Lucene search
K

11 matches found

Hacker One
Hacker One
added 2017/10/19 7:37 p.m.13 views

LocalTapiola: High server resource usage on captcha (viestinta.lahitapiola.fi)

Short summary Hi, I noticed that the following report has been fixed and closed, however the bug has reappeared in different parameters: https://hackerone.com/reports/204208 Basic report information Summary: It is possible to generate a simple request which creates a high cpu/bandwidth consumptio...

6.6AI score
Exploits0
Hacker One
Hacker One
added 2017/02/22 6:3 p.m.16 views

LocalTapiola: Brute force unsubscription on /webApp/unsub_sb (viestinta.lahitapiola.fi)

Basic report information Summary: CSRF is an attack that tricks the victim into submitting a malicious request. It inherits the identity and privileges of the victim to perform an undesired function on the victim's behalf Description: Any user subscribed to Active Campaign, or admin too, attacker...

1.1AI score
Exploits0
Hacker One
Hacker One
added 2017/01/29 11:1 a.m.33 views

LocalTapiola: Test Page available with Server details on /r/test (viestinta.lahitapiola.fi)

Basic report information Summary: The default test page http://viestinta.lahitapiola.fi/r/test is accessible and presents the Adobe Campaign build info 8705 - not the latest version, and the installed instance name 'ac61tapiola'. Description: Self explanatory. Domain: viestinta.lahitapiola.fi...

6.9AI score
Exploits0
Hacker One
Hacker One
added 2017/01/25 5:57 p.m.19 views

LocalTapiola: Reflected XSS on iltakoulu_varkaus (viestinta.lahitapiola.fi)

Basic report information Summary: The ctx parameter in http://viestinta.lahitapiola.fi/webApp/iltakouluvarkaus, can be exploited to perform an XSS Attack. Description: When a user fills the form in the webpage, a POST request is sent to the server with multiple parameters POST...

Exploits0
Hacker One
Hacker One
added 2017/01/24 3:17 p.m.88 views

LocalTapiola: SQL Injection /webApp/cancel_iltakoulu regId parameter (viestinta.lahitapiola.fi)

Basic report information Summary: There is a SQL Injection vulnerability on http://viestinta.lahitapiola.fi/webApp/canceliltakoulu?regId=478836614&locationId=464559674 Domain: viestinta.lahitapiola.fi Steps To Reproduce: Tested on sqlmap framework with following command: ./sqlmap.py -u...

0.1AI score
Exploits0
Hacker One
Hacker One
added 2017/01/21 2:50 p.m.22 views

LocalTapiola: Sql injection on /webApp/sijoituswebinaari (viestinta.lahitapiola.fi)

Issue The reporter found a blind SQL Injection attack in an application in viestinta.lahitapiola.fi. Fix The issue was investigated and found to be valid. The fix was to remove the application as it was not needed. Reasoning The reported case was valid and within the scope of the bug bounty...

0.7AI score
Exploits0
Hacker One
Hacker One
added 2017/01/21 2:36 p.m.22 views

LocalTapiola: SQL Injection on /webApp/viivanalle (viestinta.lahitapiola.fi)

Issue The reporter found a blind SQL Injection attack in an application in viestinta.lahitapiola.fi. Fix The issue was investigated and found to be valid. The fix was to remove the application as it was not needed. Reasoning The reported case was valid and within the scope of the bug bounty...

0.7AI score
Exploits0
Hacker One
Hacker One
added 2016/12/14 2:37 p.m.26 views

LocalTapiola: SQL Injection in lapsuudenturva (viestinta.lahitapiola.fi)

Basic report information Summary: Hi, The ctxvarsemail parameter in http://viestinta.lahitapiola.fi/webApp/lapsuudenturva, can be exploited to perform an SQL Injection Attack. The parameter is ctxvarsemail Description: The value inside the ctx tag , doesn't properly sanitized to user input, it ca...

0.1AI score
Exploits0
Hacker One
Hacker One
added 2016/12/11 8:58 p.m.19 views

LocalTapiola: SQL Injection in sijoitustalous_peruutus (viestinta.lahitapiola.fi)

Issue The reporter found a time-based blind SQL Injection attack in an application in viestinta.lahitapiola.fi. Fix The issue was investigated and found to be valid. The fix was to remove the application as it was not needed. Reasoning The reported case was valid and within the scope of the bug...

1.5AI score
Exploits0
Hacker One
Hacker One
added 2016/12/03 8:23 p.m.214 views

LocalTapiola: /icons/README available on viestinta.lahitapiola.fi

Basic report information Summary: Informational message that the file http://viestinta.lahitapiola.fi/icons/README exists. Description: http://viestinta.lahitapiola.fi/icons/README exists. Domain: http://viestinta.lahitapiola.fi/ Browsers / Apps Verified In: any browser any client Steps To...

7.1AI score
Exploits0
Hacker One
Hacker One
added 2016/11/02 7:51 p.m.80 views

LocalTapiola: SQL Injection on /webApp/omatalousuk (viestinta.lahitapiola.fi)

I would like to report a SQL Injection vulnerability on viestinta.lahitapiola.fi Vulnerable Request: GET /webApp/omatalousuk?email=aaaaa HTTP/1.1 Host: viestinta.lahitapiola.fi User-Agent: Mozilla/5.0 Macintosh; Intel Mac OS X 10.12; rv:49.0 Gecko/20100101 Firefox/49.0 Accept: text/html, /; q=0.0...

0.1AI score
Exploits0
Rows per page
Query Builder