urbandictionary.com Cross Site Scripting vulnerability OBB-4043122

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Urban Dictionary: Bypass voting restriction due to HTTP Header Injection

It is possible to bypass the voting restriction by adding a specially crafted HTTP-Header. The underlying algorithm uses the ip address to restirct the voting of a user. However, by manipulating the IP-Adress via adding the HTTP-Header "X-Forwarded-For" it is possible to vote a entry up or down...

Urban Dictionary: Users able to set video url for unpublished words and able to see the name of unpublished words

Summary Users will be able to set youtube video URL to unpublished words and will be able to see names of an unpublished word. Description Once a user publishes a word and later unpublish it, others user still would be able to set the youtube video URL for it and will be able to see the name of t...

Urban Dictionary: See details of a unpublished word by guessing the word ID

https://www.urbandictionary.com/remove.form.php?reconsider%5Bdefidtoremove%5D=$id$ Example Word : https://www.urbandictionary.com/remove.form.php?reconsider%5Bdefidtoremove%5D=12504202 Impact Its is minor information disclosure in which any one see details of an unpublished word...

Urban Dictionary: Stored XSS on urbandictionary.com

hi team, I have found an XSS flaw on your site in add page. POC in this video...

Urban Dictionary: Source Code Disclosure

URL http://www.urbandictionary.com/phpinfo.php Identified Source Code An attacker can obtain server-side source code of the web application, which can contain sensitive data - such as database connection strings, usernames and passwords - along with the technical and business logic of the...

Urban Dictionary: Text injection on Auth problem at urbandictionary.com

A text injection bug was found and fixed. Simple text injection over Logout IDOR at Urban Dictionary :...

Urban Dictionary: Race condition in up voting and down voting

A race condition vulnerability was discovered in the up voting and down voting functionality of an online dictionary website. Multiple requests from parallel threads to vote on the same term could be accepted, allowing a user to vote more than once and potentially misrepresent the reputation of...

Urban Dictionary: Race Condition in Definition Votes

There exists a race condition vulnerability in definition votes, allowing any user to artificially manipulate the number of up/down votes for a definition by making asynchronous requests to vote. A malicious user can use this method to reach any number of up or down votes for a definition. See th...

Urban Dictionary (Official) - Customized SSL, External URLs, SD-card access vulnerabilities

HackApp vulnerability scanner discovered that application Urban Dictionary Official published at the 'play' market has multiple vulnerabilities...

Urban Dictionary: Cross-Site Scripting Vulnerability in urbandictionary.com

User can upload image for any definition available in urbandictionary.com. If anyone upload Invalid image file then you return a message through a url like this http://www.urbandictionary.com/cloudinarycors.html?error=Invalid+image+file Here the error parameter is vulnerable to xss. Impact When a...

Urban Dictionary: URGENT - Subdomain Takeover in support.urbandictionary.com pointing to Zendesk

Hi. I found out that one of your subdomain which is http://support.urbandictionary.com/ can be taken over or is vulnerable to subdomain takeover. If youre gonna visit the site... you will see saying: No help desk at support.urbandictionary.com There is no help desk configured at this address. Thi...

Urban Dictionary: Reflective Xss Vulnerability

The is located in here http://www.urbandictionary.com/define.php?term= in the snippet of code from your site // effectively breaking out and allowing you to add your own html code to the site Proof of concept link:...

Urban Dictionary: Open Redirection

Try to connect your facebook using this URL http://www.urbandictionary.com/auth/facebook?origin=http://google.com after connecting urbandictionary to FB you will be redirected to google.com and that is bad because hackers can get the auth token...