Eobot: XSS on link in eobot account page

There is a XSS flaw in the account profile page https://eobot.com/user/userid which can execute javascript when a victim clicks one of the social media links listed in the personal information section of the web page. After some research I found that when a user inputs a twitter link into their...

Eobot: No password length restriction

Hello Eobot, I am able to sign up on your web application using a long 100000 characters password which may lead to website becoming unavailable or unresponsive. Usually this problem is caused by a vulnerable password hashing implementation. When a long password is sent, the password hashing...

Eobot: Multiple information disclosure

This script can help hackers check leaked email bases on registration with eobot without ban and etc.. https://www.eobot.com/[email protected] email disclosure in google google dork: site:eobot.com inurl:"widget.aspx" in result we see requests with email of your users...

Eobot: XSS in www.eobot.com(IE9 only)

You can reporoduce this bug from the following URL. It works on only IE9: https://www.eobot.com/coin.aspx?coin=/URL%26quot;\142\151\147%26quot;%26quot;\143\157\156\163\164\162\165\143\164\157\162%26quot;'%3E%3C%%20style='x:expression/ Note: This vector can bypass IE's XSS filter. I recommend fixi...

Eobot: IDOR on https://www.eobot.com/paypal

POC :- video attached...