Stripo Inc: No rate limit in email subscription

I managed to bypass the following report 1029723 please follow the steps below: Description: No rate limit in Email Subscription, you just have to add a fixed throttle in Burp Suite to avoid the 429 response. Note: I will use tempmail in the screenshots PoC Steps: 1. Go to https://stripo.email/ a...

Webgalamb Information Disclosure / XSS / CSRF / SQL Injection

Summary ------- Vendor: E.N.S. Zrt www.ens.hu Product: Webgalamb www.webgalamb.hu, www.facebook.com/webgalamb Webgalamb is a commercial email marketing software for managing subscription lists and sending out bulk emails. It is not SaaS but a PHP based web application that is typically hosted nex...

Cybozu Mailwise contains issue in preventing clickjacking attacks

Overview Cybozu Mailwise contains multiple pages for editing/sending bulk emails. Some of these pages fail to protect against clickjacking attacks. Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the...

JVN#04125292: Cybozu Mailwise contains issue in preventing clickjacking attacks

Cybozu Mailwise contains multiple pages for editing/sending bulk emails. Some of these pages fail to protect against clickjacking attacks. Impact If a user views a malicious page while logged in, the user may be tricked into conducting unintended operations. Solution Update the Software Update to...