+- Dark C0d3rs (https://darkcoders.wiki)
+-- Forum: Exploit Log (https://darkcoders.wiki/Forum-Exploit-Log)
+--- Forum: Research Papers/Vulnerability reports (https://darkcoders.wiki/Forum-Research-Papers-Vulnerability-reports)
+--- Thread: HackerOne Disclosed Reports - 2025-03-18 (/Thread-HackerOne-Disclosed-Reports-2025-03-18)
HackerOne disclosed reports - 2025-03-18 - hashXploiter - 03-19-2025
Critical
resolved
resolved
SSRF in Autodesk Rendering leading to account takeover
Bug reported by was disclosed at March 18, 2025, 6:48 pm | Server-Side Request Forgery (SSRF)
A server side request forgery (SSRF) vulnerability was discovered in Autodesk Rendering. The vulnerability could have allowed an attacker to gain control of a victim's account while they were logged in. Autodesk has fixed the vulnerability.
Medium
resolved
resolved
Django Debug Mode Enabled - Information Disclosure on api.wwm-dev.autodesk.com
Bug reported by ??? ℜ???? ??? was disclosed at March 18, 2025, 5:58 pm | Information Exposure Through Debug Information
The domain api.wwm-dev.autodesk.com was discovered to have Django debug mode enabled, which led to information disclosure. The issue was fixed by Autodesk.