+- Dark C0d3rs (https://darkcoders.wiki)
+-- Forum: Exploit Log (https://darkcoders.wiki/Forum-Exploit-Log)
+--- Forum: Research Papers/Vulnerability reports (https://darkcoders.wiki/Forum-Research-Papers-Vulnerability-reports)
+--- Thread: HackerOne Disclosed Reports - 2025-08-23 (/Thread-HackerOne-Disclosed-Reports-2025-08-23)
HackerOne disclosed reports - 2025-08-23 - hashXploiter - 08-24-2025
Medium
resolved
resolved
PII Exposure via Email Confirmation Link – Email Embedded in Token & Leaked via Wayback Machine
Bug reported by Mantosh Sah was disclosed at August 23, 2025, 5:29 am | Information Disclosure
An email confirmation link used by Omise (dashboard.omise.co) included the user's email address directly embedded in a token that was visible in the URL. This token was archived publicly by the Wayback Machine (archive.org), resulting in public exposure of personally identifiable information (PII).