Shan Journey

Summary:  Mixed content when logout merchants.google.com , mixed content load when user logout from https://merchants.google.com/ and redirect to http://www.google.co.id/accounts/Logout2?ilo=1&ils=s.ID&ilc=0&continue=https://merchants.google.com/mc&zx=-2055164642 Steps to reproduce: 1. Sign in to https://merchants.google.com/ 2. and then logout 3. load mixed content to http://www.google.co.id/accounts/Logout2?ilo=1&ils=s.ID&ilc=0&continue=https://merchants.google.com/mc&zx=-2055164642 Browser/OS: Mozilla Video : https://youtu.be/85BtW_4PVzQ ( unlisted) Picture : Timeline :  Google confirming it but this is duplicate. maybe next time got the bounty :D , wish me luck !

Summary Still can change wishlist URL although wishlist set to private, in conditional, when URL set to private, user can't change wishlist URL, but i found how to change URL although user set wishlist URL to Private Step To Reproduce :  1. login to store.line.me 2. go to wishlist -> setting, 3. turn on burp suite -> catch request when change url 4. set wishlist to private again. 5. and replay the request from step 3, This is not eligibly for bounty, although line side it's say this is bug, but not security bug. This mean, i need to try learn more and more. hehehe, wish me luck. Video : https://youtu.be/gyp3T7Cnw5c

It's funny, when i can reproduce it 4 days ago and make some video, the team said we’re unable to reproduce this issue following the steps you provided. it's i copy - paste with my report on hackerone   Hi, Summary partners.uber.com website is not expiring the user's session immediately after logout. when user logout, the session not expired, and still can send request and the server respond response with OKAY Steps to Reproduce: Log into the website - partners.uber.com Capture any request. For ex, profile edit page using burp proxy. Logout from the website. Replay the request captured in step 2 and notice it displays the proper response. Thanks, the team it's fixed this issue, and say this is was unvalidated issue.but the team won't to disclose report, finally after few roast, team agree to disclose. i try to contact hackerone team with support, because when i want to call hackerone team to my report, there's no option on my report. Last...

CSRF Issue On Tokopedia,  List of bug on Tokopedia : - http://v1nsh4n.blogspot.com/2017/05/tokopedia-csrf-to-create-new-store-for.html - http://v1nsh4n.blogspot.com/2017/05/tokopedia-csrf-on-report-item.html - http://v1nsh4n.blogspot.com/2017/05/tokopedia-csrf-on-change-picture-on.html - http://v1nsh4n.blogspot.com/2017/05/tokopedia-csrf-on-change-picture-login.html - http://v1nsh4n.blogspot.com/2017/05/tokopedia-csrf-on-open-store.html Halo, Saya menemukan sebuah bug CSRF di tokopedia Pendahuluan bug ini bisa mengubah user picture di login seal Vuln Request: POST /ajax/shop/shop-status.pl?action=event_re_open HTTP/1.1 Host: www.tokopedia.com User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0 Accept: */* Accept-Language: en-US,en;q=0.5 Content-Type: application/x-www-form-urlencoded Content-Length: 33 Origin: null Cookie: Some Cookie Connection: close action=event_re_open&s_id=[id toko]...

CSRF Issue On Tokopedia,  List of bug on Tokopedia : - http://v1nsh4n.blogspot.com/2017/05/tokopedia-csrf-to-create-new-store-for.html - http://v1nsh4n.blogspot.com/2017/05/tokopedia-csrf-on-report-item.html - http://v1nsh4n.blogspot.com/2017/05/tokopedia-csrf-on-change-picture-on.html - http://v1nsh4n.blogspot.com/2017/05/tokopedia-csrf-on-change-picture-login.html - http://v1nsh4n.blogspot.com/2017/05/tokopedia-csrf-on-open-store.html Halo, Saya menemukan sebuah bug CSRF di tokopedia Pendahuluan bug ini bisa mengubah user picture di login seal Vuln Request: POST /seal/save HTTP/1.1 Host: accounts.tokopedia.com User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Cookie: Somecookie Connection: close Upgrade-Insecure-Requests: 1 Content-Type: application/x-www-form-urlencoded Content-Length: 157 text=https%3...

CSRF Issue On Tokopedia,  List of bug on Tokopedia : - http://v1nsh4n.blogspot.com/2017/05/tokopedia-csrf-to-create-new-store-for.html - http://v1nsh4n.blogspot.com/2017/05/tokopedia-csrf-on-report-item.html - http://v1nsh4n.blogspot.com/2017/05/tokopedia-csrf-on-change-picture-on.html - http://v1nsh4n.blogspot.com/2017/05/tokopedia-csrf-on-change-picture-login.html - http://v1nsh4n.blogspot.com/2017/05/tokopedia-csrf-on-open-store.html Hi, saya menemukan CSRF di Laporkan barang Pendahuluan Bug ini untuk melaporkan barang dari toko lain dikarenakan tidak ada CSRF token dalam request Vuln Request: POST /ajax/product-e4.pl HTTP/1.1 Host: www.tokopedia.com User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0 Accept: */* Accept-Language: en-US,en;q=0.5 Content-Type: application/x-www-form-urlencoded Content-Length: 162 Origin: null Cookie: <some cookie> Connection: close type=4&element_id=170328516&r...

CSRF Issue On Tokopedia,  List of bug on Tokopedia : - http://v1nsh4n.blogspot.com/2017/05/tokopedia-csrf-to-create-new-store-for.html - http://v1nsh4n.blogspot.com/2017/05/tokopedia-csrf-on-report-item.html - http://v1nsh4n.blogspot.com/2017/05/tokopedia-csrf-on-change-picture-on.html - http://v1nsh4n.blogspot.com/2017/05/tokopedia-csrf-on-change-picture-login.html - http://v1nsh4n.blogspot.com/2017/05/tokopedia-csrf-on-open-store.html Halo, Saya menemukan sebuah bug CSRF di tokopedia Pendahuluan bug ini bisa mengubah user picture di profile picture POST /ajax/people-4.pl HTTP/1.1 Host: www.tokopedia.com User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0 Accept: application/json, text/javascript, */*; q=0.01 Accept-Language: en-US,en;q=0.5 Referer: https://www.tokopedia.com/people/9946238/edit Content-Type: application/x-www-form-urlencoded; charset=UTF-8 X-Requested-With: XMLHttpRequest Content-Length: 526 Co...