HackerOne Reports
Search through disclosed security reports
10,350 reports found
Showing 1 - 20
Hi Guys, **crud-file-server** allows to embed HTML in file names, which (in certain conditions) might lead to execute malicious JavaScript. ## Module **crud-file-server** This package exposes a directory and its children to create, read, update, and delete operations over http. https://www.npmjs.com/package/crud-file-server version: 0.7.0 Stats 0 downloads in the last day …
Hi Guys, There is SQL Injection in query-mysql module. Due to lack of sanitization of user input, an attacker is able to craft SQL query and get any data from the database. ## Module **query-mysql** Install this module in your project like dependency https://www.npmjs.com/package/query-mysql version: 0.0.2 Stats 0 downloads in …
This bug was reported directly to GitHub Security Lab.
I would like to report Remote Command Execution vulnerability in pullit It allows remote command execution such as reading or writing to the file system, and executing other programs under the current user running the pullit node executable. ## Module pullit https://www.npmjs.com/package/pullit version: 1.3.0 ### Description Display and pull branches …
## Steps To Reproduce: 1. Go to this URL ███ 2. Make an appointment 3. Choose send verification code to email 4. Enter random code 5. Intercept the request using burp 4. Click do intercept response and forward 5. Change false to true ## Impact bypass verification code
## Summary: A vulnerability in the Tor Browser 78.11.0esr and below allows a local or physical attacker to view metadata about v2 domains, namely the exact timestamp that a user connected to a v2 onion address while using either the --log or --verbose command line options. A local or physical …
Hi guys I noticed you are using unsafe host header in generating short links. #Details First i navigated to my account `https://socialclub.rockstargames.com/member/xerojuzto` Then i created a new message , and i clicked on share button which shortens the url for example From `https://socialclub.rockstargames.com/member/xerojuzto/feed/3073813190982488067` to `http://rsg.ms/517ae7c` I fetched the http requests …
**Description:** There is Reflected Cross site scripting issue at the following url: https://█████████ ## Proof Of Concept https://███████?████████=%22%3E%3Cimg%20src=x%20onerror=alert(document.domain)%3E █████ Best Regards @pelegn ## Impact Cookies Exfiltration SOAP Bypass CORS Bypass Executing javascript on the victim behalf ## System Host(s) ████████ ## Affected Product(s) and Version(s) ## CVE Numbers ## Steps …