Stripo Inc - HackerOne Reports
View on HackerOne70
Total Reports
5
Critical
12
High
43
Medium
7
Low
subdomain takeover at status-stage0.stripo.email
Reported by:
laz0rde
|
Disclosed:
Medium
Weakness: Privilege Escalation
Permanent DOS for new users!
Reported by:
akashhamal0x01
|
Disclosed:
High
Weakness: Uncontrolled Resource Consumption
weak password poilicy in signup password leak to account takeover
Reported by:
assafrty
|
Disclosed:
Weakness: Violation of Secure Design Principles
Information disclosure through Server side resource forgery
Reported by:
checkm50
|
Disclosed:
Medium
Weakness: Server-Side Request Forgery (SSRF)
[www.stripo.email] You can override the speed limit by adding the X-Forwarded-For header.
Reported by:
what_web
|
Disclosed:
Medium
Weakness: Improper Authorization
stripo.email reflected xss
Reported by:
trazer
|
Disclosed:
Medium
Weakness: Cross-site Scripting (XSS) - Reflected
Memory Dump and Env Disclosure via Spring Boot Actuator
Reported by:
0xwise
|
Disclosed:
Medium
Weakness: Misconfiguration
multiple email usage -my.stripo.email-
Reported by:
rickiex
|
Disclosed:
Medium
Weakness: Improper Access Control - Generic
[demo.stripo.email] HTTP request Smuggling
Reported by:
deb0con
|
Disclosed:
Medium
Weakness: HTTP Request Smuggling
No rate limiting - Create data
Reported by:
ofjaaaah
|
Disclosed:
Medium
Weakness: Business Logic Errors
Non-revoked API Key Disclosure in a Disclosed API Key Disclosure Report on Stripo
Reported by:
whoisbinit
|
Disclosed:
Medium
Weakness: Cleartext Storage of Sensitive Information
No rate limit in email subscription
Reported by:
splint3rsec
|
Disclosed:
Medium
Weakness: Business Logic Errors
No rate limiting - Create Plug-ins
Reported by:
ofjaaaah
|
Disclosed:
Medium
Weakness: Business Logic Errors
Blind SSRF while Creating Templates
Reported by:
dotsecurity
|
Disclosed:
High
Weakness: Server-Side Request Forgery (SSRF)
[www.stripo.email] There is no rate limit for /it/contact-us/ endpoints
Reported by:
what_web
|
Disclosed:
Low
Weakness: Improper Authentication - Generic
[www.stripo.email] There is no rate limit for contact-us endpoints
Reported by:
what_web
|
Disclosed:
Low
Weakness: Improper Authorization
SSRF external interaction
Reported by:
0xcharan
|
Disclosed:
Low
Weakness: Server-Side Request Forgery (SSRF)
Race condition on my.stripo.email at /cabinet/stripeapi/v1/projects/298427/emails/folders uri
Reported by:
zeroc00i
|
Disclosed:
Medium
Weakness: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Stored XSS at Template Editor in "Section Name" Field of Block element 'Accordion'.
Reported by:
xploiterr
|
Disclosed:
Medium
Weakness: Cross-site Scripting (XSS) - Stored
CORS on my.stripo.email
Reported by:
nihadp
|
Disclosed: