Back to directory
WRITEUP #5555

Unsecured access to personal data of a million Leo Express users

XSSBroken authorization
by@ThomasOrlita(Thomas Orlita)
Program
Leo Express
Published
Jan 29, 2019
Added to HackDex
Sep 15, 2022
Read Full Writeuphttps://websecblog.com/vulns/leoexpress-personal-data/
RELATED WRITEUPS
Self-XSS to ATO via Site Features
XSSSelf-XSS
CVE-2024-45195: Apache OFBiz Unauthenticated Remote Code Execution (Fixed)
RCEForced browsing
How 100% Manual Hacking (Without Even Kali And Burp) Led To 2 Medium Vulnerabilities On YesWeHack
XSS
Basic HTTP Authentication Risk: Uncovering pyspider Vulnerabilities
XSSReflected XSS
Bypassing CSP via URL Parser Confusions : XSS on Netlify’s Image CDN
XSSCSP bypass

Built with ❤️ by Shubham Rawat