I focus mainly on web applications of bigger and well-known companies.🏢 I also choose applications that allow saving a payment card.💳
In the table below are only fixed vulnerabilities.
| WWW | Company | Vulnerability | Details | ||
|---|---|---|---|---|---|
| Alza.cz | Alza.cz a.s. | Email Disclosure | Email address disclosure via order tracking | ||
|
12/2017
By searching for the order number, it was possible to obtain the user's email address (img)
|
|||||
| Att.com | AT&T Inc. | CORS Misconfiguration | Disclosure of user data via JavaScript exploit | ||
|
05/2020
|
|||||
| Damejidlo.cz | Dámejídlo.cz s.r.o. | XSS (Account Takeover), Open Redirect | Reflected XSS in the parameter GPS | ||
|
07/2020
Vulnerable parameters "lat" and "lng" in the new version of website (img)
|
|||||
| Eshop.dpp.cz | Dopravní podnik hl. m. Prahy | XSS | Reflected XSS, Stored XSS | ||
| Eshop-rychle.cz | Golemos s.r.o. | XSS (Administration Takeover), Session Fixation | Multiple Stored XSS | ||
| Foodpanda.com | Delivery Hero SE | XSS (Account Takeover) | Reflected XSS in the parameter GPS | ||
|
07/2020
Vulnerable all websites under foodpanda.com and foodora.com
Food delivery company in 16 countries (e.g. Sweden, Norway, Finland, Bulgaria, Thailand, Singapore...)
|
|||||
| Ifortuna.cz | Fortuna Entertainment Group | XSS (Session Hijacking), Open Redirect | Multiple Reflected XSS | ||
|
07/2020
Reflected XSS (6x) in various parts of the web application leading to session stealing
Open Redirect without user interaction
Vulnerable all language variants: ifortuna.cz, ifortuna.sk, efortuna.pl, efortuna.ro
|
|||||
| Intersport.cz | Intersport ČR s.r.o. | Payment bypass | Changing total order price | ||
|
09/2018
Changing total order price during payment process, including successful delivery
|
|||||
| Knihydobrovsky.cz | Knihy Dobrovský s.r.o. | Payment bypass | Changing total order price | ||
|
09/2018
Changing total order price during payment process, including successful delivery
|
|||||
| Kosik.cz | Košík.cz s.r.o. | XSS | Reflected XSS, Stored XSS | ||
|
08/2020
Save Stored XSS to billing address for all users
|
|||||
| Patro.cz | NWT a.s. | Payment bypass | Changing total order price | ||
|
09/2018
Changing total order price during payment process, including successful delivery
|
|||||
| Rohlik.cz | Velká Pecka s.r.o. | XSS (Session Hijacking), CSRF, Session Fixation, Broken Access Control, Business Logic, Open Redirect | Reported several vulnerabilities | ||
|
04/2020
Stored XSS
CSRF - insert XSS into account
Session Hijacking (XSS + HttpOnly)
Business Logic - purchase for free with 4$ order value
Acknowledgement
|
|||||
| Rohlikbistro.cz | Velká Pecka s.r.o. | Broken Access Control | Access to sensitive info via API | ||
|
06/2020
Insecure API end-point allowing to access to sensitive info(P1)
More information about the project: https://www.cleevio.com/rohlik-bistro
|
|||||
| Seznam.cz | Seznam.cz a.s | Email account takeover, XSS | Cookies Stealing -> Account takeover | ||
| Shoptet.cz | Shoptet a.s. | XSS (Administration Takeover), Session Fixation, Email Spoofing | Multiple Stored & Reflected XSS | ||
| Slack | Slack Technologies, Inc. | ULR Spoofing | Fake link in Slack conversation | ||
|
03/2020
|
|||||
| Slevomat.cz | Slevomat.cz, s.r.o. | XSS | Stored XSS | ||
|
07/2020
Unsecured username in flash-message after login (img)
(Fixed within 20 minutes from reporting 👍)
|
|||||
| T-mobile.com | T-Mobile US, Inc | Open Redirect | Open Redirect without user interaction | ||
|
12/2019
|
|||||
| Webareal.cz | Bohemiasoft s.r.o. | XSS (Administration Takeover) | Reflected XSS, Stored XSS | ||
| Upgates.cz | EVici webdesign s.r.o. | XSS, Local File Inclusion, Email Spoofing, SSRF, Session Fixation | Reported several vulnerabilities | ||