Unikrn


reports in last 90 days

22

disclosed resolved issues

3

disclosed informative issues

0

disclosed N/A issues

Listed on HackerOne — Updated on 2019/10/15

Bug Title Bug Type Found By Report Info Report Status

Medium Rate Limit workaround in the message of the phone number verification

Brute Force dr_akm Issue was not triaged


Time to close: 37 Days and 7 hours
Resolved

Medium multiple vulnerabilities on your mautic server

None supplied xb00ck Time to triage: 3 Days and 10 hours


Time to close: 3 Days and 23 hours
Resolved

Low Persistent XSS found on bin.pinion.gg due to outdated FlowPlayer SWF file with Remote File Inclusion vulnerability.

Cross-site Scripting (XSS) - Generic sp1d3rs Time to triage: 3 Days and 20 hours


Time to close: 65 Days and 9 hours
Resolved

Medium Flash CSRF: Update Ad Frequency %: [cp-ng.pinion.gg]

Cross-Site Request Forgery (CSRF) geekboy Time to triage: 14 Days and 8 hours


Time to close: 31 Days and 12 hours
Resolved

Medium Escaping images directory in S3 bucket when saving new avatar, using Path Traversal in filename

Path Traversal sp1d3rs Time to triage: 0 Days and 0 hours


Time to close: 0 Days and 1 hours
Resolved

None bypass Claudflare access crm.mautic.com

None supplied b4a1d31dd4acbccc47b8072 Issue was not triaged


Time to close: 3 Days and 7 hours
Resolved

Low Path Disclosure Vulnerability http://crm.******.com

None supplied b4a1d31dd4acbccc47b8072 Time to triage: 0 Days and 0 hours


Time to close: 6 Days and 1 hours
Resolved

No rating █████████ on CRM server without authorization

None supplied b4a1d31dd4acbccc47b8072 Issue was not triaged


Time to close: 0 Days and 0 hours
Resolved

Low ssh: unprivileged users may hijack due to backdated ssh version open port found(███.unikrn.com)

Remote File Inclusion noob-walid Issue was not triaged


Time to close: 10 Days and 1 hours
Resolved

Medium Full Path Disclosure

None supplied xb00ck Issue was not triaged


Time to close: 0 Days and 23 hours
Informative

Medium Email abuse and Referral Abuse

None supplied professormoriart Issue was not triaged


Time to close: 3 Days and 4 hours
Informative

No rating [unikrn.com] Profile updated with error":true,"success":false"

None supplied rbcafe Issue was not triaged


Time to close: 10 Days and 7 hours
Informative

Low Rate-limit protection get executed in the last stage of the registration process, allowing enumeration of existing account.

Violation of Secure Design Principles tolo7010 Time to triage: 84 Days and 9 hours


Time to close: 117 Days and 23 hours
Resolved

Medium CSRF logs the victim into attacker's account

Cross-Site Request Forgery (CSRF) albatraoz Issue was not triaged


Time to close: 2 Days and 9 hours
Resolved

High CSRF in Raffles Ticket Purchasing

Cross-Site Request Forgery (CSRF) tolo7010 Issue was not triaged


Time to close: 7 Days and 11 hours
Resolved

No rating session_id is not being validated at email invitation endpoint

Cross-Site Request Forgery (CSRF) tolo7010 Issue was not triaged


Time to close: 0 Days and 0 hours
Resolved

High CSRF log victim into the attacker account

Cross-Site Request Forgery (CSRF) tolo7010 Time to triage: 1 Days and 2 hours


Time to close: 44 Days and 21 hours
Resolved

Medium Non-Cloudflare IPs allowed to access origin servers

Information Disclosure moritz30 Issue was not triaged


Time to close: 173 Days and 9 hours
Resolved

Medium Weak Session ID Implementation - No Session change on Password change

Insufficient Session Expiration wdem Issue was not triaged


Time to close: 6 Days and 16 hours
Resolved

Low Persistent XSS found on bin.pinion.gg due to outdated FlowPlayer SWF file with Remote File Inclusion vulnerability.

Cross-site Scripting (XSS) - Generic sp1d3rs Time to triage: 3 Days and 20 hours


Time to close: 65 Days and 9 hours
Resolved

Low Improper validation at Phone verification (possible cost increase + SMS SPAM attack)

Violation of Secure Design Principles nitesculucian Issue was not triaged


Time to close: 0 Days and 20 hours
Resolved

Medium Flash CSRF: Update Ad Frequency %: [cp-ng.pinion.gg]

Cross-Site Request Forgery (CSRF) geekboy Time to triage: 14 Days and 8 hours


Time to close: 31 Days and 12 hours
Resolved

High HTML injection in email in unikrn.com

Command Injection - Generic coreyd97 Time to triage: 0 Days and 4 hours


Time to close: 1 Days and 11 hours
Resolved

Medium Escaping images directory in S3 bucket when saving new avatar, using Path Traversal in filename

Path Traversal sp1d3rs Time to triage: 0 Days and 0 hours


Time to close: 0 Days and 1 hours
Resolved

No rating Urgent: Server side template injection via Smarty template allows for RCE

Code Injection yaworsk Time to triage: 0 Days and 2 hours


Time to close: 0 Days and 0 hours
Resolved