Kartpay


reports in last 90 days

8

disclosed resolved issues

0

disclosed informative issues

0

disclosed N/A issues

Listed on HackerOne — Updated on 2019/10/15

Bug Title Bug Type Found By Report Info Report Status

No rating Error Page Content Spoofing or Text Injection [https://vpn.kartpay.com/]

Violation of Secure Design Principles c00lbugs Time to triage: 8 Days and 16 hours


Time to close: 0 Days and 0 hours
Resolved

No rating Reflected XSS on https://merchant.kartpay.com/payment_settings [status]

Cross-site Scripting (XSS) - Reflected todaytoday Time to triage: 3 Days and 0 hours


Time to close: 25 Days and 1 hours
Resolved

No rating XSS in https://merchant.kartpay.com/settlements

None supplied c00lbugs Time to triage: 8 Days and 15 hours


Time to close: 12 Days and 2 hours
Resolved

No rating Application Error disclosure, Verification token seen error and user able to change password

Improper Authentication - Generic amolcg Issue was not triaged


Time to close: 0 Days and 17 hours
Duplicate

Low Option method enabled in kartpay Webservers

Information Disclosure lollol1 Time to triage: 4 Days and 2 hours


Time to close: 32 Days and 17 hours
Resolved

Medium URl redirection

Open Redirect ayushoberoi Time to triage: 5 Days and 18 hours


Time to close: 13 Days and 8 hours
Resolved

High SMTP Failure Leads to Chain of Internal System Failure

Information Disclosure ihebhamad_ Time to triage: 0 Days and 19 hours


Time to close: 0 Days and 0 hours
Resolved

Low Captcha protection Bypass on Forgot password page

Violation of Secure Design Principles iheb_hamad1 Time to triage: 0 Days and 16 hours


Time to close: 19 Days and 5 hours
Resolved

Low Application Design issue for Phone Number field in Registration.

Information Exposure Through an Error Message eissen5c Time to triage: 0 Days and 1 hours


Time to close: 19 Days and 3 hours
Resolved