9 matches found
Legal Robot: Chat exposed using cookie
Hello Broken authentication and session management: Attacker can use cookies of an authenticated user to reads and write the chat on the behalf of user and miss guide the legalrobot team. Steps to reproduce: Sign-in https://app.legalrobot.com/sign-in Check the cookies of domain legaltobot.com...
Legal Robot: Broken links for stale domains may be leveraged for Phishing, Misinformation, Defaming
Hi, URL: https://www.legalrobot.com/press/2016/07/07/tech4good-on-a-global-scale/ Broken link for an expired domain which is available for sale: http://ecotechfoundation.net/ You may verify that it is available for sale @...
Legal Robot: Bypass email verification when register new account
Hi Legalrobot, I have found a way to ignore Activate your account in my mailbox. Here is my new acc: [email protected] and the activate link: https://app.legalrobot-uat.com/email-verify?v=1Y5wiWwcvGcxznjlUsO-TuyEZgFpVbxMmQdfpEKrVTp I never click on that link and i can still log in at...
Legal Robot: Header Injection In app.legalrobot.com
As per policy header injection are low priority bug but i recently discovered that when attacker change host to a special domain then victim will be redirect there.... My Request : GET /sign-in HTTP/1.1 Host: app.legalrobot.com User-Agent: Mozilla/5.0 X11; Linux x8664; rv:52.0 Gecko/20100101...
Legal Robot: Registration Allows Disposable Email Addresses
Hello LegalRobot, I'd like to report a nice little bug. As I already give a clear Title so I think u understand this.Simply LegalRobot allows disposable or temporary email address to register account. Let me know if u have any question Thanks Cheers Anas...
Legal Robot: Issues with Forgot password Error Handling
Hello @team, I found a similar issue to 249695.Where user when giving an error email id it is not showing any error response.This is not of high impact but this might throw the users in confusing state as there is no error message user will be waiting for the server response. Steps to reproduce:...
Legal Robot: LUCKY13 (CVE-2013-0169) effects legalrobot.com
Hello security team, The site legalrobot.com is potentially vulnerable to the Lucky13. Reference: --------- https://bugzilla.redhat.com/showbug.cgi?id=907589...
Legal Robot: Email spoofing-fake mail from your mail domain server
Hiii THERE Vulnerability Title There are few email spoofing tool is available free.one them is http://emkei.cz/ Description when I tried to send a email from [email protected] to my email ,it was successful but when i tried to send the another from [email protected] , i did not receive any...
Legal Robot: Subdomain takeover at api.legalrobot.com due to non-used domain in Modulus.io.
Hi, I noticed that the following domain: api.legalrobot.com was returning the following information: NO APPLICATION WAS FOUND FOR api.legalrobot.com F102881 from Modulus.io. The problem with this is that this tends to be pretty bad depending on the service you use. In this case, what I did was to...