Reverb.com: Race Condition allows to redeem multiple times gift cards which leads to free "money"

Hello team! I've found a Race Condition vulnerability which allows to redeem gift cards multiple times. This how a s/he can easily buy stuff just bying one gift card and redeem it over and over again. Steps to reproduce Preparations - Burp Suite Pro - Turbo Intruder Note: This also can be...

Reverb.com: Basic auth details is still work on report ( 351555 )

Hi , Seem report 351555 is not full fixed where 434762629765715:PQlkrSHPqqjhIBc0MmUkdjcqpps basic auth details are Still work on login Poc : https://api.cloudinary.com/v11/reverb/usage F309894 Impact information Disclose...

Reverb.com: XSS in buying and selling pages, can created spoofed content (false login message)

Previously this issue was resolved at another location in report 351376 After spending more time searching the website, I found additional areas where this problem persists: https://sandbox.reverb.com/my/buying/orders?query= https://sandbox.reverb.com/my/selling/listings?query=...

Reverb.com: Api token exposed in Reverb.com's public github repository

An access token of a user account was available in a public github repo. The token was tied to an experimental project, and the account was only used for that project, so no sensitive information was able to be obtained...

Reverb.com: XSS in main search, use class tag to imitate Reverb.com core functionality, create false login window

This is an expansion of 349684 which was flagged as a duplicate. In that bug report I explained that several HTML tags end up rendering when entered into the main search. I've since found out that the class attribute of multiple types of tags can be modified to create a realistic imitation of cor...

Reverb.com: Persistent XSS in https://sandbox.reverb.com/item/

Description I found a Persistent XSS in a listing page. The flaw is in the SoundCloud link that the listing owner can attachThe parameter is called productsoundcloudlinkattributeslink. There's no encoding on the user input and it looks like there's only client-side validation. PoC The payload:...

Reverb.com: Bypassing CSRF Token On Reply Message & Send Message

Issue was with CSRF token validation in sandbox environment. Just another bypassing CSRF , by delete the token. Thanks to reverb team, fixed and responded quickly. Reference : https://zseano.com/tutorials/5.html...

Reverb.com: Full account takeover

Hello Team, I got a security issue in reverb ios application which allows an attacker hack all users account. Since iOS application is not in the scope but still I am reporting this, because this vulnerability may compromise all users account. Please resolve this quickly. Desription: Reverb ios...

reverb.com XSS vulnerability

Vulnerable URL: https://reverb.com/marketplace?query=%22%3E%3Csvg%2Fonload%3Dprompt%27OPENBUGBOUNTY%27%3E Details: Description| Value ---|--- Patched:| Yes, at 22.09.2017 Latest check for patch:| 22.09.2017 13:01 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank|...