HackerOne Reports
Search through disclosed security reports
10,202 reports found
Showing 41 - 60
I want to report bug XSS in "ADD IMAGES" How To Produce it : 1. Login to your Account 2. Then Add Images With XSS Payload In filename (example : "><img src=x onerror=prompt(document.domain)>.png) 3. Click on Image that you upload 4. in the name of picture XSS will fired ## …
*.myshopify.com is vulnerable to a reflective cross-site scripting attack in the newsletter form. This can be crafted to trigger on a page load without any further user interaction. The following example url shows this vulnerability: ``` https://testbuguser.myshopify.com/?contact[email]%20onfocus%3djavascript:alert(%27xss%27)%20autofocus%20a=a&form_type[a]aaa ``` This was tested on a newly registered store "testbuguser.myshopify.com" If you require …
#Description: Microsoft .NET Framework is prone to multiple NULL-byte injection vulnerabilities because it fails to adequately sanitize user-supplied data. #Vulnerable URL: https://████/%2F%20This%20website%20is%20vulnerable%20to%20NULL%20BYTE%20INJECTION/ #Steps to Reproduce: 1) An attacker can exploit this issue via a browser. The following example URI request is available: https://███████/%2F%20This%20website%20is%20vulnerable%20to%20NULL%20BYTE%20INJECTION%00 #Mitigation: https://www.securityfocus.com/bid/24791/solution #See Also: https://www.exploit-db.com/exploits/30281 #Proof of …
Hi there, It is possible to delete anyone's added email,telephone,fax,address,Skype via CSRF in `GET` method. The action is performed via `GET`method without any CSRF protection. # Steps to reproduce - login to your https://academy.acronis.com account - navigate to `https://academy.acronis.com/#/account/edit/account_id/<your_id>` - add any email,telphone,fax,addres,skype - try deleting them and capture the …
### Steps to reproduce 1. Run GitLab `docker run --detach --hostname gitlab.example.com --publish 443:443 --publish 80:80 --publish 22:22 --name gitlab gitlab/gitlab-ce:latest` 2. Connect to the GitLab Docker container: `docker exec -it gitlab /bin/bash` 3. Install netcat: `apt update && apt install -y netcat` 4. Run server in container: `nc -llvp …
Reproduction: step no 1:Open URL:https://www.owox.com/products/ or open your user account step no 2: copy URL or paste another tab step no 3:Go back again first tab or logout your account step no 4: And check the copied URL section is working properly Reference From :#244875 Reference From :#263873 Reference From …
When `curl_easy_duphandle()` is used to duplicate an easy handle it is possible to inject cookies into that duplicated handle if a file `none` exists in the current working directory. ## PoC / Steps to reproduce: 1. Open 2 terminals 1. compile F2699218 1. in terminal 1: `nc -l -p 8888 …
Hi guys I noticed you are using unsafe host header in generating short links. #Details First i navigated to my account `https://socialclub.rockstargames.com/member/xerojuzto` Then i created a new message , and i clicked on share button which shortens the url for example From `https://socialclub.rockstargames.com/member/xerojuzto/feed/3073813190982488067` to `http://rsg.ms/517ae7c` I fetched the http requests …
**Summary:** Hello HackerOne security team :-) For a while now I have been monitoring H1 js files. I've just noticed some new GraphQL queries about `HackerOne Copilot`. While this feature has not yet been released, the vulnerability must be fixed. `DestroyLlmConversation` GraphQL mutation is vulnerable to IDOR. ### Steps To …
**Dear Nextcloud Team –** I have identified a formula injection vulnerability [1][2] in the CSV export feature of the *Forms* App. I am aware that the Forms app is not part of this bug bounty program but was advised to disclose it via hackerone anyway. **Description.** When a (n Excel-/Calc-) …
### Summary: Gitlab allows its user to exercise their GDPR rights (Right to Access/Delete) user data by sending an email to [email protected] however gitlab team doesn't ask for security question(i.e Date Of Birth) before deleting the user account moreover doesn't authenticate the incoming emails from their instance which allows an …
## Summary: [add summary of the vulnerability] ## Steps To Reproduce: - Go to Company > Buddies-to-Be > Custom variables - Add malicious code: `" onmouseover="confirm(document.domain)" a="` {F915718} - Go to Company > Messages > Blank email - In the WYSIWYG editor select `Custom variables` - Malicious code executed {F915719} …
Rust's regex crate guarantees a linear time complexity with regex length for compilation of untrusted regexes. However, existing mitigations for known malicious regexes are based on memory usage and, as such, do not mitigate repetitions of empty sub-expressions. For example, the following payload triggers such an issue: ```re (?:){4294967295} ``` …
The following URL is vulnerable to an open redirect (it will redirect to example.com): https://█████?redirecturl=https://example.com I hope you know the impact of open redirect and more info refer ## Impact User can be redirect to malicious site.
**Description:** There is Reflected Cross site scripting issue at the following url: https://█████████ ## Proof Of Concept https://███████?████████=%22%3E%3Cimg%20src=x%20onerror=alert(document.domain)%3E █████ Best Regards @pelegn ## Impact Cookies Exfiltration SOAP Bypass CORS Bypass Executing javascript on the victim behalf ## System Host(s) ████████ ## Affected Product(s) and Version(s) ## CVE Numbers ## Steps …
There is Reflected Cross site scripting issue at the following url: https://█████ Proof Of Concept https://████████?█████=%22onfocus%3d%22alert(document.domain)%22autofocus%3d%22&█████████████████████=Search ████ Best Regards @pelegn ## Impact Cookies Exfiltration SOAP Bypass CORS Bypass Executing javascript on the victim behalf ## System Host(s) ████████ ## Affected Product(s) and Version(s) ## CVE Numbers ## Steps to Reproduce …
There is Reflected Cross site scripting issue at the following url: [https://█████/████](https://██████████/██████████) Proof Of Concept https://████████/███████?text=&███=%22%3E%3Csvg/onload=alert(1)%3E████ ███████ Best Regards @pelegn ## Impact Cookies Exfiltration SOAP Bypass CORS Bypass Executing javascript on the victim behalf ## System Host(s) ██████ ## Affected Product(s) and Version(s) ## CVE Numbers ## Steps to Reproduce …