IRCCloud


40 total issues disclosed

$6,850 total paid publicly


Most disclosed (12 disclosures) — Cross-Site Request Forgery (CSRF)

View disclosed reports



Disclosed Reports


Report Title Vulnerability Type Disclosed By Severity Disclosed on
IDOR with Geolocation data not stripped from images Insecure Direct Object Reference (IDOR) do_some_hack High 2020-07-26
[IRCCloud Android] Theft of arbitrary files leading to token leakage Privacy Violation bagipro High 2017-11-15
[IRCCloud Android] XSS in ImageViewerActivity None supplied bagipro Medium 2017-11-03
[IRCCloud Android] Opening arbitrary URLs/XSS in SAMLAuthActivity None supplied bagipro Medium 2017-11-03
Missing robots exclusion header for user uploads Improper Access Control - Generic d0rkerdevil Low 2017-10-27
Exposed, outdated nginx server (v1.4.6) potentially vulnerable to heap-based buffer overflow & RCE Memory Corruption - Generic cha5m No rating 2016-10-15
Cross Site Scripting(XSS) on IRCCloud Badges Page (using Parameter Pollution) Cross-site Scripting (XSS) - Generic rohitdua No rating 2016-07-09
Inadequate input validation on API endpoint leading to self denial of service and increased system load. Denial of Service mantis No rating 2015-10-12
Email verification links still valid after changing it 2x Violation of Secure Design Principles jackds No rating 2015-03-13
Weak password policy Improper Authentication - Generic internetwache No rating 2014-11-27
Missing Character Restriction Violation of Secure Design Principles harikrishnan_c No rating 2014-11-17
Password type input with auto-complete enabled Violation of Secure Design Principles harikrishnan_c No rating 2014-11-17
Bruteforce protection not enabled on the login page https://www.irccloud.com/ Cryptographic Issues - Generic born2hack No rating 2014-10-08
Unvalidated Channel names causes IRC Command Injection Cross-Site Request Forgery (CSRF) mantis No rating 2014-10-01
Persistent Cross Site Scripting within the IRCCloud Pastebin Cross-site Scripting (XSS) - Generic mantis No rating 2014-10-01
CSRF to Account Take Over Bug Cross-Site Request Forgery (CSRF) defmax No rating 2014-09-08
Host Header Injection - irccloud.com Violation of Secure Design Principles ethicalhacker No rating 2014-07-08
Reflected XSS in Pastebin-view Cross-site Scripting (XSS) - Generic pseudochu No rating 2014-06-28
User Account Creation CSRF Cross-Site Request Forgery (CSRF) chandrakant No rating 2014-06-25
Log Out Cross site Request Forgery Cross-Site Request Forgery (CSRF) gunda No rating 2014-06-13
Bruteforcing irccloud login Violation of Secure Design Principles eronx No rating 2014-05-26
iOS application does not destroy session upon logout. Improper Authentication - Generic uname No rating 2014-05-23
Login CSRF can be bypassed (Similar approach to previous one). Cross-Site Request Forgery (CSRF) uname No rating 2014-05-20
Unwanted Spamming Using CSRF [LOGGED IN USER] Cross-Site Request Forgery (CSRF) ashesh No rating 2014-05-17
Session cookie can be leaked over an unencrypted HTTP connection Violation of Secure Design Principles melvin No rating 2014-05-15
Unsecure cookies, cookie flag secure not set Violation of Secure Design Principles eronx No rating 2014-05-15
Bug in iOS application which could lead to unauthorised access. Improper Authentication - Generic uname No rating 2014-05-15
Missing X-Content-Type-Options Violation of Secure Design Principles shipcode No rating 2014-05-15
CSRF - Creating accounts Cross-Site Request Forgery (CSRF) internetwache No rating 2014-05-14
HTML Form without CSRF protection Cross-Site Request Forgery (CSRF) robin No rating 2014-05-14
Sign up CSRF Cross-Site Request Forgery (CSRF) eronx No rating 2014-05-14
Dangerous Persistent xss Cross-site Scripting (XSS) - Generic reporter No rating 2014-05-13
"SESSION" Cookie without HttpOnly flag set Improper Authentication - Generic ashesh No rating 2014-05-11
Login page password-guessing attack(Brute-force attack-High). Improper Authentication - Generic xss No rating 2014-04-26
Host Header is not validated resulting in Open Redirect Violation of Secure Design Principles anshuman_bh No rating 2014-04-24
Session Token is not Verified while changing Account Setting's which Result In account Takeover Cross-Site Request Forgery (CSRF) exploitprotocol No rating 2014-04-23
Login CSRF Cross-Site Request Forgery (CSRF) eronx No rating 2014-04-21
Full account takeover using CSRF and password reset Cross-Site Request Forgery (CSRF) melvin No rating 2014-04-14
Leaking Referrer in Reset Password Link Violation of Secure Design Principles eronx No rating 2014-04-12
DNS Misconfiguration None supplied chmosama No rating 2014-04-11