Reverb.com - HackerOne Reports
View on HackerOne13
Total Reports
0
Critical
5
High
4
Medium
2
Low
Stored xss in shop name @ lp.reverb.com
Reported by:
sandeep_hodkasia
|
Disclosed:
High
Weakness: Cross-site Scripting (XSS) - Stored
Basic auth details is still work on report ( 351555 )
Reported by:
m7mdharoun
|
Disclosed:
Low
Weakness: Information Disclosure
Full account takeover
Reported by:
sandeep_hodkasia
|
Disclosed:
High
Weakness: Improper Access Control - Generic
Race Condition allows to redeem multiple times gift cards which leads to free "money"
Reported by:
muon4
|
Disclosed:
High
Weakness: Business Logic Errors
IDOR - Ability to view unlisted products
Reported by:
yaworsk
|
Disclosed:
Weakness: Violation of Secure Design Principles
Items bought for free due to lacks of quantity controls
Reported by:
nadino
|
Disclosed:
High
Weakness: Business Logic Errors
Bypassing CSRF Token On Reply Message & Send Message
Reported by:
apapedulimu
|
Disclosed:
Low
Possible Blind Writing to S3 Bucket
Reported by:
yaworsk
|
Disclosed:
Weakness: Violation of Secure Design Principles
Disclosure of all uploads to Cloudinary via hardcoded api secret in Android app
Reported by:
bagipro
|
Disclosed:
Medium
XSS in buying and selling pages, can created spoofed content (false login message)
Reported by:
kiyell
|
Disclosed:
Medium
Weakness: Cross-site Scripting (XSS) - Reflected
Persistent XSS in https://sandbox.reverb.com/item/
Reported by:
bigshaq
|
Disclosed:
High
Weakness: Cross-site Scripting (XSS) - Stored
Api token exposed in Reverb.com's public github repository
Reported by:
albatraoz
|
Disclosed:
Medium
Weakness: Information Disclosure
XSS in main search, use class tag to imitate Reverb.com core functionality, create false login window
Reported by:
kiyell
|
Disclosed:
Medium