BentBox.co Security Concerns
Please note that as of this writing, the majority of the problems discussed below have been addressed by the BentBox.co team. I will point out that they were fairly responsive and thankful for the issues that I presented them.
However there are still some of these problems that exist on their site.
On or around June 25th I discovered several security issues with the website BentBox.co. This website provides a platform for photographers and other artists to sell their work. I reached out to a well known security researcher whose name I wont mention until I get permission.
Following that individuals guidance I contacted the folks at BentBox.co where I provided them with the details of my findings. Over the course of the next few weeks we emailed a few times.
Below are the details of my findings.
Cookies are used to store session information. The
Continue reading →