Owox


reports in last 90 days

8

disclosed resolved issues

1

disclosed informative issues

2

disclosed N/A issues

Listed on HackerOne — Updated on 2019/10/15

Bug Title Bug Type Found By Report Info Report Status

High Server-side cache poisoning leads to the http://my.dev.owox.com inaccessibility

None supplied sp1d3rs Issue was not triaged


Time to close: 0 Days and 19 hours
Resolved

High Server-side cache poisoning leads to the http://my.dev.owox.com inaccessibility

None supplied sp1d3rs Issue was not triaged


Time to close: 0 Days and 19 hours
Resolved

Critical Broken Authentication & Session Management (Login Bypass) at support.owox.com

Improper Authentication - Generic k_jagdish Issue was not triaged


Time to close: 9 Days and 4 hours
Resolved

Critical Subdomain Takeover on OWOX.RU

Improper Authentication - Generic yynl Issue was not triaged


Time to close: 2 Days and 22 hours
Duplicate

Critical Subdomain Takeover on http://blog.owox.com/

Improper Authentication - Generic yynl Time to triage: 4 Days and 19 hours


Time to close: 6 Days and 2 hours
Informative

Low invalid URL parsing with and '@'

HTTP Response Splitting yynl Issue was not triaged


Time to close: 0 Days and 1 hours
Not-applicable

Low Direct IP Access

Information Disclosure ph_spade Issue was not triaged


Time to close: 6 Days and 19 hours
Not-applicable

No rating ClickJacking

UI Redressing (Clickjacking) blablaa Issue was not triaged


Time to close: 0 Days and 0 hours
Duplicate

Critical Subdomain takeover in many subdomains

Privilege Escalation haxormad Time to triage: 8 Days and 22 hours


Time to close: 0 Days and 0 hours
Resolved

Low Stored XSS at https://finance.owox.com/customer/accountList

Cross-site Scripting (XSS) - Generic sp1d3rs Issue was not triaged


Time to close: 0 Days and 14 hours
Resolved

Medium Access to Grafana Dashboard

Information Disclosure hackerish Issue was not triaged


Time to close: 2 Days and 17 hours
Resolved

No rating HTTP Response Splitting(CRLF injection) in bi.owox.com

Command Injection - Generic quistertow Issue was not triaged


Time to close: 3 Days and 5 hours
Resolved

Critical Subdomain Takeover on http://kiosk.owox.com/

Improper Authentication - Generic gaurang Issue was not triaged


Time to close: 0 Days and 18 hours
Resolved