Skip to main content
  1. Security/

Non-Verified User can Submit Report,View Disclosed Reports | Secuna bug bounty

·2 mins· loading · loading ·
Secuna bugbounty
Christian Angel
Author
Christian Angel
meh
I was able to find a bug that lets me submit report,edit profile and view disclosed reports in secuna while using a rejected or non-verified account.

Details
#

Currently i have 2 accounts at secuna.

As a verified user in Secuna you should be able to update your profile,submit reports,view disclosed reports and update payout method meanwhile if your account is not verified you should not be able to submit reports, view disclosed reports, update your profile and etc.

If you login using your non-verified secuna account you will be only redirected to https://app.secuna.io/account-verification

Since i already mapped out Secuna’s GraphQL Endpoint ( https://app.secuna.io/static/js/main.80713d8f.chunk.js)

Sample GraphQL Request:
#

Server Request

POST /api/graphql HTTP/1.1
Host: app.secuna.io
content-type: application/json
authorization: Bearer

{"operationName":"updateAboutHackerProfile","variables":{"bio":"meh","location":"Philippines","website":"https://ctulhu.me"},"query":"mutation updateAboutHackerProfile($bio: String!, $location: String, $website: String) {\n updateAboutHackerProfile(bio: $bio, location: $location, website: $website) {\n bio\n location\n socialMedia {\n github\n website\n facebook\n linkedin\n instagram\n }\n }\n}\n"}

This will update my Bio to “meh” Location to “Philippines” Website to “https://ctulhu.me” the Operation is set to “mutation” which will write followed by a fetch of Bio,location,socialmedia,github,website etc.

GraphQL Operations
#

In graphQL there are 3 types of operations:

  • query: a read‐only fetch.
  • mutation: a write followed by a fetch.
  • subscription: a long‐lived request that fetches data in response to source events.

Each operation is represented by an optional operationName and a selection set. If we send the above Request, We will receive the Response Below.

Server response

POST /api/graphql HTTP/1.1
Host: app.secuna.io
content-type: application/json
authorization: Bearer

{"data":{"updateAboutHackerProfile":{"bio":"meh","location":"Philippines","socialMedia":{"facebook":null,"github":null,"instagram":null,"linkedin":null,"website":"https://ctulhu.me"}}}}

Result
#

Secuna’s Response
#

#