FantasyTote: Weak HSTS age

Send this request: https://www.fantasytote.com/login GET /login HTTP/1.1 Host: www.fantasytote.com User-Agent: Mozilla/5.0 Windows NT 6.3; WOW64; rv:47.0 Gecko/20100101 Firefox/47.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5...

FantasyTote: Betting more than max amount

Hey Fantasytote, This is not really a security issue since this won't leak any data of other users or something like that but i still wanted to tell you this because there must be a reason you guys limit the max bet to 150 euro per bet. You can reproduce this issue by betting 150 euro, intercepti...

FantasyTote: Urgent Fix Balance Limit bypass

Hi check this Video POC i am able to bypass the Limit of deposite balnce the limit is 150 but i can put 2000 https://drive.google.com/file/d/0B-HtZBO84sdSMkFEQ21vZW5Uak0/view Thanks Regards Tayyab Qadir...

FantasyTote: Bypass logout

Hi again , you can logout any user by sending him this link : Poc link : https://www.fantasytote.com/logout...

FantasyTote: Insecure password change mechanism may lead to full account takeover

Description: The password change mechanism which is located at https://www.fantasytote.com/users/edit is insecure as there is no old password field deployed in it. Any unauthorized user can access the account and can change the password directly without knowing the old password. The current...

FantasyTote: Stored number of clicks in the Deposits button

Hi, i have found a cache issue that your system store the number of clicks at the Deposits button. You can click the Deposits button more than one time and the amount will by multiplied by the number of clicks . I have attacked the poc . Thanks...