30 matches found
Liberapay: another liberapay member team twitter account broken Link Hijacking via Expired Twitter Account Link
Hello again i discovered that there is another Liberapay profile of Liberapay team member at liberapay.com/mdvhimself contains a link to an expired Twitter account, creating a Broken Link Hijacking BLH vulnerability. An attacker could register the expired handle and control what appears to be an...
Liberapay: Liberapay member team twitter account broken Link Hijacking via Expired Twitter Account Link
The profile of a Liberapay team member contained a link to an expired Twitter account, creating a broken link hijacking vulnerability. The expired Twitter account link was displayed on the member's Liberapay profile and donation page, falsely confirming to donors that the account was legitimate a...
Liberapay: Unsafe yaml load can lead to remote code execution
The YAML load function can lead to remote code execution vulnerability. The vulnerability allows the construction of arbitrary Python objects from untrusted YAML data, which can be exploited by an attacker...
Liberapay: Password Reset Token Leak Via Referrer
Vulnerability description not provided...
Liberapay: Disavowed an email without any authentication
Vulnerability description not provided...
Liberapay: Disavowing an account doesn't disable it
Hello security team, while I testing your website, I found improper email verification while sign-up liberapay.com. Steps to reproduce: 1 Go to https://liberapay.com. 2 Create new account with any email. 3 You will receive an email verification to the given email. 4 Open that email and click "No,...
Liberapay: Failure to Invalid Session after Password Change
Summary While conducting my researching I discovered that the application Failure to invalidate session after password. In this scenario changing the password doesn't destroys the other sessions which are logged in with old passwords. Reproduction Steps -Login with the same account in Chrome and...
Liberapay: Leaking Of Sensitive Information on Github
Summary: Sensitive Data were leaked in https://github.com/liberapay/liberapay.com Steps To Reproduce: 1. Install gitleaks from https://github.com/zricethezav/gitleaks 2. Run the following command in a Linux terminal gitleaks -v --pretty -r=https://github.com/liberapay/liberapay.com The following...
Liberapay: Private target account appears in search results
Summary At policy page, there are special tailor account, highly confidential & secret ! F600997 - Hide this profile from search results on Liberapay - Prevent this profile from being listed on Liberapay - Target account hackerone-target-team Description In this exploit, I found Privacy setting...
Liberapay: Full Path disclosure on 500 error
On manipulating cookie + parameter: gitHub 500 error returned with path disclosing of Python Files. Error Below: Traceback most recent call last: File "/opt/python/run/venv/local/lib/python3.6/site-packages/statechain.py", line 328, in loop newstate = functiondeps.askwargs File...
Liberapay: Invalidate session after password reset
Website doesn't invalidate session after the password is reset which can enable attacker to continue using the compromised session. Steps: 1 Open same accounts in two different browsers 2 Change password in one browser and you will see that another browser still validate the session after passwor...
Liberapay: Reauthentication for changing password bypass
Hello There So Libra Pay has this security system because of which if a malicious user tries to change the password of a logged in account, whether by session hijack or anything else he will be asked to re-enter the password before he can change it. But this loop hole I found in the system using...
Liberapay: Session Cookie without HttpOnly and secure flag set
This report was closed as informative because we decided that for this to be a significant concern, the reporter would have to chain this issue with something else such as cross-site scripting...
Liberapay: Import of repositories from GitHub is tied to username instead of immutable ID
When a user verifies a Github account at /edit/elsewhere the final result is a Github username tied to a Liberapay account. The issue is Github usernames are mutable. Consider the scenario. 1. I create an account called ed-liberapay something likely to be claimed in the future 2. Verify that I ow...
Liberapay: Broken Authentication and session management OWASP A2
Hello @liberapay, Description: It seems now if attacker has csrf token & victim cookies then attacker can easily login to victim account without any login details. No need Of Any Username/Password Theory Proof-Of-Concept: - Go to https://liberapay.com/admin.101/edit/username any username/Self...
Liberapay: Cross site scripting (content-sniffing)
This type of XSS can only be triggered on and affects content sniffing browsers. This script is possibly vulnerable to Cross Site Scripting XSS attacks. This vulnerability affects /sign-up URL encoded POST input sign-in.currency was set to USDG8OAI!+! The input is reflected inside a text element...
Liberapay: Returning back from the browser after logging off will disclose some information
Summary : --------- Hi, I found an issue that is after signing out from the account and click back button continuously from the browser it will disclose sensitive information in all pages that the user open it when he is using his account like for example identity page . I believe that this issue...
Liberapay: Exploiting JSONP callback on /username/charts.json endpoint leads to information disclosure despite user's privacy settings
Hello! Vulnerability Details The /username/charts.json endpoint can return a JSONP callback due to the fact that jsonpdump is used in the file charts.json.spt. It appears that the content of the JSONP request depends on the authentication of the user. If the user enabled the privacy setting which...
Liberapay: REGISTRATION USING FAKE EMAIL ACCOUNT
Go to page https://liberapay.com/sign-up 2. Input email address I tried to register with some email address [email protected] [email protected] [email protected] [email protected] [email protected] 3. Select the currency you want to use 4. click "GO" button 5. Will automatically enter into account without going through the process of verification email...
Liberapay: Insecure Account Deletion
Hi Team, The removal of account is one of the sensitive part of a web application that needs to protect, therefore removing an account should validate the authenticity of the user, however i have found that when removing an account, the system did not require the user to input the account passwor...