HackerOne Reports
Search through disclosed security reports
10,350 reports found
Showing 821 - 840
Issue : Access to local file system using javascript(slightly xss on server side ) The browser can access the local files using iframes with a local html file. this is very normal and often used for local web development but javascript shouldn't be able to get the content of that …
Vulnerable domain: https://█████████ Endpoint: https://█████████/schema/columns.byTable.html Description: When you visit the above endpoint you will get all the backend database. Its a critical vulnerability and should be patch as soon as possible. Let me know if you want any more details. FInd the POCs: Thanks.
## Summary: It is possible to read a dragged tab object if user is coerced into drag and dropping it into attacker controlled page. This is bad because tab history is mentioned within the object, thus information leaks are possible through a trick. ## Products affected: Brave: 0.18.14 rev: ad92d029e184c4cff01b2e9f4916725ba675e3c8 …
**Summary:** The endpoint at `https://{language}.quora.com/widgets/embed_iframe?path={path_to_answer_in_same_language}` shows the answer you specify in _path_ (like `/Question/answer/User`) in a format useful to embed. There is one button _Share_ that when clicked shows another button _Share to Twitter_. The `href` attribute of this last button is of the format `javascript: window.open("https://twitter.com/intent/tweet?text=Answer on @Quora by …
### Steps to reproduce 1. User A shares a file "movie.mp4" with user B. 2. User B uses webdav to access files (e.g. foldersync or nautilus) 3. share is shown as regular file (using webdav). 4. Copy the file and paste it to the same folder (still using webdav). 5. …
**Summary:** Many DoD systems use BlueCoat gateways. These gateways insert unique BlueCoat ids that permit tracking DoD users and gaining insight into the DoD network architecture when DoD users access the Internet. **Description:** I run a popular web service (FotoForensics.com -- it's around 150,000 in the Alexa list of top …
The Custom Emoji Page has a Reflected XSS in building flash message. The following is the PoC. https://{team}.slack.com/customize/emoji?added=1&name=vuln"><script>alert(0);<%2Fscript>
Hi team, While doing some recon i stumbled upon an IP address http://██████/ The IP took me to a Login Page at ████=https%3A%2F%2F██████████████████ as of the URL suggest this system belongs to US gov. Doing a Port scan reveals that POST ██████████ is Open, A lot of doors open if …
### Summary There's a path traversal issue in Nuget package registry which was released to GitLab-EE recently. The issue allows an attacker to create any file with an extension “.nupkg” in the filesystem. By combining the bug with a race condition in Gitaly which I used several times before (#762421, …
If a email-address is added to a circle, the email user has still access after the email-address is removed from the circle. Requirements ------- circles app and share by mail app enabled Steps to reproduce ------------- 1. add an email address to a circle 2. share a folder/file with the …
##Description hello sir, your subdomain recommendation.algolia.com cname is recommendation.us and recommendation.us is for sell which can lead to subdomain take over ##steps to reproduce 1. check the cname of recommendation.algolia.com 2. see that the cname "recommendation.us" is for sell using lookup tool ##poc: {F555251} ## Impact Attackers are able to …
Wordpress that have xmlrpc.php enabled for pingbacks, trackbacks, etc. can be made as a part of a huge botnet causing a major DDOS. this website www.data.gov has the xmlrpc.php file enabled. ## Impact This can be automated from multiple hosts and be used to cause a mass DDOS attack on …
## Summary: The leak of Internal IP Addresses. IP Addresses:- 10.6.96.4 10.6.136.194 10.6.127.182 ### Assessment: [add your assessment of the vulnerability] ## Steps To Reproduce: 1. Open request page of (graphql2.trint.com) with "getUser" Operation name. 2. Remove "authorization: Bearer" line and error will raise. 3. You can see ("ip":"::ffff:10.6.127.182) and …
**Summary:** It was found that twitter.com hosts a specific javascript file whose content is partly dynamically generated, depending on the requestor's user authentication cookie. This dynamic part actually reveals the X's User ID of the requestor. Since the Same-Origin-Policy doesn't apply to javascript file imports, an attacker can force a …
Hey guys. The dir parameter on /updates-pro/archive/ seems to be vulnerable to Cross-site Scripting. Steps to reproduce: 1- Navigate to: https://www.mapsmarker.com/updates-pro/archive/?dir=v3.0.1 2- Add this to the url: <svG onLoad=prompt(9)> 3- Result in attached printsceen. Or quite simple visit: https://www.mapsmarker.com/updates-pro/archive/?dir=v3.0.1%3CsvG%20onLoad=prompt(1)%3E
Man, treat you another drink. ## Description An HTML5 cross-origin resource sharing (CORS) policy controls whether and how content running on other domains can perform two-way interaction with the domain that publishes the policy. The policy is fine-grained and can apply access controls per-request based on the URL and other …