Bumble: Exfiltrating a victim's exact location (to within 5m)

I used Bumble's distance feature to exfiltrate the exact location to within approx 5m of a victim. I did this by using the Bumble API to move my attacker account's location around the approximate area of the victim. I was able to obtain the exact distance between attacker and victim at 3 separate...

Bumble: Bumble API exposes read status of chat messages

Summary The Bumble app allows matches to chat with each other. In the mobile apps it is possible to see whether a message has been delivered the webapp does not offer this feature, but the read status of messages is never disclosed. However, by issuing a POST request to the API endpoint at...

Several Unpatched Popular Android Apps Put Millions of Users at Risk of Hacking

A number of high-profile Android apps are still using an unpatched version of Google's widely-used app update library, potentially putting the personal data of hundreds of millions of smartphone users at risk of hacking. Many popular apps, including Grindr, Bumble, OkCupid, Cisco Teams, Moovit,...

Vulnerability in Bumble dating app risked data of 100 million users

By Sudais Asif It took Bumble 255 days to respond and fix some of the vulnerabilities reported by the researcher. This is a post from HackRead.com Read the original post: Vulnerability in Bumble dating app risked data of 100 million users...

Bumble: Race Condition on "Get free Badoo Premium" which allows to get more days of free premium for Free.

Summary: On Badoo when a user wants to delete his account it prompts for a Free 3 days premium or the user can proceed to delete his account. But when user choose to get free 3 day premium he can click Get free Badoo Premium and can enjoy free premium for three days, Here i found a race condition...

Dating Site Bumble Leaves Swipes Unsecured for 100M Users

After a taking closer look at the code for popular dating site and app Bumble, where women typically initiate the conversation, Independent Security Evaluators researcher Sanjana Sarda found concerning API vulnerabilities. These not only allowed her to bypass paying for Bumble Boost premium...

Bumble: Identify unique user ID of all the profiles

Through this vulnerability, one can know the unencrypted user ID of all the profiles Steps to reproduce: 1. Login to your Bumble profile 2. In the SERVERGETUSERLIST API replace the folder ID 0 with 7. This folder contains all the profiles in your deck /which you have right-swiped on screenshot 1;...

Bumble: XSS DI BIODATA

I did the injection with payload see mp4, I did the 1st and 2nd experiments. Sorry for the 1st experiment, I didn't video. When I did the first injection, there was an error after pressing the OK button. Impact the impact could have been someone who stole cookies...

Bumble: On Singing up with a Phone number , The 4 digit OTP does not expires for a long time leading to an easy attack and make a verified account easilty

Hello there how are you doing ? Go to sign up page and enter a new phone number and you will be redirected to https://bumble.com/registration/confirm-phone . You will receive a easy breakable 4 digit OTP Code . I waited for about 4 hours and the OTP did not expired , This shows that the OTP can b...

Bumble: Leak of authorization urls leads to account takeover

The researcher was able to pass verification to another account by finding confirmation data in response from the server...

Bumble: Bruteforce password recovery code

Summary It's possible to bruteforce recovery code from SMS as iOS application doesn't have limits for incorrect inputs. I have tried 50+ different combinations until I reached code from SMS. Steps To Reproduce 1. Click "Use another option" on application startup view 1. Enter your phone number 1...

Bumble: CSRF bug

Sir Recently I found a bug on add address. Check my exploit. It address can be default. I hope you will fix this as soon as possible...

Bumble: Email Spoofing

There is an Email Spoofing Vulnerability. Steps to reproduce: 1 Go to http://emkei.cz/ 2 Fill "From Email" field to [email protected] or any other badoo email. 3 Fill the victim's address your address to "TO" field and fill in other details as you wish. You will receive email from badoo admin...

Bumble: Leave inaccessible messaging system with a message (https://us1.badoo.com)

Hello, to test the messaging system I found a vulnerability that allows Inaccessible leave mensajaria system to another user only required to send a message. The vulnerability is in the system as the mobile version smiles and app do not have that system is only vulnerable version desktop VULNERAB...

Bumble: Arbitrary modification value "session" (Cookie) in badoo.com

Users who log on through https://m.badoo.com/ receive a session cookie named "session" whose value represents the user identifier. I have found a way to change the value of the cookie, this error can be used to: Leave off the application to a particular user to log on again, the attacker would ha...

Bumble: Получение оригинала скрытого изображения

Здравствуйте! В вашем сервисе есть фотографии сильно низкого качества, чтобы было невозможно разобрать кто на нем изображен. например разделе "Кому вы нравитесь?" Наше способ получить оригинал. Берем адрес скрытой картинки:...

Bumble: Badoo and Hotornot User Disclosure

Hi, I have found that endpoint is leaking the currently logged in user which will result in stealing the user id and unmasking the current user, This behavior could be malicious to ads websites, rouge websites, etc... PoC Code: Badoo Current User Unmasking function UnmaskUserstr return...

Bumble App - Base64 encoded String, Dangerous filesystem permissions, WebView SSL handling enabled vulnerabilities

HackApp vulnerability scanner discovered that application Bumble App published at the 'play' market has multiple vulnerabilities...

Bumble: Account Takeover

Hello this is regarding an account takeover via import image from facebook option, when we import fb photos a link with a token generated which is valid for any user and it can be use to replace user linked fb account to attacker fb account And then login via fb to takeover account Note: I tested...

Bumble: Open redirect helps to steal Facebook access_token

Description https://badoo.com/external/redirector.phtml is the endpoint used when authenticating using external services. This endpoint accepts the parameter state which is a base64 encoded URL. The URL can't be like http://google.com/, but it can be like http://google.com%2f.badoo.com/ which is ...