Youxin Used Car App Has Logic Design Flaws

Youxin Used Car APP is a cell phone used car information buying service software. There is a logical design vulnerability in Ushin Used Car APP. Attackers can bombard the client with SMS messages by replaying packets that send CAPTCHA without restriction...

Logic Design Vulnerability in Tlink IoT Cloud Service Platform Android App

TLINK Internet of Things is an open platform for Internet of Things products of Shenzhen Analog Technology Co. A logical design vulnerability exists in the Android App password recovery function of Tlink IoT cloud service platform. It allows the attacker to send unlimited SMS to the modified cell...

BAIC's Android app has a CAPTCHA design flaw

BAIC Android app is an online mobile service software. A CAPTCHA design vulnerability exists in the BAIC Android app. The vulnerability is caused due to the captcha being transmitted in clear text and without conditional restrictions. With the password recovery feature, an attacker can continuous...

QIWI: [wallet.rapida.ru] Mass SMS flood

... или сказ о том, как я опрометчиво заказал себе рассылку из 300 смс. Шаги для воспроизведения: 1 Логинимся в wallet.rapida.ru 2 Идём в шаблоны и создаём себе шаблон для оплаты мобилы 3 Если вы до этого нигде не вводили 2FA код - то сейчас самая фишка - нас просят его ввести. 4 Ловим запрос и...

Uber: SMS Flood with Update Profile

SMS will send when user update the profile and keep updating the user profile will result in keep sending the SMS, Step to reproduce 1. Login to https://riders.uber.com 2. Go to https://riders.uber.com/profile 3. Update the Account Information, any field for Example FirstName 4. A SMS wil be...