Impersonation via Broken Link Hijacking on https://sv.hellosign.com

Disclosed by
CoffeeAddict_exe's avatar
CoffeeAddict_exe
  • Engagement Dropbox
  • Disclosed date over 2 years ago
  • Reward $300
  • Priority P4 Bugcrowd's VRT priority rating
  • Status Resolved This vulnerability has been accepted and fixed
Summary by Dropbox

This report demonstrates an unused social media account takeover. The unused social media account has been reclaimed.

Summary by CoffeeAddict_exe

Simple broken link hijacking bug in one of DropBox's websites were you could click on the twitter icon and be redirected to a malicious accout

Activity
  1. Kc_Zooropa’s avatar
    Kc_Zooropa Customer published the disclosure report

    ()

  2. CoffeeAddict_exe’s avatar
    CoffeeAddict_exe requested disclosure

    ()

  3. CoffeeAddict_exe’s avatar
    CoffeeAddict_exe sent a message

    ()

  4. boo_nj’s avatar
    boo_nj Customer rewarded CoffeeAddict_exe $300

    ()

  5. boo_nj’s avatar
    boo_nj Customer changed the state to Resolved

    ()

  6. boo_nj’s avatar
    boo_nj Customer rewarded CoffeeAddict_exe 5 points

    ()

  7. CoffeeAddict_exe’s avatar
    CoffeeAddict_exe resolved a blocker for Dropbox by responding to comments

    ()

  8. CoffeeAddict_exe’s avatar
    CoffeeAddict_exe sent a message

    ()

  9. boo_nj’s avatar
    boo_nj Customer created a blocker on the researcher to respond to comments

    ()

  10. boo_nj’s avatar
    boo_nj Customer sent a message

    ()

  11. CoffeeAddict_exe’s avatar
    CoffeeAddict_exe sent a message

    ()Edited

  12. CoffeeAddict_exe’s avatar
    CoffeeAddict_exe created the submission

    ()