C2FO: [admin.c2fo.com] Open Redirect

PoC FireFox: https://admin.c2fo.com///www.google.com/%2e%2e HTTP Request: GET ///www.google.com/%2e%2e HTTP/1.1 Host: admin.c2fo.com HTTP Response: Location: //www.google.com/%2e%2e/...

C2FO: All Active user sessions should be destroyed when user change his password!

Hello, There is an user sessions issue on your application that should be fixed. Proof of Concept ------------------------ Suppose, you have an account on C2FO app.c2fo.com. Somehow an attacker manage to get your password and logged in your account.. after knowing that your ID has been compromise...

C2FO: User guessing/enumeration at https://app.c2fo.com/api/password-reset

Hi there, I noticed a small information leak which allows an attacker to check whether an email address is associated with an account. Steps to reproduce: 1. Send a POST-Request to the url https://app.c2fo.com/api/password-reset as the following example shows: POST /api/password-reset HTTP/1.1...

C2FO: OPTIONS Method Enabled

Vulnerability Details:- I detected that OPTIONS method is allowed. This issue is reported as extra information. Impact:- Information disclosed from this page can be used to gain additional information about the target system. Remedy:- Disable OPTIONS method in all production systems. POC :- Reque...