Jeioo
Live engagement · in progressOngoing penetration test of Jeioo — a social chat and music-streaming platform — covering the web application, external network, and internal network. Selected issues identified:
Critical2
- Admin panel authentication bypass
- Broken access control — unauthorized access to a privileged endpoint
High2
- API information disclosure
- Unauthenticated WebSocket connection
Medium5
- Broken access control — unauthorized endpoint access×2
- Unrestricted file upload×2
- Race condition (TOCTOU)
- Publicly exposed subdomain
- Missing CSRF protection
Low3
- Race condition (TOCTOU)
- Improper session termination — cross-account chat exposure on shared devices
- Missing rate limiting
Responsibly disclosed · severity levels indicative
Web appNetworkInternalManual testing