| [mtn.com.af] Multiple vulnerabilities allow to Application level DoS |
Business Logic Errors |
andridev_ |
High |
2021-09-28 |
| Reflected Cross-Site scripting in : mtn.bj |
Cross-site Scripting (XSS) - Reflected |
alimanshester |
High |
2021-09-26 |
| RCE Apache Struts2 remote command execution (S2-045) on [wifi-partner.mtn.com.gh] |
Code Injection |
pisarenko |
High |
2021-09-09 |
| information discloure via logs files at ==> https://ihelp.mtnbusiness.com/logfiles/Log_21-06-2021.txt |
Information Disclosure |
zero_or_1 |
High |
2021-08-20 |
| Email verification bypassed during sing up (https://developers.mtn.com/profile) |
Violation of Secure Design Principles |
ibrahimauwal__ |
Medium |
2021-08-19 |
| 2x Remote file inclusion within your VMware Instances |
Remote File Inclusion |
0x0luke |
Critical |
2021-08-19 |
| CVE-2018-6389 exploitation - using scripts loader |
Business Logic Errors |
devhug |
High |
2021-08-18 |
| No rate limit lead to otp brute forcing |
Brute Force |
aliyugombe |
High |
2021-08-16 |
| No rate limit in otp code sending |
Violation of Secure Design Principles |
aliyugombe |
Medium |
2021-08-16 |
| Blind SQL Injection |
SQL Injection |
lu3ky-13 |
Critical |
2021-08-14 |
| Reflected XSS on play.mtn.co.za |
Cross-site Scripting (XSS) - Reflected |
lu3ky-13 |
Medium |
2021-08-14 |
| Disclosure of internal information using hidden NTLM authentication leading to an exploit server |
External Control of Critical State Data |
z3lox |
High |
2021-08-04 |
| SQL Injection on the administrator panel |
SQL Injection |
z3lox |
Critical |
2021-07-29 |
| XMLRPC, Enabling XPSA and Bruteforce and DOS + A file disclosing installer-logs. |
Denial of Service |
tandav |
High |
2021-06-14 |
| Cross-Site Scripting through search form on mtnplay.co.zm |
Cross-site Scripting (XSS) - Generic |
droop3r |
Low |
2021-06-08 |
| Java Debug Console Provides Command Injection Without Privellage Esclation |
Code Injection |
rpbeast33 |
Critical |
2020-07-23 |
| Accessible Restricted directory on [bcm-bcaw.mtn.cm] |
Information Exposure Through Directory Listing |
tounsi_007 |
Medium |
2020-07-15 |
| SharePoint exposed web services in a subdomain |
Improper Access Control - Generic |
miguel_santareno |
Medium |
2020-05-16 |
| Week Passwords generated by password reset function |
Weak Password Recovery Mechanism for Forgotten Password |
tp9222 |
Low |
2020-05-09 |
| SQL Injection on cookie parameter |
SQL Injection |
w31rd0 |
High |
2020-05-03 |
| Unsafe cors sharing of admin users |
None supplied |
newbipath12 |
Medium |
2020-05-01 |
| OTP bypass - Unintended disclosure of OTP to client allows attacker to manage users' subscriptions |
Incorrect Authorization |
kcz |
Medium |
2020-04-11 |
| Information Disclosure Microsoft IIS Server service.cnf in a mtn website |
Information Disclosure |
miguel_santareno |
Medium |
2020-04-03 |
| Information Disclosure FrontPage Configuration Information /_vti_inf.html in https://www.mtn.co.za/ |
Improper Access Control - Generic |
miguel_santareno |
Medium |
2020-04-03 |
Getting started
Learn about vulnerability types 
Getting started in bug bounties 
Test your knowledge
Free Web Application Challenges
Guides for your hunts 
ZSeano's Methodology
Effective Note Taking for bug bounties
Useful Resources 
Disclosed HackerOne Reports 
Our community
Endorsed Members
Hackevents 
Member Articles