Global Hacktivity
Public, curated security activity across the platform.
CSRF at Self-close report function
It's important to note, that the lack of CSRF protection is generally out of scope, but I reported it, because this request is just a simple GET method. An attacker is able to craft an URL, what contains the ID of a report, and if the user, who has access to the report, clicks on it, the report is being self closed.
Cloudflare Transform via URL Injection (Potential SSRF Vulnerability)
A potential Server-Side Request Forgery (SSRF) vulnerability was identified in the Cloudflare image transformation feature via URL injection on the domain https://www.hckrt.com. The service allows arbitrary URLs to be processed through the /cdn-cgi/image/ endpoint, which may permit unauthorized internal or external requests.
About this feed
Global Hacktivity highlights selected security events published by the platform.
- Public by default
- Curated content only
- No sensitive details exposed
Submission policy
Hackrate
Our platform helps companies to identify software vulnerabilities in a cost-efficient way. It provides a secure and centralized view of ethical hacking projects for your company.
US Patent Applied for HackGATE #63/645,845
Products
From the Blog
-
Ministry of Regional Development of the Czech Republic Launches Public Bug Bounty Program with Hackrate
Jul 16 • 2 min read ★
-
Measuring the Success of Bug Bounty Programs: Outdated vs. Modern Approaches
Mar 25 • 4 min read
-
Why choose managed Vulnerability Disclosure Programs (mVDP)?
Aug 30 • 10 min read
Hackrate Ethical Hacking Platform |
2025 ©