Dark C0d3rs

Dark C0d3rs > Exploit Log > Research Papers/Vulnerability reports > HackerOne Disclosed Reports - 2025-03-06
Full Version: HackerOne Disclosed Reports - 2025-03-06
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

hashXploiter

03-07-2025, 07:00 PM
Logo
Critical
resolved

Sale cancellations from other sellers without restrictions


Bug reported by capablanca was disclosed at March 6, 2025, 7:52 pm   |   Insecure Direct Object Reference (IDOR)

The summary is as follows:

A vulnerability was reported that allowed sale cancellations from other sellers without restrictions. The issue was acknowledged and addressed by MercadoLibre.


Logo
Low
resolved

Exposing debug.log file leads to server full path disclosure


Bug reported by Mahmoud Khaled was disclosed at March 6, 2025, 2:02 pm   |   Information Disclosure


Logo
Critical
resolved

SQLi | in URL paths


Bug reported by mmakingdom was disclosed at March 6, 2025, 11:54 am   |   SQL Injection

A SQL Injection vulnerability was discovered in the customerId parameter of the URL path. The vulnerability was demonstrated by adding a single quote to the customerId parameter, which resulted in an error message indicating that the application was vulnerable to SQL injection attacks. Tools such as SQLmap were used to confirm the vulnerability and gain access to the database.


Dark C0d3rs > Exploit Log > Research Papers/Vulnerability reports > HackerOne Disclosed Reports - 2025-03-06