Public
Boozt Fashion AB
bug reports.
4,419
Bug Reports -
$2,030,173
Paid Out
Last Updated:
12th September, 2017
Team
Bounty
Title
Boozt Fashion AB
$60
Password reset token issue
Boozt Fashion AB
-
Application code is not obfuscated -- OWASP M9 (2016)
Boozt Fashion AB
-
Email spoofing at booztlet.com
Boozt Fashion AB
-
Bypass email validity in newsletter field
Boozt Fashion AB
$200
Email link poisoning / Host header attack
Boozt Fashion AB
-
Cookie Misconfiguration
Boozt Fashion AB
$400
Git available containing passwords.
Boozt Fashion AB
-
ADB Backup is enabled within AndroidManifest
Boozt Fashion AB
-
Http header injection
Boozt Fashion AB
$80
Make victim buy in attacker's account without any idea - http://www.booztlet.com/
Boozt Fashion AB
-
Broken Authentication and Session Management(Session Fixation)
Boozt Fashion AB
-
Host header poisoning leads to account password reset links hijacking
Boozt Fashion AB
$120
XSS
Boozt Fashion AB
$80
Instance of Apache Vulnerable to Several Issues
Boozt Fashion AB
$120
Potential Subdomain Takeover Possible
Boozt Fashion AB
-
Android app does not use SSL for login
Boozt Fashion AB
$250
xss in Theme http://bztfashion.booztx.com
Boozt Fashion AB
$60
PHP info page disclosure on http://www.day.dk/
Boozt Fashion AB
-
No csrf protection on logout
Boozt Fashion AB
-
User Enumeration.
Boozt Fashion AB
$100
Reflected XSS on www.boozt.com