Chaturbate


reports in last 90 days

48

disclosed resolved issues

5

disclosed informative issues

0

disclosed N/A issues

Listed on HackerOne — Updated on 2019/10/15

Bug Title Bug Type Found By Report Info Report Status

High Reflected XSS on secure.chaturbate.com

Cross-site Scripting (XSS) - Reflected glc Time to triage: 0 Days and 5 hours


Time to close: 0 Days and 0 hours
Resolved

High Passive stored XSS at broadcast room

Cross-site Scripting (XSS) - Stored skavans Time to triage: 0 Days and 8 hours


Time to close: 0 Days and 21 hours
Resolved

Low Unrestricted POST request size on /customer_support/information_form/ endpoint

Violation of Secure Design Principles testingforbugs Time to triage: 2 Days and 22 hours


Time to close: 6 Days and 7 hours
Resolved

Medium DoS attacks utilizing camo.stream.highwebmedia.com

Denial of Service teuvokas Time to triage: 1 Days and 12 hours


Time to close: 20 Days and 14 hours
Resolved

Low The auto login link does not expire on changing email id

Improper Access Control - Generic whitehattushu Time to triage: 7 Days and 15 hours


Time to close: 16 Days and 2 hours
Resolved

Medium Form Replay in customer information form

Insufficiently Protected Credentials imran1121 Time to triage: 0 Days and 17 hours


Time to close: 0 Days and 1 hours
Resolved

Low Missing Rate Limitation at /photo_videos/photoset/create

Business Logic Errors m00hdi Time to triage: 3 Days and 3 hours


Time to close: 0 Days and 23 hours
Resolved

Medium Stored XSS in chat topic due to insecure emoticon parsing on any message type

Cross-site Scripting (XSS) - Stored avlidienbrunn Time to triage: 2 Days and 14 hours


Time to close: 2 Days and 17 hours
Resolved

High Passive stored XSS at broadcast room

Cross-site Scripting (XSS) - Stored skavans Time to triage: 0 Days and 8 hours


Time to close: 0 Days and 21 hours
Resolved

Low Stored XSS on chaturbate.com (wish list)

Cross-site Scripting (XSS) - Stored glc Time to triage: 0 Days and 6 hours


Time to close: 1 Days and 2 hours
Resolved

Low Open redirect on chaturbate.com (tipping/purchase_success)

Open Redirect glc Time to triage: 0 Days and 5 hours


Time to close: 0 Days and 1 hours
Resolved

Low Chaturbate "/chat_ignore_list/" endpoint does not check for Account status: Disabled before adding Ignore via POST

Business Logic Errors nismo Time to triage: 0 Days and 0 hours


Time to close: 2 Days and 1 hours
Resolved

Low No rate limit in stats api token endpoint

Brute Force betterknowme Time to triage: 0 Days and 5 hours


Time to close: 1 Days and 3 hours
Resolved

Low No rate limit in affiliate statsapi endpoint

Brute Force betterknowme Time to triage: 0 Days and 1 hours


Time to close: 0 Days and 0 hours
Resolved

Low Homograph attack on redirect URL

Violation of Secure Design Principles sam75434 Time to triage: 0 Days and 5 hours


Time to close: 0 Days and 0 hours
Resolved

Low Add non-existent room moderator

Improper Input Validation popeax Time to triage: 1 Days and 2 hours


Time to close: 0 Days and 0 hours
Resolved

High Blind SSRF at https://chaturbate.com/notifications/update_push/

Server-Side Request Forgery (SSRF) robin0oklay Time to triage: 0 Days and 5 hours


Time to close: 0 Days and 6 hours
Resolved

Low View Failed Approval and Pending videos other users

None supplied tismayil Time to triage: 0 Days and 13 hours


Time to close: 0 Days and 7 hours
Resolved

Low Open redirection at https://chaturbate.com/auth/login/

Open Redirect shailesh4594 Time to triage: 0 Days and 10 hours


Time to close: 0 Days and 8 hours
Resolved

High XSS on secure.chaturbate through SWF

Cross-site Scripting (XSS) - Reflected glc Time to triage: 0 Days and 5 hours


Time to close: 0 Days and 0 hours
Resolved

Low Update Chat Allowed By Option ( without age verification )

Business Logic Errors yuvraj_dighe Time to triage: 0 Days and 2 hours


Time to close: 4 Days and 3 hours
Resolved

Low CSRF on change video thumbnail at https://chaturbate.com

Cross-Site Request Forgery (CSRF) avinash_ Time to triage: 0 Days and 14 hours


Time to close: 4 Days and 2 hours
Resolved

Low Missing Rate Limitation at /apps/upload_app/

Business Logic Errors footstep Time to triage: 0 Days and 6 hours


Time to close: 4 Days and 2 hours
Resolved

Low Unrestricted POST request size on roomlogin endpoint

Denial of Service lucach Time to triage: 1 Days and 10 hours


Time to close: 0 Days and 20 hours
Resolved

None Missing CSRF Protection in /stats EndPoint.

Cross-Site Request Forgery (CSRF) kaustubh Issue was not triaged


Time to close: 1 Days and 7 hours
Informative