Skip to content

Latest commit

 

History

History
73 lines (69 loc) · 7.54 KB

TOPOLX.md

File metadata and controls

73 lines (69 loc) · 7.54 KB
Raw

Back

Top reports from OLX program at HackerOne:

  1. XSS - main page - search[user_id] parameter to OLX - 135 upvotes, $0
  2. [Critical] Delete any account to OLX - 112 upvotes, $0
  3. SQL Injection on https://www.olx.co.id to OLX - 71 upvotes, $0
  4. web cache deception in https://tradus.com lead to name/user_id enumeration and other info to OLX - 59 upvotes, $0
  5. SQL Injection https://www.olx.co.id to OLX - 48 upvotes, $0
  6. Reflected XSS on https://www.olx.co.id/iklan/*.html via "ad_type" parameter to OLX - 35 upvotes, $0
  7. XSS inside HTML Link Tag to OLX - 29 upvotes, $0
  8. Public Vulnerable Version of Confluence https://confluence.olx.com to OLX - 29 upvotes, $0
  9. Reflected XSS in www.olx.co.id to OLX - 27 upvotes, $0
  10. Able to list user's public name, username, phone number, address, facebook ID... to OLX - 19 upvotes, $0
  11. Search Page Reflected XSS on sharjah.dubizzle.com through unencoded output of GET parameter in JavaScript to OLX - 18 upvotes, $0
  12. Updating and Deleting any Ads on OLX Philippines to OLX - 17 upvotes, $0
  13. Cross Site Scripting -> Reflected XSS to OLX - 17 upvotes, $0
  14. XSS Reflected at SEARCH >> to OLX - 17 upvotes, $0
  15. Subdomain Takeover (http://docs.olx.ph/ , http://calendar.olx.ph/, http://sites.olx.ph/) to OLX - 16 upvotes, $0
  16. Reflective XSS at olx.ph to OLX - 15 upvotes, $0
  17. XSS @ *.letgo.com to OLX - 14 upvotes, $0
  18. Bypass CSP frame-ancestors at olx.co.za, olx.com.gh to OLX - 13 upvotes, $0
  19. Combined attacks leading to stealing user's account to OLX - 12 upvotes, $0
  20. Reflected XSS on www.olx.co.id via ad_type parameter to OLX - 12 upvotes, $0
  21. Manipulating joinolx.com Job Vacancy alert subscription emails (HTML Injection / Script Injection) to OLX - 11 upvotes, $0
  22. stored XSS in olx.pl - ogloszenie TITLE element - moderator acc can be hacked to OLX - 11 upvotes, $0
  23. I found a way to instantly take over ads by other users and change them (IDOR) to OLX - 11 upvotes, $0
  24. XSS @ yaman.olx.ph to OLX - 10 upvotes, $0
  25. Arbitrary File Reading to OLX - 10 upvotes, $0
  26. Stored XSS in buy topup OLX Gold Credits to OLX - 10 upvotes, $0
  27. Reflected XSS on m.olx.co.id via ad_type parameter to OLX - 10 upvotes, $0
  28. Unauthorised access to olx.in user accounts. to OLX - 9 upvotes, $0
  29. Full Account Takeover to OLX - 9 upvotes, $0
  30. All Active user sessions should be destroyed when user change his password! to OLX - 9 upvotes, $0
  31. Bypass Rejected ads so user can view it as normal live ad. to OLX - 9 upvotes, $0
  32. load scripts DOS vulnerability to OLX - 9 upvotes, $0
  33. CSRF in account configuration leads to complete account compromise to OLX - 8 upvotes, $0
  34. Reflected XSS in www.olx.ph to OLX - 8 upvotes, $0
  35. Multiple vulnerabilities in http://blog.dubizzle.com/uae to OLX - 8 upvotes, $0
  36. Directory Listing of all the resource files of olx.com.eg to OLX - 7 upvotes, $0
  37. XSS on Meta Tag at https://m.olx.ph to OLX - 7 upvotes, $0
  38. blog.praca.olx.pl database credentials exposure to OLX - 7 upvotes, $0
  39. XSS @ *.olx.com.ar to OLX - 6 upvotes, $0
  40. Name, email, phone and more disclosure on user ID (API) to OLX - 6 upvotes, $0
  41. Reflected XSS in [olx.qa] to OLX - 6 upvotes, $0
  42. CSRF in delete advertisement on olx.com.eg to OLX - 6 upvotes, $0
  43. XSS in OLX.pl ("title" in new advertisement) to OLX - 6 upvotes, $0
  44. XSS yaman.olx.ph to OLX - 5 upvotes, $0
  45. XSS on Home page olx.com.ar via auto save search text to OLX - 5 upvotes, $0
  46. Stored XSS on contact name to OLX - 5 upvotes, $0
  47. Reflective XSS at m.olx.ph to OLX - 5 upvotes, $0
  48. yaman.olx.ph/wordpress is using a very vulnerable version of WordPress and contains directory listing to OLX - 5 upvotes, $0
  49. Reflected XSS at yaman.olx.ph to OLX - 4 upvotes, $0
  50. these are my old reports and still i have not receive any good replys, these all are Cross Site Scripting(XSS) issues: POC1: https://www.youtube.com/w to OLX - 4 upvotes, $0
  51. full path disclosure vulnerability at https://security.olx.com/* to OLX - 4 upvotes, $0
  52. Reflected XSS at m.olx.ph to OLX - 4 upvotes, $0
  53. Reflected XSS in OLX.in to OLX - 4 upvotes, $0
  54. REFLECTED CROSS SITE SCRIPTING IN OLX to OLX - 4 upvotes, $0
  55. Reflected XSS in olx.pt to OLX - 4 upvotes, $0
  56. Bypassing Phone Verification For Posting AD On OLX to OLX - 3 upvotes, $0
  57. cross-site scripting in get request to OLX - 3 upvotes, $0
  58. OLX is vulnerable to clickjaking to OLX - 3 upvotes, $0
  59. xss yaman.olx.ph to OLX - 2 upvotes, $0
  60. XSS and Open Redirect on https://jobs.dubizzle.com/ to OLX - 2 upvotes, $0
  61. XSS and HTML Injection https://sharjah.dubizzle.com/ to OLX - 2 upvotes, $0
  62. Full path disclosure vulnerability at http://corporate.olx.ph to OLX - 2 upvotes, $0
  63. Reflective XSS at dubai.dubizzle.com to OLX - 2 upvotes, $0
  64. olx.ph is vulnerable to POODLE attack to OLX - 2 upvotes, $0
  65. Server Version Of https://www.olx.ph/ to OLX - 2 upvotes, $0
  66. Reflected Cross Site scripting Attack (XSS) to OLX - 0 upvotes, $0

Back