Skip to content

Latest commit

 

History

History
73 lines (72 loc) · 8.5 KB

TOPSIFCHAIN.md

File metadata and controls

73 lines (72 loc) · 8.5 KB
Raw

Top reports from Sifchain program at HackerOne:

  1. Subdomain Takeover At the Main Domain Of Your Site to Sifchain - 32 upvotes, $200
  2. xmlrpc.php And /wp-json/wp/v2/users FILE IS enable it will used for bruteforce attack and denial of service to Sifchain - 17 upvotes, $50
  3. Clickjacking Vulnerability in sifchain.finance to Sifchain - 11 upvotes, $0
  4. Information Disclosure on https://rpc.sifchain.finance/ to Sifchain - 10 upvotes, $0
  5. Wrong implementation of Telegram link on the main page for PC users to Sifchain - 7 upvotes, $100
  6. Subdomain Takeover on proxies.sifchain.finance pointing to vercel to Sifchain - 6 upvotes, $100
  7. Vulnerable for clickjacking attack to Sifchain - 6 upvotes, $0
  8. Email Spoofing on sifchain.finance to Sifchain - 6 upvotes, $0
  9. Path Transversal inside saveContracts.js to Sifchain - 6 upvotes, $0
  10. Clickjacking misconfiguration bug to Sifchain - 6 upvotes, $0
  11. wrong url in hackerone > goes to wix.com > unconnected to Sifchain - 5 upvotes, $200
  12. Wrong Url in Main Page to Sifchain - 4 upvotes, $200
  13. Private RSA key for Vagrant exposed in GitHub repository to Sifchain - 4 upvotes, $0
  14. A password in plain text in conf file to Sifchain - 4 upvotes, $0
  15. Cross Origin Resource Sharing Misconfiguration | Lead to sensitive information. to Sifchain - 4 upvotes, $0
  16. Flaws In Social media Icon on error page which can lead to financial loss to a company. to Sifchain - 4 upvotes, $0
  17. CORS misconfiguration to Sifchain - 4 upvotes, $0
  18. Private KEY of crypto wallet to Sifchain - 3 upvotes, $0
  19. RSA PRIVATE KEY discloser to Sifchain - 3 upvotes, $0
  20. ETHEREUM_PRIVATE_KEY leaked via Open Github Repository to Sifchain - 3 upvotes, $0
  21. Found key_adress and key_password in GitHub history to Sifchain - 3 upvotes, $0
  22. Email spoofing to Sifchain - 3 upvotes, $0
  23. No Rate Limit protection in user subscription form to Sifchain - 3 upvotes, $0
  24. Private eth key found to Sifchain - 3 upvotes, $0
  25. CORS Misconfiguration Leads to Sensitive Exposure on Sifchain main domain to Sifchain - 3 upvotes, $0
  26. Exposed Openapi Token to Sifchain - 2 upvotes, $0
  27. ETHEREUM_PRIVATE_KEY leaked to Sifchain - 2 upvotes, $0
  28. Social media links not working to Sifchain - 2 upvotes, $0
  29. CORS Misconfiguration to Sifchain - 2 upvotes, $0
  30. Wordpress Users Disclosure (/wp-json/wp/v2/users/) on sifchain.finance to Sifchain - 2 upvotes, $0
  31. Found a url on source code which was disclosing different juicy informations like ip addresses and available endponts to Sifchain - 2 upvotes, $0
  32. No Valid SPF Records/don't have DMARC record to Sifchain - 2 upvotes, $0
  33. Open S3 Bucket | information leakage to Sifchain - 2 upvotes, $0
  34. CORS (Cross-Origin Resource Sharing) origin validation failure -Any website can issue requests made with user credentials and read the responses to th to Sifchain - 2 upvotes, $0
  35. Error Page Content Spoofing or Text Injection to Sifchain - 2 upvotes, $0
  36. Bootstrap library is vulnerable to Sifchain - 2 upvotes, $0
  37. Possible Database Details stored in values.yaml to Sifchain - 2 upvotes, $0
  38. CORS (Cross-Origin Resource Sharing) origin validation failure to Sifchain - 2 upvotes, $0
  39. Possibility of DoS attack at https://sifchain.finance// via CVE-2018-6389 exploitation to Sifchain - 1 upvotes, $0
  40. mongodb credentials leaked in github to Sifchain - 1 upvotes, $0
  41. Information disclosure on Sifchain to Sifchain - 1 upvotes, $0
  42. HTTPS not enforced at dex.sifchain.finance to Sifchain - 1 upvotes, $0
  43. Cross-site Scripting (XSS) possible at https://sifchain.finance// via CVE-2019-8331 exploitation to Sifchain - 1 upvotes, $0
  44. Origin IP Disclosure Vulnerability to Sifchain - 1 upvotes, $0
  45. 4 xss vulnerability dom based cwe 79 ; wordpress bootstrap.min.js is vulnerable to Sifchain - 1 upvotes, $0
  46. ETHEREUM_PRIVATE_KEY leaked via github to Sifchain - 1 upvotes, $0
  47. Sifchain token leak to Sifchain - 1 upvotes, $0
  48. Clickjacking to Sifchain - 1 upvotes, $0
  49. CSRF in newsletter form to Sifchain - 1 upvotes, $0
  50. No Rate Limit in email leads to huge Mass mailings to Sifchain - 1 upvotes, $0
  51. Username disclosure at Main Domain to Sifchain - 1 upvotes, $0
  52. No valid SPF record found to Sifchain - 1 upvotes, $0
  53. Vulnerability : Email Spoofing to Sifchain - 1 upvotes, $0
  54. Linux Desktop application "sifnoded" executable does not use Pie / no ASLR to Sifchain - 1 upvotes, $0
  55. Vulnerable javascript dependency at Main domain to Sifchain - 0 upvotes, $0
  56. SSH server due to Improper Signature Verification to Sifchain - 0 upvotes, $0
  57. Email Spoofing bug to Sifchain - 0 upvotes, $0
  58. Dependency Confusion Vulnerability in Sifnode Due to Unclaimed npm Packages. to Sifchain - 0 upvotes, $0
  59. Signature Verification /// golang.org/x/crypto/ssh to Sifchain - 0 upvotes, $0
  60. information disclosure to Sifchain - 0 upvotes, $0
  61. clickjacking vulnerability to Sifchain - 0 upvotes, $0
  62. Clickjacking at sifchain.finance to Sifchain - 0 upvotes, $0
  63. Wrong Url in Main page of sifchain.finance to Sifchain - 0 upvotes, $0
  64. Wrong Implementation of Url in https://docs.sifchain.finance/ to Sifchain - 0 upvotes, $0
  65. Session Token in URL to Sifchain - 0 upvotes, $0
  66. No Valid SPF Records at sifchain.finance to Sifchain - 0 upvotes, $0
  67. Clickjacking /framing on sensitive Subdomain to Sifchain - 0 upvotes, $0
  68. Sifchain Privacy Policy Webpage Uses Wordpress Default Template. Does Not Display Correct Privacy Policy. to Sifchain - 0 upvotes, $0
  69. Information Disclosure at one of your subdomain to Sifchain - 0 upvotes, $0
  70. Design Issues at Main Domain to Sifchain - 0 upvotes, $0
  71. Misconfiguration Certificate Authority Authorization Rule to Sifchain - 0 upvotes, $0