HackerOne Reports
Search through disclosed security reports
10,202 reports found
Showing 61 - 80
There is Reflected Cross site scripting issue at the following url: https://██████████/██████ Proof Of Concept https://████████/█████████████████=%22%3E%3Csvg/onload=alert(1)%3E█████████ █████ Best Regards @pelegn ## Impact Cookies Exfiltration SOAP Bypass CORS Bypass Executing javascript on the victim behalf ## System Host(s) ██████ ## Affected Product(s) and Version(s) ## CVE Numbers ## Steps to Reproduce …
Greetings, The application appears to be vulnerable to HTTP request smuggling due to a disagreement between the front-end and back-end server, where the front-end server uses the Transfer-Encoding header to determine content in the HTTP body, but back-end server uses the Content-Length header, which causes a desync. The following steps …
**Summary:** I found a .git repository on https://███████.mil/.git which discloses an API password for Yubikey on 2 different domains, together with full source code. **Description:** Fetching the git repository and decompressing the objects results in the ability to read the source code of the server, which includes an API password …
I have found a subdomain of `███████` to be vulnerable to takeovers via a CNAME to unclaimed domain. I have claimed this domain and redirected them to a blank page to prevent a bad actor from doing so in the meantime, and hosted a POC file at obscure URLs. These …
There is Reflected Cross site scripting issue at the following url: https://████████/█████ Proof Of Concept https://████/███?███=%22onfocus%3d%22alert(document.domain)%22autofocus%3d%22&submit=Search ███ Best Regards @pelegn ## Impact Cookies Exfiltration SOAP Bypass CORS Bypass Executing javascript on the victim behalf ## System Host(s) ██████████ ## Affected Product(s) and Version(s) ## CVE Numbers ## Steps to Reproduce …
**Summary:** There is a critical information disclosure at https://████████/rserver/rdPage.aspx?rdReport=db_Dashboard&rdShowModes= **Description:** As you can see in the video the https://████████/rserver/rdPage.aspx?rdReport=db_Dashboard&rdShowModes= loads a page with a debug this page functions enabled, which gives the user access to server side information such some sql structure, the path to the webroot plus some other …
Hi there, Similar to this report submitted to Hackerone itself: https://hackerone.com/reports/575 You also are vulnerable to email spoofing. Steps to reproduce: 1- Go to https://emkei.cz ( A Fake Mailer ) 2- Set the from to parameter as [email protected] or any other name, and send it. 3- The email is sent …
I have found and reported an out of bounds memory read in PHP: https://bugs.php.net/bug.php?id=73825 It affected all three supported versions and has been fixed with the latest updates: https://secure.php.net/ChangeLog-5.php#5.6.30 https://secure.php.net/ChangeLog-7.php#7.0.15 https://secure.php.net/ChangeLog-7.php#7.1.1
Hello Team #Description In the continuous series of 12 days, twelve flags were hidden inside Hackyholidays site - hackyholidays.h1ctf.com in which once we get all the flags, grinch can be stopped. This write-up will describe solving all the 12 days challenges. #Step To Reproduce + It all started when hackerone …
The following code causes mruby to use up all available memory: `class A redo rescue c end` Following the execution, we see the code in codegen.c jumping between CASE(OP_ONERR) and CASE(OP_JMP). CASE(OP_ONERR) uses realloc to double the size of mrb->c->rescue, and since it is stuck in an infinite loop between …
Hi, While experimenting with parser bypass techniques, I discovered that RDoc markup could be used to inject a stored JavaScript payload into a project `README.rdoc` file. Please note that this issue is separate to my earlier report #200565 (XSS with AsciiDoc markup), marked as duplicate. ## Steps to Reproduce 1. …
Hello __Team__ __Abstract__:- A Cross-Site Scripting vulnerability was found in the MailPoet Newsletters plugin. This issue allows an attacker to perform a wide variety of actions, such as stealing Administrators' session tokens, or performing arbitrary actions on their behalf. In order to exploit this issue, the attacker has to lure/force …
Hello __Team__ __Description__:- business-blog.zomato.com is vulnerable to reflected XSS that stems from an insecure URL sanitization process performed in the file flashmediaelement.swf __POC__:- https://business-blog.zomato.com/wp-includes/js/mediaelement/flashmediaelement.swf?%#jsinitfunctio%gn=alert%60xss by dem0n%60 {F154224} __Fix__:- Update to WordPress to latest __Regards__:- Santhosh