CoinProject.info

Ethical Hacker

Dear [Company Security Team/IT Team],

I hope this email finds you well. My name is Trilok Dhaked, and I am a cybersecurity researcher. While conducting security research, I discovered a potential vulnerability affecting [Company’s Website/Application]. I would like to responsibly disclose this issue to help improve the security of your platform.

Hi  team

I  am a security researcher , ethical hacker , bug bounty hunter from india
while testing your website  I found a critical vulnerability by that I can have access to admin panel of website . Details are given below
Description:

The vulnerability enables attackers to bypass authentication mechanisms and gain unauthorized access to privileged accounts, posing significant risks to the confidentiality, integrity, and availability of the affected systems.

Technical Details

  • Vulnerability Type: Authentication Bypass
  • Affected Component: crypto_connect_ajax_process::log_in function
  • Root Cause: Arbitrary method call within the crypto_connect_ajax_process function
  • Attack Vector: Network
  • Severity: Critical
Steps to Reproduce:
1. Navigate to :   https://coinproject.info/wp-admin/admin-ajax.php?action=crypto_connect_ajax_process&method_name=register&param1=admin
2. Now go to. https://coinproject.info
3. I have access to admin panel (if not get admin panel reload the website)

Proof of Concept : unlisted video  https://youtu.be/MvYX5Fzi6l0

 

Impact:

  • Unauthorized access to administrative accounts.
  • Compromise of sensitive data.
  • Deployment of malicious content or malware.
  • Disruption of website functionality or availability.

Recommendations

Immediate Actions

  1. Update the Crypto Plugin:
    • Upgrade to the latest version of the Crypto plugin that addresses this vulnerability.
    • Verify compatibility with your WordPress installation before updating
    • Require 2FA for all privileged accounts to strengthen security.

Fix Them 

——
 
I have protected your company and saved it from a big loss so give me some appreciation Bounty  Reward.

I am sharing my PayPal ID with you.  
 
 
 
Minimum  Bounty  Reward for Critical BUG  P1 Type.
 
The bug I reported is part of type P1
 
 

 

Vulnerability severityBug bounty reward amount (in USD)
P1 (Critical)$5000
P2 (High)$2500
P3 (Medium)$1000
P4 (Low)$500
 
Please feel free to let me know if you have any other questions or need further information. 
 
I am happy to secure.
 

 

I hope this will be fixed soon. Feel free to let me know if you have any other questions.

 

I believe addressing this issue promptly will help protect your users and infrastructure. Please let me know the best way to report further details securely. I am happy to collaborate to ensure proper mitigation.

Looking forward to your response.

Best Regards,
Trilok Dhaked
Ethical Hacker
Email: [email protected]
LinkedIn: https://www.linkedin.com/in/trilokdhaked