ftcash

12/01/2023

12:22 PM bug_infosecbridge Bug #2209 (New): User is able to create invoice for a different store

POST /app/mdashboard/create-email-invoice
User can create invoice for a different store by changing user_id param... arvind singh

11:24 AM bug_infosecbridge Bug #2207 (New): Phone numbers of client's getting leaked through urls

Please check https://web.archive.org/web/*/https://fintech.ftcash.com/* arvind singh

11:02 AM bug_infosecbridge Bug #2206 (New): Rate limit not implemented in forgot password API

Email qouta can be misused by an automation script arvind singh

11/27/2023

12:13 PM bug_infosecbridge Bug #2199 (New): Multiple Email in API - /app/payment/create_direct_payment

User is able to add comma separated multiple emails
POST /app/payment/create_direct_payment HTTP/2
Host: www.ftca... arvind singh

12:13 PM bug_infosecbridge Bug #2198 (New): Amount Type Issue in API - /app/payment/create_direct_payment

User is able to add any value e.g negative values and alphabets in amount field
POST /app/payment/create_direct_p... arvind singh

12:12 PM bug_infosecbridge Bug #2197 (New): Twitter Keys Leaked in Android App source code

In android code twitter key and secret key found in a flat file. This poses a significant security risk as it can lea... arvind singh

12:11 PM bug_infosecbridge Bug #2196 (New): https://py.ftcash.com/xx url can be easily generated

This url can be easily generated using a simple script, since 4 digit alphabates used to generate this link, this pa... arvind singh

12:11 PM bug_infosecbridge Bug #2195 (New): XSS in API - /app/payment/create_direct_payment

XSS payload accepted in amount field
POST /app/payment/create_direct_payment HTTP/2
Host: www.ftcash.com
Cooki... arvind singh