Skip to content

Latest commit

 

History

History
41 lines (41 loc) · 4.3 KB

radancy.md

File metadata and controls

41 lines (41 loc) · 4.3 KB

Reports in radancy program:

S.No Title Bounty
1 Facebook and twitter page claimed of maximum.com [important] $0.0
2 Microsoft IIS tilde directory enumeration $0.0
3 Application error message $0.0
4 The POODLE attack (SSLv3 supported) $0.0
5 RC4 cipher suites detected $0.0
6 RC4 cipher suites detected $0.0
7 Application error message $0.0
8 SSL certificate invalid date $0.0
9 RC4 cipher suites detected $0.0
10 XSS $0.0
11 Possible to unsubscribe from activities using CSRF @ mijn.werkenbijdefensie.nl $0.0
12 Possible to view and takeover other user's education and courses @ mijn.werkenbijdefensie.nl $0.0
13 Cross-site Scripting (XSS) on [maximum.nl] $0.0
14 IDOR in editing courses $0.0
15 Open Redirect & Information Disclosure [mijn.werkenbijdefensie.nl] $0.0
16 Open redirect on https://werkenbijdefensie.nl/ $0.0
17 [Cross Domain Referrer Leakage] Password Reset Token Leaking to Third party Sites. $0.0
18 xss flash on http://presentatie.werkenbijmcdonalds.nl/ $0.0
19 [werkenbijmcdonalds.nl] Unsafe-inline in "script-src" results in "bootstrapping" or passing data to JavaScript from HTML pages. $0.0
20 Weak password $0.0
21 Ability To Takeover any account by Emaill. $0.0
22 Information disclosure through directory listing at http://dockerhost01.maximum.nl:8080 $0.0
23 Sql-inj in https://maximum.com/ajax/people $0.0
24 Wrong link on corne.maximum.nl $0.0
25 Developper's websites are easily accessibles leading to massive information disclosure $0.0
26 Version Disclosure (NginX) $0.0
27 XSS risk reduction with X-XSS-Protection: 1; mode=block header $0.0
28 'X-Forwarded-Host' key used in input without sanitation - possible cache poisoning $0.0
29 x-request-id header reflected in server response without sanitization $0.0
30 I can subscribe and unsubscribe any user with the same token for as many times as i want $0.0
31 [www.werkenbijbakertilly.nl] Information Disclosure $0.0
32 [www.werkenbijderet.nl] There is no rate limit for vacature-alert endpoints $0.0
33 [www.werkenbijbakertilly.nl] Denial of service due to incorrect server return can result in total denial of service. $0.0
34 [mijn.werkenbijdefensie.nl] Denial of service occurs due to lack of email length confirmation $0.0
35 Blind SSRF at packagist.maximum.nl $0.0
36 insecure storage of information, you can view any file uploaded to the server without authentication and only with a single link $0.0
37 Cross-origin resource sharing: arbitrary origin trusted $0.0
38 Admin account/panel takeOver and Doing actions in admin panel via DOM-based XSS $0.0