensions can execute arbitrary code
Reported by:
iamunixtz
|
Disclosed:
High
Clicking "http://burp" hyperlink on FireFox CA Installation guide redirects to "burp.com" (unclaimed website).
Reported by:
intelcorgi
|
Disclosed:
Low
Weakness: Open Redirect
Changing the administrator password via admin console does not invalidate other sessions
Reported by:
osama-hamad
|
Disclosed:
Low
Weakness: Improper Authentication - Generic
A user with only [MODIFY_SETTINGS] permmision could takeover any user accounts
Reported by:
osama-hamad
|
Disclosed:
Low
Weakness: Improper Access Control - Generic
No Rate Limit On Regenerate Password on Portswigger
Reported by:
thespiritman
|
Disclosed:
Email Spoofing
Reported by:
dhamu007
|
Disclosed:
Low
Weakness: Violation of Secure Design Principles
Previous
Page 2 of 2