Liberapay: Email Address Exposure via Gratipay Migration Tool

Through the /migrate route, an attacker can input the username of any user on the site and retrieve their primary email address without any authorization required. Steps to reproduce: Note: This cannot be performed with hackerone-target, because that account seems to return a None as an email. 1...

Gratipay: Saying goodbye to HackerOne and Gratipay.

Thank you, HackerOne I would like to make this the final report to Gratipay and thank everyone that was involved in this amazing journey. Gratipay is shutting down at the end of the year https://gratipay.news/the-end-cbfba8f50981 and to finish on a happy note we closed all of our reports as...

Gratipay: Reflected SQL Execution

my friend are the best hackers hackerone.com/rashidziaur hackerone.com/smziaurrashid hackerone.com/s4k16 they teach me how to hack a toaster F234731 Please Giv us $$$$$ for our family we are pooor . please consider this bug in your site F234733...

Gratipay: i am The bug

I am the bug i found a bug in your site here it is F234717 my friend are the greatest hackers hackerone.com/s4k16 and smziaurrashid told me u will giv me $$$ for my father F234723...

Gratipay: Bypassing X-frame options

bypass X-Frame-Options Proxy protection NOT used DomainUsing: gratipay.com Proxy protection NOT used , i can bypass X-Frame-Options header and recreate clickjacking on the whole domain. I see that you don't have a reverse proxy protection this allows all users to proxy your website rather than...

Gratipay: Adding Used Primary Email Address to attacker account and Account takeover

Summary I just found that the Gratipay is vulnerable for adding used Primary Email Address to attacker account and Account takeover of the Gratipay. Description I was looking at the source code of the application and I found that, "If the email address [email protected] is already added in the X...

Gratipay: 400 Bad Request [Use a third-party provider to sign in or create an account on Gratipay]

hi team .. i can not login or sign up with third-party social media like facebook , google , twitter ... i check one of them it show me message error 400 Bad Request please fixed soon...

Gratipay: clickjacking on https://gratipay.com/on/npm/[text]

hi team .. i found clickjacking URL on https://gratipay.com/on/npm/here this clickjacking must be 3 characturs and must be 5 number this entered endpoint of URL .. please fixed soon https://gratipay.com/on/npm/text step respond 1- go to https://gratipay.com/on/npm/text 2 - check name or number...

Gratipay: Reflected XSS - gratipay.com

Summary I would like to report a Reflected XSS on gratipay.com. Browsers Verified In Firefox 55.0.2 up to date Steps To Reproduce Goto this URL: https://gratipay.com/on/npm/cx%00A F215426...

Gratipay: Gratipay rails secret token (secret_key_base) publicly exposed in GitHub

Summary Gratipay's Rails secret token is publicly exposed on GitHub. Knowing the secret token allows an attacker to impersonate any user in the application. Thanks to EdOverflow for sharing the tips for finding security issues in GitHub projects, below is the referenced github for the analysis...

Gratipay: Show hide privacy giving receiving on my website

Hi team .. I found show hide privacy settings on website ... nobody can see on my profile but i put code on my website anybode can see my total giving .. Step reprodence .. 1- go to https://gratipay.com/demo/settings/ click turn on hide total to giving other and hide my self from search result th...

Gratipay: Missing Certificate Authority Authorization rule

Certificate Authority Authorization supported by LetsEncrypt and other CAs allows a domain owner to specify which Certificate Authorities should be allowed to issue certificates for the domain. All CAA-compliant certificate authorities should refuse to issue a certificate unless they are the CA o...

Gratipay: Sub domain take over in gratipay.com

Summary Sub domain take over in gratipay.com Description I scanned gratipay.com using knockpy to find the sub domains. I found one subdomain 'www.gratipay.com.herokudns.com'. But this sub domain is not registered in heroku. An attacker can buy this sub domain from heroku. Browsers Verified In...

Gratipay: SQL TEST

This is test report...

Gratipay: Application-level DoS on image's "size" parameter.

Summary --- The size parameter located on images is vulnerable to DoS. By modifying the parameter's value an attacker can cause the application to work very slowly. Description --- The issue is located in the getimageurl function in gratipay/models/team/init.py and can be exploited by replacing t...

Gratipay: self cross site scripting

Vulnerability Exploited : cross site scripting using csrf Vulnerable URL:https://gratipay.com/search Vulnerability Explanation :The application is vulnerable with Reflected Cross Site Scripting. Here application fails to validate user supplied inputs due to which an attacker can inject his own...

Gratipay: Possible User Session Hijack using Invalid HTTPS certificate on inside.gratipay.com domain

Good evening team! This is a theoretical risk but I thought it was still worth reporting since every endpoint and any data flowing through inside.gratipay.com is unencrypted. POC https://inside.gratipay.com And every sub directory under inside.gratipay.com. Description Since the certificate is on...

Gratipay: Possible user session hijack by invalid HTTPS certificate on inside.gratipay.com domain

Good evening team! This is a theoretical risk but I thought it was still worth reporting since every endpoint and any data flowing through inside.gratipay.com is unencrypted. POC https://inside.gratipay.com And every sub directory under inside.gratipay.com. Description Since the certificate is on...

Gratipay: CSP Policy Bypass and javascript execution

Content Security Policy CSP is a computer security standard introduced to prevent cross-site scripting XSS, clickjacking and other code injection attacks resulting from execution of malicious content in the trusted web page context. CSP provides a standard method for website owners to declare...

Gratipay: Email Spoofing

Hey Gratipay, It appears that spoofed email can be sent from 1 of your emails. The following email is vulnerable: [email protected] Information Email spoofing is the forgery of an email header so that the message appears to have originated from someone or somewhere other than the actual source...