HackerOne Reports
Search through disclosed security reports
10,350 reports found
Showing 2001 - 2020
# Severity Medium # Impact Attackers can cause an application to be unreachable, causing a denial of service condition. # Details When a Rails application receives a request with either body or query parameters, these parameters are converted to a params hash. Hashes can be passed to the application in …
This report is related to a bug in PHP that has now been fixed and publicly disclosed. It was assigned CVE-2016-7412. The details are at: https://bugs.php.net/bug.php?id=72293 Disclosure was on Sep 15: http://www.openwall.com/lists/oss-security/2016/09/15/10 Thanks!
#Summary: The application allows the attacker to upload dangerous file types that can be automatically processed within the product's environment. #Steps To Reproduce: - Hit the browser and navigate to https://bi.owox.com and sign in. - Open The Chat window. - Upload any .rb or .php file . - Click on …
## Summary: [add summary of the vulnerability] ## Steps To Reproduce: [add details for how we can reproduce the issue] get cid = sql SQL query - SELECT user FROM dual CON_APP_MTNA HTTP Request `GET /selfcare/HomePageDisplay?cid=26%20AND%203*2*1=6%20AND%20498=498&location=MTNA HTTP/1.1 X-Requested-With: XMLHttpRequest Referer: https://selfcare.mtn.com.af:8083/selfcare/appmanager/selfcare/login Cookie: JSESSIONID=QZyyfPfpfWGsWJZP9fXGGPxJQpnpP5Lz9BgDvTr5HpZkkQGqvLL2!1814712056;TrackedProfileId=YW5vbnltb3VzXzkzNDEyOEtYK04zb2V3SDlkcmFRdCtHNWwydVE9PQ== Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip,deflate Host: selfcare.mtn.com.af:8083 User-Agent: …
**Description** Wordpress that have xmlrpc.php enabled for pingbacks, trackbacks, etc. can be made as a part of a huge botnet causing a major DOS/SSRF. The website ``play.mtn.co.za`` has the ``xmlrpc.php`` file enabled and could thus be potentially used for such an attack against other victim hosts. hackerone refferals #761722 ###Steps …
I would like to report a Command Injection vulnerability in the `systeminformation` package. It allows an attacker to inject arbitrary OS commands. # Module **Module name:** systeminformation **Version:** 4.26.10 **npm page:** `https://www.npmjs.com/package/systeminformation` ## Module Description System and OS information library for node.js. ## Module Stats Weekly downloads: 363.195 # Vulnerability …
### Summary An attacker is able to create new notes for a victim's private personal snippet. This attack leaks the title of the snippet on the attacker's activity page. The attacker is also able to edit/delete the note using the "id" value that is returned from the server after creating …
**Description:** It has been observed that the amazon s3 bucket which i believe belongs to DoD as it contains data related to Dod prod,admin,localhost documents and all is misconfigured as a result any unauthenticated users can access it without any restrictions ## Step-by-step Reproduction Instructions 1.Access following URL https://██████.s3.amazonaws.com/ so …
## Summary Reflected XSS on `████████`. ## Description During my explorations I found `█████████/search/node`, which provides a basic search functionality. If we search something, the value is reflected and not properly sanitized. For example if we search `██████████/search/node/chron0x` we can see in the javascript code: ```javascript [...] <script> //Early marking …
Arbitrary code execution vulnerability within the firewall software, GlassWire version 2.1.167 ## Impact After the program is installed, on first execution, it will attempt to load Wtsapi32.dll.dll from the user's PATH (without doing any checks to see if the file is signed). Attached is a demo leveraging this vulnerability to …
I noticed that there is the possibility to limit apptokens to not be able to access the filesystem. 1. Create a new apptoken in `https://server/settings/user/security` 2. Click the .. of your new apptoken and make it not allowed to access the filesystem 3. Log out 4. Navigate to `https://server/remote.php/dav` and …
## Summary: If libcurl is built against libssh `CURLOPT_SSH_HOST_PUBLIC_KEY_SHA256` is quietly ignored. As a result a SSH connection will be established even if the SHA256 key set doesn't match. ## Steps To Reproduce: 1. configure libcurl with libssh and build it 2. `curl --hostpubsha256 HOSTFINGERPRINTHERE sftp://example.tld/` Instead of failing due …
Directory listing can be found at 2 of `8x8.com` subdomains:- - https://speedtest.8x8.com - https://speedtest-uswest1.8x8.com ## Impact An attacker can see the whole directory structure of a particular directory, which can reveal sensitive information.
Hi team, I was able to execute XSS on ███████.gov Steps to produce - 1 -Turn on the burp intercepter 2- Go to https://██████.gov/xapi/statements?file"><script>alert(document.domain)</script> 3- In Intercepter add the following Headers Authorization: Basic eGFwaS10b29sczp4YXBpLXRvb2xz X-Experience-Api-Version: 1.0.1 4- when you send this GET request you will receive a response with XSS …
##Reproduction steps: Create a public group and public project. Go to public project settings and disable the project settings to members only. {F522796} If the attacker visits milestones via projects then may see 404 not found page. https://gitlab.com/victim-waka-waka/test-group-for-sharing/-/milestones/1 {F522797} But the attacker will view the project mile stones via groups. …
I have identified a Reflected Cross Site Scripting (XSS) vulnerability on the m.olx.co.id website. Vulnerable URL: https://m.olx.co.id/iklan/zundapp-1962-cafe-racer-250-cc-made-in-germany-IDA3GpU.html?ad_type=PL"><svg/onload=alert("XSS")><" Vulnerable Parameter: ad_type XSS Payload: PL"><svg/onload=alert("XSS")><" Steps to replicate is fairly simple. Just access the URL and the JavaScript gets reflected in response and gets executed on the browser. The Popup screenshot attached. …
It was identified that the android **com.basecamp.bc3 application**, contains a Webview where the loaded URLs are not sanitised properly. As this webview's functionality is extended via javascript interfaces and has the javascript enabled it is possible to inject arbitrary javascript code which will be executed by the application's webview and …