Getting started
Learn about vulnerability types 
Getting started in bug bounties 
Test your knowledge
Free Web Application Challenges
Guides for your hunts 
ZSeano's Methodology
Effective Note Taking for bug bounties
Useful Resources 
Disclosed HackerOne Reports 
Our community
Endorsed Members
Hackevents 
Member Articles Boozt Fashion AB Program Statistics
28 total issues disclosed
$1,830 total paid publicly
Most disclosed (6 disclosures) — Violation of Secure Design Principles
Disclosed Reports
| Report Title | Vulnerability Type | Disclosed By | Severity | Disclosed on |
|---|---|---|---|---|
| [www.boozt.com] - Authentication bypass | Improper Authentication - Generic | ramsexy | Medium | 2018-05-25 |
| Users Unable to login using Gmail/Facebook on https://boozt-stage1.booztx.com/login | Improper Authentication - Generic | rey_7 | Medium | 2017-10-24 |
| No Confirmation During Email Change | None supplied | craxermgr | Medium | 2017-10-23 |
| No Session change on Password change | Insufficient Session Expiration | craxermgr | Medium | 2017-10-23 |
| Bruteforce Unlimited number of password attempts | Brute Force | chrisnagora | Critical | 2017-10-04 |
| Weak Password | Violation of Secure Design Principles | firestone | Low | 2017-10-04 |
| booztfashion.com URL should HTTPS | None supplied | nihad_rekany | No rating | 2017-09-18 |
| Password reset token issue | Improper Authentication - Generic | dilip_prakash | No rating | 2017-09-04 |
| Email link poisoning / Host header attack | None supplied | ramsexy | High | 2017-08-01 |
| Reflected XSS on www.boozt.com | Cross-site Scripting (XSS) - Generic | stefanofinding | No rating | 2017-08-01 |
| Git available containing passwords. | Privilege Escalation | xpathmaster | Critical | 2017-07-27 |
| Broken Authentication and Session Management(Session Fixation) | Improper Authentication - Generic | koshti25 | No rating | 2017-07-27 |
| Android app does not use SSL for login | Cryptographic Issues - Generic | nightwatch-cybersecurity | No rating | 2017-07-27 |
| Cookie Misconfiguration | Improper Authentication - Generic | abdulwahab | Medium | 2017-07-27 |
| ADB Backup is enabled within AndroidManifest | Information Disclosure | sfsecurityfirst | No rating | 2017-07-27 |
| Email spoofing at booztlet.com | Violation of Secure Design Principles | m7mdharoun | Critical | 2017-07-27 |
| PHP info page disclosure on http://www.day.dk/ | Information Disclosure | lalka | No rating | 2017-07-24 |
| Application code is not obfuscated -- OWASP M9 (2016) | Violation of Secure Design Principles | dineshdinz | High | 2017-02-24 |
| Bypass email validity in newsletter field | Violation of Secure Design Principles | helloworld152 | No rating | 2017-02-24 |
| xss in Theme http://bztfashion.booztx.com | Cross-site Scripting (XSS) - Generic | m7mdharoun | High | 2017-01-16 |
| Make victim buy in attacker's account without any idea - http://www.booztlet.com/ | Improper Authentication - Generic | inhibitor181 | No rating | 2016-10-31 |
| Potential Subdomain Takeover Possible | None supplied | zephrfish | No rating | 2016-10-22 |
| Http header injection | Violation of Secure Design Principles | gorkhali | No rating | 2016-09-19 |
| Host header poisoning leads to account password reset links hijacking | Information Disclosure | yassineaboukir | No rating | 2016-09-17 |
| XSS | Cross-site Scripting (XSS) - Generic | hacking79 | No rating | 2016-09-14 |
| Instance of Apache Vulnerable to Several Issues | Denial of Service | zephrfish | No rating | 2016-09-14 |
| No csrf protection on logout | Violation of Secure Design Principles | smii3 | No rating | 2016-09-10 |
| User Enumeration. | Information Disclosure | leet-boy | No rating | 2016-09-10 |