HackerOne Reports
Search through disclosed security reports
10,202 reports found
Showing 1 - 20
###Summary I have been working on the partner web portal and have noticed the referrals feature contains an issue where a user with limited privileges can create referrals in an unauthorized manner. ###Steps to Reproduce First you must authenticate with an administrator user and then invite another with limited privileges …
Hello, friends today when I was checking some sites I found this bug on your own website. ##Detalis XSS Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application …
- Change the edit policy of a Maniphest Task - Attempt to comment on the the task with a user who doesn't have access ## Impact Given a few users I spoke to believe restricting the edit policy blocks comments, This allows an underpriveleged user to gain access to carry …
##Description Hello. I often use mine `xp.ht` host as a beacon for SSRF/XSS payloads, and today one was triggered from the `https://███████████████/NSSI/controlcenterV2/index.htm?directlink&courses/classes/findstudent&&&&&&&&` endpoint (it was found in the Referer header) This domain isn't resolvable from outside, so I assume the request came from host in the internal network, connected to …
## Summary: Hi, I found a stored xss https://app.lemlist.com ## Steps To Reproduce: 1. go to https://app.lemlist.com/. 2. create or edit campaigns. 3. set the payload `/><svg src=x onload=confirm(document.domain);>` in the **Campaign Name**. 4. visit Buddies-to-Be tab . 5. click Add one on the right Top . or click on …
Hi Guys, **crud-file-server** allows to embed HTML in file names, which (in certain conditions) might lead to execute malicious JavaScript. ## Module **crud-file-server** This package exposes a directory and its children to create, read, update, and delete operations over http. https://www.npmjs.com/package/crud-file-server version: 0.7.0 Stats 0 downloads in the last day …
Hi Guys, There is SQL Injection in query-mysql module. Due to lack of sanitization of user input, an attacker is able to craft SQL query and get any data from the database. ## Module **query-mysql** Install this module in your project like dependency https://www.npmjs.com/package/query-mysql version: 0.0.2 Stats 0 downloads in …
**Summary:** There exists a Local File Inclusion vulnerability on https://████ due to a known vulnerability in the ZendTo library. This was fixed in [Version 5.16-6 Beta](https://zend.to/changelog.php), although ██████ is still running ZendTo 5.11. ## Impact This allows path traversal in a file name that is then returned to the user. …
Hi, I want to submit my report https://hackerone.com/reports/473811 for the Internet Bug Bounty. Snyk's writeup: https://snyk.io/blog/severe-security-vulnerability-in-bowers-zip-archive-extraction **My assessment on why this report might be eligible:** >To qualify, vulnerabilities must meet the following criteria: - Be implementation agnostic: vulnerability is present in implementations from multiple vendors or a vendor with dominant …
## Summary: Anyone can issue a PURGE request for any resource and invalidate your caches. That can lead to increased bandwidth costs but also potential Denial of Service attacks. ## Steps To Reproduce: 1. Fetching the resource headers, we can see in the X-Cache that the resource was a HIT …
This bug was reported directly to GitHub Security Lab.
This bug was reported directly to GitHub Security Lab.
I would like to report Remote Command Execution vulnerability in pullit It allows remote command execution such as reading or writing to the file system, and executing other programs under the current user running the pullit node executable. ## Module pullit https://www.npmjs.com/package/pullit version: 1.3.0 ### Description Display and pull branches …
## Summary: A CRLF Injection attack occurs when a user manages to submit a CRLF into an application. This is most commonly done by modifying an HTTP parameter or URL. ## Steps To Reproduce: Navigate to this URL █████: ``` ┌──(azab㉿kali)-[~] └─$ curl -i ███████ HTTP/1.1 307 Temporary Redirect Date: …
## Steps To Reproduce: 1. Go to this URL ███ 2. Make an appointment 3. Choose send verification code to email 4. Enter random code 5. Intercept the request using burp 4. Click do intercept response and forward 5. Change false to true ## Impact bypass verification code
I would like to report a `RCE` issue in the `tree-kill` module. It allows to execute `arbitrary commands remotely inside the victim's PC` # Module **module name:** `tree-kill` **version:** `1.2.1` **npm page:** `https://www.npmjs.com/package/tree-kill` ## Module Description > Kill all processes in the process tree, including the root process. ## Module …