lpinca
commented
3 years ago I logged in but I can't read the report.
Closed ready-research closed 3 years ago
lpinca
commented
3 years ago I logged in but I can't read the report.
JamieSlome
commented
3 years ago @zidingz - just attaching you here for your reference.
zidingz
commented
3 years ago Hey @lpinca You should be able to have access to the report now. Let me know if issues persist ❤️
lpinca
commented
3 years ago Yes, it works now. Thanks. I've also pinged Arnout (@3rd-Eden) on Twitter.
akazemier-godaddy
commented
3 years ago I don't have access to the report either, but seems the same issue as reported previously on H1 about slash escaping. See SECURITY.md for ref.
3rd-Eden
commented
3 years ago FML, that was my work account :joy: ANYWAYS, I can't access it on this account :joy:
ready-research
commented
3 years ago @zidingz can you please help on this one. @3rd-Eden 2nd issue hostname spoofing is completely different from that H1 report. And 1st one too
zidingz
commented
3 years ago @3rd-Eden You should also have access now!
lpinca
commented
3 years ago @zidingz now I can no longer read the report :) Can we both have access or is it limited to only one maintainer?
3rd-Eden
commented
3 years ago I still can't access it either.
zidingz
commented
3 years ago @lpinca @3rd-Eden Apologies, fixed now!
Let me know if either of you still can't view. Will be on call here until you're all set.
3rd-Eden
commented
3 years ago ✅ Access is working here.
@lpinca @3rd-Eden I have reported a security issue in huntr https://www.huntr.dev/bounties/1625557993985-unshiftio/url-parse/ There are 2 attack scenarios possible for Open Redirect and Hostname Spoofing(Please take a look at the last comment)
Please validate and let us know your opinion on this. Thank you.