Vulnerability Summary
HackerOne disclosed report --> https://hackerone.com/reports/3721519 by rox-11
The Liberapay profile of Liberapay team member at liberapay.com/martindelille contains a link to an expired Twitter account, creating a Broken Link Hijacking (BLH) vulnerability. An attacker could register the expired handle and control what appears to be an officially linked social media account.
On the donation page at https://liberapay.com/martindelille/donate, Liberapay displays a "Recipient Identity" section stating: "We have confirmed through an automated verification process that martindelille has control of the following accounts on other platforms:" - including the expired Twitter account. This falsely confirms to donors that the account is legitimate and verified.
Note: martindelille is a Liberapay team member (developer/translator/community manager). This account should not be claimed by security researchers as it would directly impersonate an official team member.
pyus3rA Open Redirect vulnerability was identified within an OAuth authorization flow endpoint. The vulnerability occurs because the callback_url (or equivalent redirect parameter) is validated using an insecure string prefix match instead of exact parsing.
pyus3rA base64-encoded query parameter on a login/terms acceptance page was decoded and used directly in window.location.href with only protocol validation — no domain check. The writeup covers tracing the vulnerable code in the Angular bundle, crafting the payload, and why the legitimate branding makes this particularly effective for phishing.
hackerone-reportsHackerOne disclosed report --> https://hackerone.com/reports/3599248 by marioniangi
No comments yet.
Be the first to share your thoughts
Log in to join the discussion.
Sign In