Hackerone disclosures 19th August 2020
Hacktivity from rioncool22
Blind Stored XSS Via Staff Name
https://hackerone.com/reports/948929
Disclosed at: 2020-08-18 19:41:41 UTC+0
Created at: 2020-07-31 23:06:18 UT C+0
Hacktivity from jaka\_tingkir
access permission is not revoked even if the email has been deleted or changed on the partner account \-partners\.shopify\-
https://hackerone.com/reports/870001
Disclosed at: 2020-08-18 19:44:19 UTC+0
Created at: 2020-05-10 12:56:32 UTC+0
Hacktivity from sreeju\_kc
OrderListInitial leaks order details
https://hackerone.com/reports/882412
Disclosed at: 2020-08-18 19:52:15 UTC+0
Created at: 2020-05-25 19:14:32 UTC+0
Hacktivity from jmp\_35p
Get analytics token using only apps permission
https://hackerone.com/reports/901775
Disclosed at: 2020-08-18 21:29:44 UTC+0
Created at: 2020-06-18 15:09:34 UTC+0
Hacktivity from tolo7010
Some store settings/data are accessible to "No Access" permission users on GraphQL LiveView operation
https://hackerone.com/reports/409973
Disclosed at: 2020-08-18 22:09:31 UTC+0
Created at: 2018-09-15 02:34:26 UTC+0
Hacktivity from rexvuz
Korea \- Reflected XSS on https://www\.istarbucks\.co\.kr/app/getGiftStock\.do via "skuNo" and "skuImgUrl" parameters
https://hackerone.com/reports/768345
Disclosed at: 2020-08-18 22:38:37 UTC+0
Created at: 2020-01-05 05:29:15 UTC+0
Hacktivity from ayyoub
Password reset link not expired at Stocky App
https://hackerone.com/reports/898841
Disclosed at: 2020-08-18 22:53:55 UTC+0
Created at: 2020-06-15 18:09:41 UTC+0
Hacktivity from hk755a
I\.D\.O\.R TO EDIT ALL USER'S CREDIT CARD INFORMATION\+\(Partial credit card info disclosure\)
https://hackerone.com/reports/361984
Disclosed at: 2020-08-19 00:59:14 UTC+0
Created at: 2018-06-05 06:18:58 UTC+0
Hacktivity from hk755a
I\.D\.O\.R To Order,Book,Buy,reserve On YELP FOR FREE \(UNAUTHORIZED USE OF OTHER USER'S CREDIT CARD\)
https://hackerone.com/reports/391092
Disclosed at: 2020-08-19 01:11:07 UTC+0
Created at: 2018-08-06 21:09:00 UTC+0
Hacktivity from hk755a
CRITICAL Insecure Direct Object Reference \(I\.D\.O\.R\) \- Link Other User's Credit Card
https://hackerone.com/reports/358143
Disclosed at: 2020-08-19 01:26:50 UTC+0
Created at: 2018-05-27 19:03:57 UTC+0
Hacktivity from irukandjisecresearch
Buffer overflow In hl\.exe's launch \-game argument allows an attacker to execute arbitrary code locally or from browser
https://hackerone.com/reports/832750
Disclosed at: 2020-08-19 03:20:04 UTC+0
Created at: 2020-03-27 13:07:35 UTC+0
Hacktivity from gamer7112
\[GoldSrc\] RCE via malformed BSP file
https://hackerone.com/reports/763403
Disclosed at: 2020-08-19 03:29:14 UTC+0
Created at: 2019-12-23 05:19:15 UTC+0
Hacktivity from gamer7112
\[GoldSrc\] RCE via 'spk' Console Command
https://hackerone.com/reports/769014
Disclosed at: 2020-08-19 04:37:36 UTC+0
Created at: 2020-01-06 20:39:03 UTC+0
Hacktivity from ja3far
Denial of Service when entring an Array in email at seetings
https://hackerone.com/reports/961997
Disclosed at: 2020-08-19 11:02:28 UTC+0
Created at: 2020-08-19 02:36:42 UTC+0
Hacktivity from harshita174
Missing SPF Records
https://hackerone.com/reports/652447
Disclosed at: 2020-08-19 13:15:18 UTC+0
Created at: 2019-07-21 13:41:35 UTC+0
Hacktivity from harshita174
Rate Limit too lenient for endpoint sending emails
https://hackerone.com/reports/658089
Disclosed at: 2020-08-19 15:11:55 UTC+0
Created at: 2019-07-24 13:40:32 UTC+0
Hacktivity from francisbeaudoin
Ability to generate shipping labels in another store orders
https://hackerone.com/reports/884159
Disclosed at: 2020-08-19 17:58:58 UTC+0
Created at: 2020-05-28 03:49:57 UTC+0
0 Comments