CS Money: Authentication Bypass to (CVE-2023-2982)

An authentication bypass vulnerability was discovered in an older version of the WordPress plugin WordPress Social Login and Register Discord, Google, Twitter, LinkedIn...

CS Money: Html injection on subscription email

Vulnerability description not provided...

CS Money: Cookie poisoning leads to DOS and Privacy Violation

Summary, submitted by gatolouco requires no additions by us and fully expresses impact and reasons behind the vulnerability. Summary By change the value of the cookie avatar, a hacker could not only get information of the support agent IP address, but also disconnect all the supports without...

CS Money: Attacker can generate cancelled transctions in a user's transaction history using only Steam ID

Summary: The API endpoint /create-payment requires only the steam ID of the account to create the payment. When this endpoint is called using the cardpay flow, it returns a transaction ID on the Cardpay system. The attacker can access this transaction, and immediately cancel it or pay it ; , whic...

CS Money: Blind XSS on image upload

Summary: - The CSRF vulnerability make a request for support.cs.money/uploadfile; This uploadfile does not have csrf token/ origin/ reference verification! - The XSS allows to execute JS. The payload of the XSS stay in the param 'filename' of the CSRF request. Steps To Reproduce: XSS - use a prox...

CS Money: Content Spoofing/Text Injection in https://support.cs.money and JS file not minified and uglyfied which makes it clearly readable

Issue 1: Greetings, Hello Team, I have found a Content Spoofing/Text Injection on this domain https://support.cs.money Using the below link the attacker can trick any genuine user to go to the attacker's phishing site. The attacker could craft the URL by providing discounts which will tempt the...

CS Money: Improper authentication in the load sell inventory page

Summary: Hello team, I found an endpoint response all data relate to sell mode inventory that doesn't have improper authentication in the link: https://cs.money/loadsellmodeinventory Steps To Reproduce: add details for how we can reproduce the issue 1. Open directly the link:...

CS Money: Application DOS via specially crafted payload on 3d.cs.money

Summary: Hello Team, While testing it was observed that on 3d.cs.money a DOS is possible via specially crafted request using only single request from single machine on search bar. Though I am aware of the Out of Scope policy "Any activity that could lead to the disruption of our service DoS", thi...

CS Money: Bypass Filter on link of build

Summary: Hello team, I found that a valid build will have a link with the following format https://3d.cs.money/item/0UkWN8vh2R If you save a build with /api/build/save. It will return a link to sync with your save builds The bug occurs when web app sync, you can custom the link of build with...

CS Money: Bypass restrict of member subscription to use custom background in https://3d.cs.money without prime subscription

Summary: In website https://3d.cs.money you need to subscribe prime to have a custom background for skin F999661 But with this vulnerability, we can use custom background without any fee required Steps To Reproduce: add details for how we can reproduce the issue - Grab a build of skin - Save it...

CS Money: Site-wide CSRF on Safari due to CORS misconfiguration (not localhost)

Description Hello there, on new.cs.money or cs.money, there is anti-CSRF mechanism, which is Referer header check. However, I discovered that regex logic for checking Referer header is flawed. I found that adding or at the end of the domain pass the validation. Therefore, if a request comes from...

CS Money: [cs.money] Open Redirect Leads to Account Takeover

Summary: I found an open redirect on https://cs.money domain, using this payload https://cs.money///google.com we can redirect into any domain that we want, you can see the request and response from this image below : ███ Steps To Reproduce: The final payload is having an account takeover as the...