CS Money Program Statistics

View program

21 total issues disclosed

$4,600 total paid publicly

Most disclosed (4 disclosures) — None supplied

Disclosed Reports

Report Title Vulnerability Type Disclosed By Severity Disclosed on
Html injection on subscription email Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) benjamin-mauss Medium 2024-01-23
Able to blocking users with 2fa from login into their accounts by just knowing the SteamID Reliance on Cookies without Validation and Integrity Checking in a Security Decision benjamin-mauss Medium 2023-12-14
Authentication Bypass to (CVE-2023-2982) Authentication Bypass Using an Alternate Path or Channel smalx Low 2023-12-08
Previously created sessions continue being valid after MFA activation None supplied benjamin-mauss Medium 2021-05-18
Blind Based SQL Injection in 3d.sc.money SQL Injection sawmj No rating 2021-04-16
Origin IP found, Cloudflare bypassed Violation of Secure Design Principles sawmj Medium 2021-03-30
Cookie poisoning leads to DOS and Privacy Violation Privacy Violation benjamin-mauss High 2021-02-25
Blind XSS on image upload Cross-site Scripting (XSS) - Stored gatolouco High 2020-12-26
Content Spoofing/Text Injection in https://support.cs.money and JS file not minified and uglyfied which makes it clearly readable User Interface (UI) Misrepresentation of Critical Information rootishere Low 2020-11-12
Pixel Flood Attack leads to Application level DoS Denial of Service mr_vrush Low 2020-11-05
Site-wide CSRF on Safari due to CORS misconfiguration (not localhost) Cross-Site Request Forgery (CSRF) nnez Medium 2020-10-27
ReDoS at wiki.cs.money graphQL endpoint (AND probably a kind of command injection) Denial of Service mvm Medium 2020-10-27
Manipulate Uneditable Messages in Support Business Logic Errors ahmd_halabi High 2020-10-27
Improper authentication in the load sell inventory page Improper Authentication - Generic niggy No rating 2020-10-08
Server-side denial of service via large payload sent to wiki.cs.money/graphql Denial of Service michael7854 Medium 2020-10-05
Application DOS via specially crafted payload on 3d.cs.money None supplied enigmaticjohn Medium 2020-10-01
[cs.money] Open Redirect Leads to Account Takeover Improper Authentication - Generic abdilahrf_ Medium 2020-09-30
IDOR in https://3d.cs.money/ Insecure Direct Object Reference (IDOR) khoabda1 Medium 2020-09-28
Bypass restrict of member subscription to use custom background in https://3d.cs.money without prime subscription None supplied khoabda1 Medium 2020-09-28
Bypass Filter on link of build None supplied khoabda1 Low 2020-09-28
Internal Path Disclosure File and Directory Information Exposure mr_vrush Low 2020-09-11