+- 0Day Forums (https://zeroday.vip)
+-- Forum: Hacking & Exploits (https://zeroday.vip/Forum-Hacking-Exploits)
+--- Forum: Website Hacking (https://zeroday.vip/Forum-Website-Hacking)
+--- Thread: Got a critical Hole on freelancer.com and Fiverr.com (/Thread-Got-a-critical-Hole-on-freelancer-com-and-Fiverr-com)
Pages:
1
2
Got a critical Hole on freelancer.com and Fiverr.com - heirship820686 - 01-15-2020
Hello i got a critical security hole on freelancer.com and fiverr.com,
Is there any one who is willing to be part on exploitation kindly comment down.
RE: Got a critical Hole on freelancer.com and Fiverr.com - lorenzoloresz858 - 02-11-2020
Sorry, to confirm what you're asking. Are you looking for an account to exploit in order to demonstrate the vulnerability to collect a bug bounty ETC?
RE: Got a critical Hole on freelancer.com and Fiverr.com - shirleydbc - 02-12-2020
Quote:Hello i got a critical security hole on freelancer.com and fiverr.com
Do you have unrestricted/elevated back-end access?
RE: Got a critical Hole on freelancer.com and Fiverr.com - neigh315 - 04-28-2020
Quote:(02-12-2020, 05:42 AM)mothered Wrote:Hello i able to done Url tempering attack.in order to deposit virtual/fake $[To see links please register here]
Quote:Hello i got a critical security hole on freelancer.com and fiverr.com
Do you have unrestricted/elevated back-end access?
RE: Got a critical Hole on freelancer.com and Fiverr.com - permittedly182815 - 04-29-2020
Quote:(04-29-2020, 02:20 AM)zorayo Wrote:[To see links please register here]
Quote: (02-12-2020, 05:42 AM)mothered Wrote:Hello i able to done Url tempering attack.in order to deposit virtual/fake $[To see links please register here]
Quote:Hello i got a critical security hole on freelancer.com and fiverr.com
Do you have unrestricted/elevated back-end access?
Are you referring to web parameter tampering, by manipulating/exploiting the application data?
RE: Got a critical Hole on freelancer.com and Fiverr.com - mucking851277 - 05-01-2020
Quote:(04-29-2020, 08:43 AM)mothered Wrote:Able to edit the actual amount of deposit.by editing http request in order by doing Url tempering...[To see links please register here]
Quote: (04-29-2020, 02:20 AM)zorayo Wrote:[To see links please register here]
Quote: (02-12-2020, 05:42 AM)mothered Wrote:Hello i able to done Url tempering attack.in order to deposit virtual/fake $[To see links please register here]
Do you have unrestricted/elevated back-end access?
Are you referring to web parameter tampering, by manipulating/exploiting the application data?
The hole is working on Upwork.com too
![[Image: 0847b62897417cd58473a1ba389602ec.jpg]](https://uploads.tapatalk-cdn.com/20200501/0847b62897417cd58473a1ba389602ec.jpg)
Quote: (05-01-2020, 06:03 AM)zorayo Wrote:I just link my paypal account and just done deposit of $1 and while redirecting(bouncing back to the checkout page) i edit the request and make it like $1000,$2000,$3000....[To see links please register here]
Quote: (04-29-2020, 08:43 AM)mothered Wrote:Able to edit the actual amount of deposit.by editing http request in order by doing Url tempering...[To see links please register here]
Quote: (04-29-2020, 02:20 AM)zorayo Wrote:[To see links please register here]
Hello i able to done Url tempering attack.in order to deposit virtual/fake $
Are you referring to web parameter tampering, by manipulating/exploiting the application data?
The hole is working on Upwork.com too
The fund works to pay for any client over the freelancer platform..
RE: Got a critical Hole on freelancer.com and Fiverr.com - eurus406 - 06-25-2020
Where's the money coming out of? Does it come out of the paypal account you link, or does it just create the funds from thin air? Also have you cashed it out yet? How do you know that the $500 isn't just a front end display and the server has the actual value stored internally?
RE: Got a critical Hole on freelancer.com and Fiverr.com - proequality566787 - 07-03-2020
Quote:(06-25-2020, 06:42 PM)Stratus Wrote:That's a great question i want to find out myself too. I'm interested in hacking these "freelancer" companies.[To see links please register here]
Where's the money coming out of? Does it come out of the paypal account you link, or does it just create the funds from thin air? Also have you cashed it out yet? How do you know that the $500 isn't just a front end display and the server has the actual value stored internally?
RE: Got a critical Hole on freelancer.com and Fiverr.com - befountained13632 - 09-02-2020
My guess is this is just a visual bug.
The system will probably block the cashout.
RE: Got a critical Hole on freelancer.com and Fiverr.com - taganmmlgb - 05-19-2021
Sounds interesting. Have they fixed it? I don't think that such services have strong security systems. Any vulnerability can remain unfixed for months, if not years. Recently I tried to find something on
[To see links please register here]
, but they seem fine. Also, I would not expect decent bug bounty compensation from freelance services. They don't have a lot of valuable data. Compared to messengers, they have nothing at all. Maybe get some personal data of freelancers, but what's the point? Perhaps really, it was just a visual bug.