Topcoder: IDOR at https://fast.trychameleon.com/observe/v2/profiles/ via uid parameter discloses users' PII data

Summary: Hello, A API on apps.topcoder.com/forums/ exposes the email of any user on topcoder.com and some PIIs name, surname, id. Steps To Reproduce: 1 Create a profile at topcoder.com 2 Go to apps.topcoder.com/forums and login forum 3 Entery any topic example:...

Topcoder: SSRF to AWS file read

Summary: after seeing the disclosure it looks like the bug was not fixed properly Steps To Reproduce: copy and paste the request below and paste it into Burpsuite repeater GET...

topcoder.com Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1180597 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website...

Topcoder: Blind stored XSS due to insecure contact form at https://www.topcoder.com leads to leakage of session token and other PII

Summary: I have discovered a blind stored cross site scripting vulnerability due to an insecure Contact form available here https://www.topcoder.com/contact-us/ This form does not properly sanitize user input allowing for the insertion and submission of dangerous characters such as angle brackets...

Topcoder: IDOR on deleting drafts on https://apps.topcoder.com/wiki/users/viewmydrafts.action via discardDraftId parameter

Hi : On https://apps.topcoder.com/wiki/users/viewmydrafts.action, you can see your drafts, edit or delete them. Users can delete their own drafts on https://apps.topcoder.com/wiki/users/viewmydrafts.action?discardDraftId=. But there is no check and an attacker can change discardDraftId and delete...

Topcoder: CSRF on https://apps.topcoder.com/wiki/users general and email preferences

Summary: Hi : There is a CSRF on setting general and email preferences. Steps To Reproduce: There is no CSRF token or anything like that on https://apps.topcoder.com/wiki/users/editmypreferences.action and https://apps.topcoder.com/wiki/users/editemailpreferences.action . I added the poc html fil...

Topcoder: CSRF on https://apps.topcoder.com/wiki/users/editmyprofilepicture.action

Summary: Hi : There is a CSRF on uploading user profile photo and saving it. Steps To Reproduce: There is no CSRF token or anything like that on https://apps.topcoder.com/wiki/users/editmyprofilepicture.action . I added the poc html files below. Attacker can upload a new profile photo and update...

Topcoder: CSRF on https://apps.topcoder.com/wiki/users/editmyprofile.action

Summary: Hi : There is a CSRF on changing user details. Steps To Reproduce: There is no CSRF token or anything like that on https://apps.topcoder.com/wiki/users/editmyprofile.action . I added the poc html file below. When someone opens this html file, or we can add it into our website, victim's...

Topcoder: CSRF on https://apps.topcoder.com/wiki/pages/doattachfile.action

Summary: Hi : There is a CSRF on attaching files to wiki pages. Steps To Reproduce: There is no CSRF token or anything like that on https://apps.topcoder.com/wiki/pages/doattachfile.action?pageId= . I added the poc html file below. When someone opens this html file, or we can add it into our...

Topcoder: Stored XSS on https://apps.topcoder.com/wiki/pages/editpage.action

Summary: Hi : There is a stored XSS on wiki pages and it executes when editing page. Steps To Reproduce: After I submitted 867125, i realized that the vote macro causes stored XSS on wiki edit page. A user can edit wiki pages on https://apps.topcoder.com/wiki/pages/editpage.action?pageId=. Users...

Topcoder: Reflected XSS on error page on https://apps.topcoder.com/wiki/plugins/socialbookmarking/updatebookmark.action

Hi : In https://apps.topcoder.com/wiki/plugins/socialbookmarking/updatebookmark.action bookmarkPageId parameter expects a number value. If you add XSS payload instead of number, an error page displays with XSS. PoC...

Topcoder: CSRF on https://apps.topcoder.com/wiki/plugins/socialbookmarking/updatebookmark.action

Summary: Hi : There is a CSRF on creating bookmarks form. Steps To Reproduce: There is no CSRF token or anything like that on https://apps.topcoder.com/wiki/plugins/socialbookmarking/updatebookmark.action. I added the poc html file below. When someone opens this html file, or we can add it into o...

Topcoder: Post Based Reflected XSS on https://apps.topcoder.com/wiki/plugins/socialbookmarking/updatebookmark.action

Summary: Hi : A post based reflected XSS occurs when creating bookmarks. Steps To Reproduce: Title and Labels parameters are vulnerable to XSS on https://apps.topcoder.com/wiki/plugins/socialbookmarking/updatebookmark.action. This form uses POST request so i added HTML file below. When someone...

Topcoder: Reflected XSS on https://apps.topcoder.com/wiki/plugins/socialbookmarking/updatebookmark.action

Summary: Hi : A reflected XSS occurs when creating bookmarks. Steps To Reproduce: A user can create bookmarks on https://apps.topcoder.com/wiki/plugins/socialbookmarking/updatebookmark.action. In this url redirect and url parameters are vulnerable to XSS. PoC:...

Topcoder: Stored XSS on https://apps.topcoder.com/wiki/plugins/socialbookmarking/updatebookmark.action

Summary: Hi : Adding javascript url causes to stored XSS when creating bookmark. Steps To Reproduce: Go to https://apps.topcoder.com/wiki/plugins/socialbookmarking/updatebookmark.action . Write javascript:alertdocument.domain on url input and fill other areas. After create, go...

Topcoder: Reflected XSS on https://apps.topcoder.com/wiki/pages/createpage.action

Summary: Hi : A reflected XSS occurs on https://apps.topcoder.com/wiki/pages/createpage.action when creating wiki pages. Steps To Reproduce: A user can create wiki pages on https://apps.topcoder.com/wiki/pages/createpage.action?spaceKey=tcwiki. In this url parentPageString and labelsString...

Topcoder: Reflected XSS on https://apps.topcoder.com/wiki/page/

Summary: Hi : A reflected XSS occurs on https://apps.topcoder.com/wiki/pages/doeditattachment.action when editing wiki pages attachments. Steps To Reproduce: A user can add attachments on https://apps.topcoder.com/wiki/pages/viewpageattachments.action?pageId=165871793 a wiki page and can edit on...

Topcoder: Reflected XSS on https://apps.topcoder.com/wiki/

Summary: Hi : A reflected XSS occurs on https://apps.topcoder.com/wiki/plugins/tinymce/wysiwyg-insertlink.action when creating wiki pages. Steps To Reproduce: A user can create wiki page on https://apps.topcoder.com/wiki/pages/createpage.action?spaceKey=tcwiki. A url can be inserted this page. Wh...

Topcoder: SVG file upload leads to XML injection

Summary: Upload Avatar option allows the user to upload image/ . Thus enabling the upload of many file formats including SVG files MIME type: image/svg+xml SVG files are XML based graphics files in 2D images. Thus, this opens up an attack vector to upload specially crafted malicious SVG files. Th...

Topcoder: Reflected-XSS on https://www.topcoder.com/tc via pt parameter

Summary: I Found an XSSReflected at the URL mentioned and the injected parameter is: pt Steps To Reproduce: 1-go to this URL https://www.topcoder.com/tc?module=ReviewBoard&pt=1 $$you will recognize that is parameter pt is reflecting its value into the page 2- try injecting this parameter with HTM...