Lucene search
K

9 matches found

Hacker One
Hacker One
added 2017/10/18 10:19 a.m.14 views

Legal Robot: Chat exposed using cookie

Hello Broken authentication and session management: Attacker can use cookies of an authenticated user to reads and write the chat on the behalf of user and miss guide the legalrobot team. Steps to reproduce: Sign-in https://app.legalrobot.com/sign-in Check the cookies of domain legaltobot.com...

6.8AI score
Exploits0
Hacker One
Hacker One
added 2017/10/11 4:7 a.m.11 views

Legal Robot: Broken links for stale domains may be leveraged for Phishing, Misinformation, Defaming

Hi, URL: https://www.legalrobot.com/press/2016/07/07/tech4good-on-a-global-scale/ Broken link for an expired domain which is available for sale: http://ecotechfoundation.net/ You may verify that it is available for sale @...

6.9AI score
Exploits0
Hacker One
Hacker One
added 2017/09/04 9:35 a.m.68 views

Legal Robot: Bypass email verification when register new account

Hi Legalrobot, I have found a way to ignore Activate your account in my mailbox. Here is my new acc: [email protected] and the activate link: https://app.legalrobot-uat.com/email-verify?v=1Y5wiWwcvGcxznjlUsO-TuyEZgFpVbxMmQdfpEKrVTp I never click on that link and i can still log in at...

0.5AI score
Exploits0
Hacker One
Hacker One
added 2017/08/29 6:33 p.m.40 views

Legal Robot: Header Injection In app.legalrobot.com

As per policy header injection are low priority bug but i recently discovered that when attacker change host to a special domain then victim will be redirect there.... My Request : GET /sign-in HTTP/1.1 Host: app.legalrobot.com User-Agent: Mozilla/5.0 X11; Linux x8664; rv:52.0 Gecko/20100101...

7.1AI score
Exploits0
Hacker One
Hacker One
added 2017/08/27 8:51 p.m.269 views

Legal Robot: Registration Allows Disposable Email Addresses

Hello LegalRobot, I'd like to report a nice little bug. As I already give a clear Title so I think u understand this.Simply LegalRobot allows disposable or temporary email address to register account. Let me know if u have any question Thanks Cheers Anas...

3.6AI score
Exploits0
Hacker One
Hacker One
added 2017/08/13 10:37 a.m.11 views

Legal Robot: Issues with Forgot password Error Handling

Hello @team, I found a similar issue to 249695.Where user when giving an error email id it is not showing any error response.This is not of high impact but this might throw the users in confusing state as there is no error message user will be waiting for the server response. Steps to reproduce:...

7AI score
Exploits0
Hacker One
Hacker One
added 2017/07/30 8:0 p.m.283 views

Legal Robot: LUCKY13 (CVE-2013-0169) effects legalrobot.com

Hello security team, The site legalrobot.com is potentially vulnerable to the Lucky13. Reference: --------- https://bugzilla.redhat.com/showbug.cgi?id=907589...

2.6CVSS0.9AI score0.35584EPSS
Exploits1
Hacker One
Hacker One
added 2016/08/26 7:9 a.m.35 views

Legal Robot: Email spoofing-fake mail from your mail domain server

Hiii THERE Vulnerability Title There are few email spoofing tool is available free.one them is http://emkei.cz/ Description when I tried to send a email from [email protected] to my email ,it was successful but when i tried to send the another from [email protected] , i did not receive any...

0.1AI score
Exploits0
Hacker One
Hacker One
added 2016/07/01 11:47 p.m.13 views

Legal Robot: Subdomain takeover at api.legalrobot.com due to non-used domain in Modulus.io.

Hi, I noticed that the following domain: api.legalrobot.com was returning the following information: NO APPLICATION WAS FOUND FOR api.legalrobot.com F102881 from Modulus.io. The problem with this is that this tends to be pretty bad depending on the service you use. In this case, what I did was to...

7AI score
Exploits0
Rows per page
Query Builder