Malicious code in sifchain (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bba6726e5c49f7145ec24517302983172df7b3e9dee7a58d8d0ac0bb35b974f5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-6118 Malicious code in sifchain (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bba6726e5c49f7145ec24517302983172df7b3e9dee7a58d8d0ac0bb35b974f5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in sifchain-changes-server (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 470b810e277ad42e0ef37f50e0810a03036d93b46fe39e9265979c921a16d162 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-6119 Malicious code in sifchain-changes-server (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 470b810e277ad42e0ef37f50e0810a03036d93b46fe39e9265979c921a16d162 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Sifchain: Subdomain Takeover on proxies.sifchain.finance pointing to vercel

Hello Team, Subdomain takeover vulnerabilities occur when a subdomain subdomain.example.com is pointing to a service e.g. GitHub pages, Heroku, etc. that has been removed or deleted. This allows an attacker to set up a page on the service that was being used and point their page to that subdomain...

Sifchain: Origin IP Disclosure Vulnerability

Summary: It is possible to access origin IP servers served by nginx and not cloudflare. Even though these IP's don't serve a functional version of the app it is possible to enable DDoS attacks by bypassing cloudflare protections. Steps To Reproduce: Even though these IP's don't serve a functional...

Sifchain: SSH server due to Improper Signature Verification

I found that you are using golang.org/x/[email protected] which has a vulnerability that was fixed in this version golang.org/x/[email protected] but that vulnerability is: golang.org/x/crypto/ssh is an SSH client and server Version...

Sifchain: 4 xss vulnerability dom based cwe 79 ; wordpress bootstrap.min.js is vulnerable

Summary: I have found a bug in your site and the bug is xss vulnerability and it is in your wordpress bootstrap.min.js program. I also do manually test and I got the xss vulnearability There are totally I have found 4 vulnearability in your system and which are belong to 2018 To 2019 Steps To...

Sifchain: Clickjacking at sifchain.finance

Hi team, While performing security testing of your website i have found the vulnerability called Clickjacking. Many URLS are in scope and vulnerable to Clickjacking. What is Clickjacking ? Clickjacking User Interface redress attack, UI redress attack, UI redressing is a malicious technique of...

Sifchain: Clickjacking

Bug Bounty ReportVulnerability Report Vulnerability Name: UI Redressing Clickjacking Vulnerability Description: Clickjacking classified as a User Interface redress attack, UI redress attack, UI redressing is a malicious technique of tricking a user into clicking on something different from what t...

Sifchain: clickjacking vulnerability

Summary: add summary of the vulnerability While performing security testing of your website i have found the vulnerability called Clickjacking. Many URLS are in scope and vulnerable to Clickjacking. What is Clickjacking ? Clickjacking User Interface redress attack, UI redress attack, UI redressin...

Sifchain: Possible Database Details stored in values.yaml

The database details like username and database name are disclosed in the below mentioned file. Assuming a blank password since the password field was empty. File Location : https://github.com/Sifchain/sifnode/blob/740331dad061ee0f5a3cf3798d429f294b70f0ae/deploy/helm/block-explorer/values.yaml I...

Sifchain: Wrong Implementation of Url in https://docs.sifchain.finance/

Hello Sifchain team, Here i found that there is a wrong implementation of telegram link in https://docs.sifchain.finance/join-sifchain/sifchain-communities which will not allow user to communicate with sifchain company. Step to reproduce : 1 Go to...

Sifchain: Bootstrap library is vulnerable

Summary: The identified library bootstrap, version 4.0.0 is vulnerable Steps To Reproduce: Please upgrade to the latest version of bootstrap. Supporting Material/References: https://github.com/twbs/bootstrap/issues/28236 https://github.com/twbs/bootstrap/issues/20184 Impact XSS was possible in th...

Sifchain: Error Page Content Spoofing or Text Injection

i want to report a context spoofing or text injection at api-cryptoeconomics.sifchain.finance and market-data.sifchain.finance steps to reproduce: 1: Just browse this target on any browser 2: Target: https://api-cryptoeconomics.sifchain.finance/ 3: Then add any text or content after the "/" , i...

Sifchain: Sifchain Privacy Policy Webpage Uses Wordpress Default Template. Does Not Display Correct Privacy Policy.

NOTE: This report can, must and should be treated as informational! URL: https://sifchain.finance/privacy-policy/ Summary: The sifchain.finance Wordpress page contains a privacy policy, which is using a default template. This issue may open up potential legal dispute issues of website customers...

Sifchain: Wrong Url in Main page of sifchain.finance

Hello Sifchain team, I found that all the social media button is working properly except telegram button on the main page of sifchain.finance Misconfiguration on button can create bad reputation of a company as well as a genuine customer could not reach to a company through the mis-configured...

Sifchain: No Rate Limit protection in user subscription form

Summary: Hello I found your form that user can subscribe for any update has no rate limit protection. Step to reproduce 1. Visit http://sifchain.finance and move to subscribe form and enter email 2. click on sign-up button. 3. use burpsuite to intercept the request and send to intruder. 4. Clear...

Sifchain: Information Disclosure at one of your subdomain

Dear Team, Hope you are doing very well and safe. I was looking into your application and i find some bugs on your application which is disclosing internal port and also the ips. That can leads an attacker to do lots of serious attacks. Please verify:- https://rpc.sifchain.finance/...

Sifchain: Clickjacking /framing on sensitive Subdomain

Vulnerability Name : Clickjacking /framing Vulnerability Description : Clickjacking is an interface-based attack in which user is tricked into clicking on actionable content on a hidden website by clicking on some other content in a decoy website . Vulnerable Url :...