Glints is a job search platform based in Singapore, and they just got a 20M investment last year, they have a team in Taiwan as well.
In July 2021, I found Glints bug bounty program so I spent some time on it, and I found 4 vulnerabilities in total in the end.
The vulnerabilities I found could have:
- Stole every applicant’s personal information, including name, phone, birthday, resume, and email
- Stole every recruiter’s personal information, including name, job title, team name, and email
In other words, the attacker can steal all users’ information by exploiting the vulnerabilities.
Let’s see what it is.