HackerOne Reports
Search through disclosed security reports
10,350 reports found
Showing 761 - 780
Hi, This looks like a minor issue but felt like it was something worth reporting. Ideally, a product can be published or remain unpublished on any sales channel. If a product remains unpublished, then no information regarding it must be visible to public including product pictures. But I found an …
**Summary:** Microsoft recently released a patch for CVE-2019-0604. This vulnerability is caused by the Microsoft SharePoint application deserializing untrusted data from a user. This means an attacker can send a specially crafted/encoded parameter to a Microsoft SharePoint URL, and it will allow Remote Code Execution or Command Injection on the …
hello dear team I have found SQL injection on docs.atavist.com url:http://docs.atavist.com/reader_api/stories.php?limit=10&offset=20&organization_id=88822&search=0&sort= parameters: injectable search=0 ``` Parameter: search (GET) Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind Payload: limit=10&offset=20&organization_id=88822&search=0' AND SLEEP(5) AND 'wRIg' LIKE 'wRIg&sort= ``` ``` [20:54:30] [INFO] the back-end DBMS is MySQL web application technology: Apache …
Unsanitized input from CLI argument flows into `io.ioutil.ReadFile`, where it is used as a path. This may result in a Path Traversal vulnerability and allow an attacker to read arbitrary files. See this fix : https://github.com/hyperledger/fabric/pull/3573 ## Impact There is a path traversal vulnerability in the source code of fabric
Currency fluctuate all the time. Theses days EUR / USD key pair is around 1for1. It was even 1:0.99 when I was writing this report. Portswigger doesn't change dynamically the price and exchange rate dynamically. Vulnerability at the following link: https://portswigger.net/buy/pro When you want to buy a product choose the …
GitLab
•
RCE via unsafe inline Kramdown options when rendering certain Wiki pages
Critical
$20,000
Closed
### Summary When rendering wiki content with certain extensions such as `.rmd`, `render_wiki_content` will call [`other_markup_unsafe`](https://gitlab.com/gitlab-org/gitlab/-/blob/v13.9.3-ee/app/helpers/markup_helper.rb#L145) which will end up calling `GitHub::Markup.render` from the `github-markup` gem. Files with any extension can be uploaded by checking out the wiki with git, commiting the files and pushing the changes back. Since `kramdown` …
Hey Team While performing security testing of your websites i have found the vulnerability called Clickjacking. Many URLS are in scope and vulnerable to Clickjacking. The server didn't return an X-Frame-Options header which means that this website could be at risk of a clickjacking attack. The X-Frame-Options HTTP response header …
Hi Team, ## _Summary:_ The Intense Debate comment system is vulnerable to stored xss by users , this would allow for atacking admins/users on the blog , ## Platform(s) Affected: * Intense Debate comment system ________________________________________________________________________________________ ________________________________________________________________________________________ ## _Steps To Reproduce:_ 1. Go to **intensedebate.com/moderate/{{-ID-}}** 2. Go to comments > …
## Summary The issue described here leads to the same outcome as my previous report, https://hackerone.com/reports/1409788 . So look into that one for further details on the JavaScript gadgets. Also see my report https://hackerone.com/reports/1481207 for a detailed rundown of injections in GitLab. This time it is the `title` field of …
**Summary** Hello Team I have found a bypass to the this report. #1039749 **Steps To Reproduce:** 1. Login to attacker's account and go to settings --> account settings. 2. Intercept the request in burp suite and click on merge twitch account. 3. Allow twitch access and once you see a …
## Summary: Hello, I have found a SQL Injection Union Based on `https://intensedebate.com/commenthistory/$YourSiteId ` The `$YourSiteId` into the url is vulnerable to SQL Injection. ## Steps to reproduce 1. Logging into `https://intensedebate.com` 2. After create your own site on `https://intensedebate.com/install` and follow all steps 3. Now you need to know …
Hackerone disallows people with under 3000 reputation and 3 signal to comment on reports which have been closed as informative or N/A: {F3542835} However you can bypass this and leave an infinite amount of comments by "requesting disclosure" , then cancelling it (if you want to write more messages), then …
## Summary: Reddit launched a new feature in June 2024 changelog. It is about **Achievement Badges** being available in profile . As per its the access control a badge is supposed to be hidden to other users if the badge owner unpins it. However, this IDOR vulnerability lets a malicious …
Hi There, ### Steps To Reproduce 1- open this site: https://www.virustotal.com/#/domain/hackerone.com ------------------------- 2- Then Go down to the end of this page and you will see this: ████ ``https://hackerone.com/reports/334677?invitation_token=███████`` -------------- 3- when i open it, i see this: █████ --------------------- 4-after the step 3 i thought it's demo from hackerone …
**Summary:** A filename regular expression could be bypassed and enable the attacker to create a symbolic link in Gitlab upload directory by importing a specially crafted Gitlab export. Further more, Gitlab is designed to not delete project upload directory currently. So, the attacker could delete the imported project and then …