Localize: Deleting groups in any project without permission

If you can make a group then why can't you delete the group :P With same method of creating the group you can delete the group But have some restrictions :/ : 1 in any project you ll not get to know the deleteGroupid 2 May be I'm only one who is making groups now so i can assume the deleteGroupid...

Localize: Full Path Disclosure (FPD) in www.localize.io

Hi, I found an information disclosure vulnerability/Full Path Disclosure on your application. Proof of Concept ------------------------- GET : http://www.localize.io/pages/createproject/ project ID POST CONTENT: CSRFToken=TOKEN...

Localize: Apache Documentation

Might want to remove this. : http://localize.io/manual...

Localize: Login page password-guessing attack

Login page password-guessing attack Vulnerability description A common threat web developers face is a password-guessing attack known as a brute force attack. A brute-force attack is an attempt to discover a password by systematically trying every possible combination of letters, numbers, and...

Localize: Path Disclosure (Info Disclosure) in http://www.localize.io

Hello, I found a information disclosure vulnerability. How to reproduce: GET : http://www.localize.io/ POST : signinusername=test&signinpassword=test The info from page is Warning: trim expects parameter 1 to be string, array given in...

Localize: XSS in Localize.io

During signup I used " as my password.Just after pressing sign up I was forwarded to a new page,where that page was showing my username and asked to click to view my password.When I clicked the javascript executed. Attachment: xss.png...

Localize: Stored XSS

Hey!! Steps to reproduce : 1 while making account add xss payload in username like : " 2 login using this . 3 Go to settings tab http://www.localize.io/pages/settings 4 XSS ll get executed . Attached PoC . Daksh...