2 matches found
Bumble: The login of Hotor Not is Vulnerable to bruteforce.
I was able to validate that The Login of HotorNot is Vulnerable to BruteForcing . Steps to reproduce: 1. https://hotornot.com/signin 2.Use Burp intruder attack for BruteForcing 3.Send as many requests you want. Fix: Proper mitigation of BruteForcing should be done using Ratelimitng etc...
Bumble: Badoo and Hotornot User Disclosure
Hi, I have found that endpoint is leaking the currently logged in user which will result in stealing the user id and unmasking the current user, This behavior could be malicious to ads websites, rouge websites, etc... PoC Code: Badoo Current User Unmasking function UnmaskUserstr return...