Vulnerabilities

Vulnerabilites in Fundrequest platform

vulnerability title

*Vulnerability 1 : CSRF to update ETH wallet address in victims account *Vulnerability 2 : 2 : Victims account takeover using password reset link hijacking via host header posinoing

Auditor

@akhilcryptos

Overall Risk Severity (see OWASP Risk Rating)

Impact: HIGH
Likelihood: HIGH

Proposed solution

*for vulnerability 1 : Add CSRF Token *for vulnerbaility 2 : Refer http://www.skeletonscribe.net/2013/05/practical-http-host-header-attacks.html

Verification

*The team has fixed the reported vulnerabilites

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

vulnerabilities.md

vulnerabilities.md

Vulnerabilities

vulnerability title

Auditor

Overall Risk Severity (see OWASP Risk Rating)

Proposed solution

Verification

Files

vulnerabilities.md

Latest commit

History

vulnerabilities.md

File metadata and controls

Vulnerabilities

vulnerability title

Auditor

Overall Risk Severity (see OWASP Risk Rating)

Proposed solution

Verification