HackerOne Reports
Search through disclosed security reports
10,350 reports found
Showing 701 - 720
Related to <https://tools.ietf.org/html/rfc2965>, the separator in the cookie header is semi-colon (;) and this issue is caused by semicolon (;) not encoded, so the attacker can arbitrarily manipulate cookies. Arbitrary set cookie will cause several problems like: - Session Fixation - Cookie Bomb (Client-Side DoS) - Etc **Vulnerable Endpoint:** <https://nordvpn.com/?coupon=HERE;+Cookie1=XXXXX;+Cookie2=WWWWWWW;+Cookie3=EOF> …
## Summary: Reset password page api call, can be used to enumerate usernames based on the error message ## Steps To Reproduce: [add details for how we can reproduce the issue] 1. Go to password reset page 2. Enter username and click submit 3. Check email for password reset code, …
Hi There, Hope you are doing good, As i was just playing around with ```chaturbate.com``` and found that you guys does not have proper configuration for malicious script injection in website. In Homograph attack basically attacker may able to inject some malicious script with URL. Here i made homograph link …
Description A broadcaster can add or remove a non-existent user as a moderator. This is submitted using the testbed as it wasn't possible to initiate a broadcast on the production site. Steps 1. As a broadcaster add a moderator to the broadcast (attachment 1). 2. Observe the request sent to …
Hello there, User are able to protect there broadcasting with password, so only password granted visitor can login to broadcast room. I notice that rate limit are missing at the endpoint `/roomlogin/user/` which enable me to brute force on password field. I made 1k+ request but still server not block …
Hello Team There is no Homography protection on redirect URL URL: https://m.chaturbate.com/external_link/?url=http://ebаy.com In Homograph attack basically attacker may able to inject some malicious script with URL. Here i made homograph link for the ebay.com, when normal user see this link its look like normal simple text link but no its …
We Can do username enumeration, Reproduce: 1. Go any wordpress site. #2.www.site.com/?author=1 (type ?author=1 at end of site) 3. You will get www.site.com/author/admin (now, admin is username of login panel of that site) Thanks, Sameer Phad ## Impact -
## Summary: Reflected XSS in " https://reddit.zendesk.com/hc/en-us/requests/new " via file upload ## Impact: !! attacker can send that email to victim and steal user account or cookies Cross site scripting attacks can have devastating consequences. Code injected into a vulnerable application can exfiltrate data or install malware on the user’s …
**Description:** Hi, While going through the testing of DoD assets, I have came across a subdomain that is vulnerable to CVE-2020-14179. Some of the internal fields that are exposed are Project, Status, Limits, Creator, Query, Created Date, Updated Date, Resolution Date, etc. ## References https://jira.atlassian.com/browse/JRASERVER-71536 https://www.cvedetails.com/cve/CVE-2020-14179 ## Impact It allows …
**Description:** https://████████ is vulnerable to CVE-2021-29156. ## References * https://nvd.nist.gov/vuln/detail/CVE-2021-29156 * https://portswigger.net/research/hidden-oauth-attack-vectors * https://github.com/projectdiscovery/nuclei-templates/blob/74db4223c11d27a934ca1c417aa4abca9e70ad35/cves/2021/CVE-2021-29156.yaml ## Impact ForgeRock OpenAM before 13.5.1 allows LDAP injection via the Webfinger protocol. For example, an unauthenticated attacker can perform character-by-character retrieval of password hashes, or retrieve a session token or a private key. ## System …
**Description:** https://█████ is vulnerable to CVE-2021-29156 ## References * https://hackerone.com/reports/1278050 * https://nvd.nist.gov/vuln/detail/CVE-2021-29156 * https://portswigger.net/research/hidden-oauth-attack-vectors * https://github.com/projectdiscovery/nuclei-templates/blob/74db4223c11d27a934ca1c417aa4abca9e70ad35/cves/2021/CVE-2021-29156.yaml ## Impact ForgeRock OpenAM before 13.5.1 allows LDAP injection via the Webfinger protocol. For example, an unauthenticated attacker can perform character-by-character retrieval of password hashes, or retrieve a session token or a private key. …
> NOTE! Thanks for submitting a report! Please replace *all* the [square] sections below with the pertinent details. Remember, the more detail you provide, the easier it is for us to triage and respond quickly, so be sure to take your time filling out the report! **Summary:** "rejectUnauthorized: false" disables …
**Description:** Hi, While going through the testing of DoD assets, I have came across a subdomain that is vulnerable to CVE-2020-14179. Some of the internal fields that are exposed are Project, Status, Limits, Creator, Query, Created Date, Updated Date, Resolution Date, etc. ## References https://jira.atlassian.com/browse/JRASERVER-71536 https://www.cvedetails.com/cve/CVE-2020-14179 ## Impact It allows …
## Summary: [i have discoverd a blind sql on your site login page which i confirmed using two scenarios to confirm its existance.] ## Steps To Reproduce: [add details for how we can reproduce the issue] use the following payloads this one retured a 200 ok response confirming sql vulnerability …