ReddAPI: Browser cross-site scripting filter misconfiguration

Issue detail :- No X-XSS-Protection header was set in the response. This means that the browser uses default behaviour that detection of a cross-site scripting attack never prevents rendering. Remediation detail The following header should be set: X-XSS-Protection: 1; mode=block Issue background ...

ReddAPI: No Captcha or rate limit on Login Page

Hello ReddApi Security Team, Vulnerability Detail's:- Login page can be brute forced due to lack of captcha or backoff Impact:- An attacker can bruteforce for a particular username and can get a possibly a account takeover. POC:- I have made a proof of concept video of the same:-...

ReddAPI: Login page password-guessing attack

Hello team of Reddapi! Here to report a vulnerability on your site. Affected site: www.reddapi.com Vulnerability: Login page password-guessing attack Severity:Low. Vulnerability description: A brute-force attack is an attempt to discover a password by systematically trying every possible...

ReddAPI: Session Fixation Found

Hello reddapi, iam saikiran a security researecher found a bug in your website... Authot- Sai Kiran bug-session fixation Severity: Medium Summary: The application does not set a new Session ID in the cookie after what appears to be an authentication attempt by the user. If this was a successful...