HackerOne Reports
Search through disclosed security reports
10,350 reports found
Showing 461 - 480
When we do Login with Facebook on the Zomato app, you're doing zero authentication of the user. I'm able to hack into the targeted user's accounts by just using the Facebook ID. Affected API raw request: POST /v2/auth.json?presentlat=28.66505699180115&useragent=model_iPod%20touch__os_9.3.5__v_7.0__t_iPod5,1&app_version=7.0&session_id=41&app_run_id=21&presentlon=77.32215271029096&lang=en&push_permission=1&isFacebook=true&channel_url=&uuid=█████████ HTTP/1.1 Host: 1api.zomato.com Accept-Language: en-IN;q=1, nl-IN;q=0.9, it-IN;q=0.8, de-IN;q=0.7, fr-IN;q=0.6 Accept: */* User-Agent: …
In your iOS application, there is Login with Google. In this, you're not authenticating a user properly and it can lead to access to user accounts. Affected API: https://www.instacart.com/api/v2/users/google_login_auth In this request, these are the parameters: access_token, client_id,id_token, login_only, read_terms. In the parameter: id_token, you're passing the token generated by …
Reported to the project maintainers in 2016. gre_print_0() and the functions modelled after it passed the value of "length" instead of the value of "caplen", this could make ether_print() access beyond the memory allocated for the captured packet. Fixed by https://github.com/the-tcpdump-group/tcpdump/commit/0db4dcafe5ae38201d3869c96a96cb714d82ff35.
Reported to the project maintainers in 2016. The function sig_print() did receive a correct caplen parameter value but didn't use it correctly which could result in a read outside of buffer. Fixed by https://github.com/the-tcpdump-group/tcpdump/commit/5d214e36eed3565fbdc0f9b527bbc33a6bb63972.
**Summary:** Hi team,i've been able to takeover subdomain at __info.hacker.one__, the CNAME entry in the subdomain is pointing to an external page service (app.unbounce.com). #### Actual Dns Entry: {F156764} #### Steps To Reproduce 1) I have claimed the domain and placed a page for PoC validation located under: Go to …
Hello, While I was looking at your renewn SSL certificated, I have noticed the following link : http://nodebb.ubnt.com/ I have seen that this link was protected by htaccess password, but I have decided to run a nmap scan. By running the following : ``` sudo nmap -sSV -p- 104.131.159.88 -oA …
## Description I found the endpoint using android app `https://p.grabtaxi.com/api/passenger/v2/profiles/edit` which allow me to bypass 2FA (sms code) due to lack of rate limiting\code expiration after unsuccessful attempts. The root cause of the problem it that facts: no rate limiting+ no code expiration. Since code has 4 digits, attacker just …
the vulnerability in your website is something called clickjacking or x-frame options header not set . when X-frame options header is not included in the HTTP the attacker can attack your website by clickjacking. so what is x-frame options? The X-Frame-Options HTTP response header can be used to indicate whether …
Affected URLs - ██████████blue/organizations/jenkins/pipelines ████████ ██████████ ████ Also notice that the information is transmitted in clear text as the server is running on HTTP. ## Impact An attacker can read or edit sensitive information belonging to █████ by abusing this vulnerability. ## System Host(s) ███████ ## Affected Product(s) and Version(s) …
## Summary: Hi jetblue Security Team. I Found that this domain `█████████` using Apache Tomcat/6.0.35 , And i was able to login to https://██████████/manager/html With default credentials `tomcat:tomcat` See the following Screenshots:- ██████████ ███ ## Steps To Reproduce: 1. Go To https://███████/manager/html 2. Login with default creds `tomcat:tomcat` ## Supporting …
Hi there is an open redirect vulnerable in crm.unikrn.com POC ```curl http://crm.unikrn.com//example.com/ -L -v``` Response ``` < HTTP/1.1 302 Moved Temporarily < Date: Thu, 14 Dec 2017 09:06:08 GMT < Transfer-Encoding: chunked < Connection: keep-alive < Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 < Expires: Thu, 01 Jan 1970 …
## Vulnerable URL http://[server]/nextcloud/index.php/settings/personal/authtokens/[token ID] ## Summary Nextcloud users can create app-specific passwords, also called authtokens, giving an app limited access to their account. Users can grant or deny access to their files for each app password. The function to change a password's file access ("filesystem") permissions contains an IDOR …
I've identified an SQL injection vulnerability in the website **labs.data.gov** that affects the endpoint `/dashboard/datagov/csv_to_json` and can be exploited via the **User-Agent** HTTP header. I didn't extracted any data from the database, I've confirmed the vulnerability using **sleep** SQL queries with various arithmetic operations. The **sleep** command combined with the …