Click here, and get your free copy of our latest whitepaper

Vulnerability Disclosure

Hall of Fame

This is a summary of accepted vulnerabilities submitted by independent researches.

Date Reporter Status Reward Paid Description
11-11-2020 Cobalt Fixed Cross-Site Scripting (XSS)
17-11-2020 Cobalt Fixed Banner Disclosure
11-11-2020 Cobalt Fixed Clickjacking
11-11-2020 Cobalt Fixed Missing Validation on Max Number of Email Addresses
11-11-2020 Cobalt Fixed Missing Rate Limit on API Requests
11-11-2020 Cobalt Fixed Nginx DNS Resolver Off-By-One Heap
02-08-2021 Yukesh Kumar Fixed Sensitive Files/Information Disclosed
03-08-2021 Shubham dnyandev shete Fixed Sensitive Token Sent Over HTTP
06-08-2021 Prajit Sindhkar Fixed HTML Injection in dest parameter
07-08-2021 Takshal Patel Fixed Missing Authentication Check leading to unauthorised js file read and Application level Dos attack
09-08-2021 Pankaj Lakshkar Fixed Incomplete or No Cache-control and Pragma HTTP Header Set
10-08-2021 Shubham dnyandev shete Fixed Content Security Policy - Wildcard Directive
12-08-2021 Prajit Sindhkar Fixed XSS / HTML Injection in lang parameter
12-08-2021 Pankaj Lakshkar Fixed Missing Certificate Authority Authorization rule
12-08-2021 Pankaj Lakshkar Fixed Missing Password Max Character Validation
13-08-2021 Prajit Sindhkar Fixed Get Based Open Redirection
14-08-2021 Ravindra lakhara Fixed Authenticated XXE Within the Media Library Affecting PHP 8
14-08-2021 Ravindra lakhara Fixed Authenticated Password Protected Pages Exposure
14-08-2021 Bruce Fixed Password Reset Token Not Expire After Password Change
14-08-2021 Bruce Fixed Password Reset Token Not Expire After Issuing New Token
16-08-2021 Akash Fixed Missing Validation on User Names
17-08-2021 Takshal Patel Fixed Denial Of Service By Cache Poisoning / CORS Misconfiguration Lead to Sensitive Information Disclosed
18-08-2021 Kanhaiya Sharma Fixed Source Code disclosure
18-08-2021 Takshal Patel Fixed Lack of Password Confirmation for critical function
24-08-2021 Pankaj Lakshkar Fixed CLRF injection
03-09-2021 Mohmmad Nurnobi Fixed Insecure Email Change Leads account takeover
04-09-2021 Mohmmad Nurnobi Fixed Sensitive Token leaked to 3rd Party
11-09-2021 Sujan Shetty Fixed Wp-cron.php is enabled and accessible to any user
19-09-2021 Deepak Sharma Fixed HTML injection vulnerability on "s" parameter
27-09-2021 Karthic Kumar Fixed Directory Listing Disclosed
22-03-2022 Sumit Sahoo Fixed Cross-Site Scripting (XSS) and Insecure Direct Object Reference (IDOR)

want to submit your own? click here

Why TruTrip?
Solutions
Resources
Company
Follow Us

Copyright © 2024 TruTrip. All rights reserved