Ed


reports in last 90 days

10

disclosed resolved issues

1

disclosed informative issues

1

disclosed N/A issues

Listed on HackerOne — Updated on 2019/10/15

Bug Title Bug Type Found By Report Info Report Status

Low Domain takeover on http://doesfranshaveashell.com/ due to expiration

Privilege Escalation magic_spell Issue was not triaged


Time to close: 0 Days and 10 hours
Resolved

Low Chrome Extension is vulnerable to the self-DOS issues in case it process the security.txt with a big size

Denial of Service sp1d3rs Time to triage: 0 Days and 0 hours


Time to close: 0 Days and 1 hours
Resolved

Medium securitytemplate.site domain hijack

Improper Access Control - Generic drstache Time to triage: 0 Days and 1 hours


Time to close: 0 Days and 0 hours
Resolved

Critical Physical Laptop Takeover

Privacy Violation glassofbeer Time to triage: 0 Days and 0 hours


Time to close: 0 Days and 0 hours
Resolved

Medium Session cookie missing SecureFlag on git.edoverflow.com.

Information Disclosure tangent90ninety Time to triage: 0 Days and 0 hours


Time to close: 2 Days and 1 hours
Resolved

None Session Cookie Without Secure Flag

Violation of Secure Design Principles cybertiger Issue was not triaged


Time to close: 0 Days and 22 hours
Not-applicable

Low DOM XSS in edoverflow.com/tools/respond due to unsafe usage of the innerHTML property.

Cross-site Scripting (XSS) - DOM karel_origin Time to triage: 0 Days and 0 hours


Time to close: 0 Days and 0 hours
Resolved

Low Chrome Extension is vulnerable to the self-DOS issues in case it process the security.txt with a big size

Denial of Service sp1d3rs Time to triage: 0 Days and 0 hours


Time to close: 0 Days and 1 hours
Resolved

High Possible to redirect to a (non-existing) subdomain after logging in via GitHub (leaking the token)

Open Redirect jackds Time to triage: 0 Days and 0 hours


Time to close: 0 Days and 1 hours
Resolved

None Session Cookie Without Secure Flag,

Information Disclosure tangent90ninety Issue was not triaged


Time to close: 0 Days and 21 hours
Informative

Low Fix for self-DoS in Security-txt Chrome Extension.

Denial of Service karel_origin Time to triage: 0 Days and 0 hours


Time to close: 0 Days and 0 hours
Resolved

Low Oauth flow on the comments widget login can lead to the access code leakage

Improper Authentication - Generic sp1d3rs Issue was not triaged


Time to close: 0 Days and 0 hours
Resolved