Navigation:   Dark C0d3rs Exploit Log Research Papers/Vulnerability reports HackerOne Disclosed Reports - 2026-01-20

HackerOne Disclosed Reports - 2026-01-20

0 Replies, 52 Views

 hashXploiter

   01-21-2026, 12:30 PM
Administrator
#1
Logo
Critical
resolved

[Critical] Unauthorized Cross-Tenant Data Access in Stripo AI Hub Campaign via Deleted Project.


Bug reported by No Code was disclosed at January 20, 2026, 4:01 pm   |   Improper Access Control - Generic

An unauthorized cross-tenant data access vulnerability was discovered in the Stripo AI Hub Campaign. The vulnerability allowed access to data from a deleted project. The issue was resolved.


Logo
High
resolved

Internal logs/info leaked via endpoint {https://203.137.128.240/server-status}


Bug reported by Oday Alhalabi was disclosed at January 20, 2026, 12:07 am   |   Information Disclosure

The server-status endpoint was accessible, allowing access to internal logs and information.


[Image: e72398fe92beda2aa80d0329e8b9f4febece7568.gif]



Users browsing this thread: 1 Guest(s)