HackerOne Reports
Search through disclosed security reports
10,350 reports found
Showing 861 - 880
## TL;DR Flag is: `^FLAG^736c635d8842751b8aafa556154eb9f3$FLAG$`. Thank you for this awesome challenge! ## Introduction I have participated in this CTF as I wanted to see how far I'd be able to get considering the fact that I'm doing bug bounty for a relatively short time. Coming from the software engineering world, …
This bug was reported directly to GitHub Security Lab.
Hi :) First off thanks for a great CTF! It had its ups and downs (mainly due to my mistakes) but here is the final flag: `^FLAG^736c635d8842751b8aafa556154eb9f3$FLAG$` My write up can be found at https://devcraft.io/bountypay-h1-2006-ctf.html (unpublished) detailing the process, tools, and mistakes I made along the way. Cheers, Will ## …
## Summary: Hello HackerOne team! I finally managed to solve this long but really nice CTF! Here is the flag: ^FLAG^736c635d8842751b8aafa556154eb9f3$FLAG$. You can access my writeup at https://diego95root.github.io/posts/H1-2006-CTF/. It's password protected, the password is the flag. Thank you so much for organising the CTF, definitely learned a lot! ## Impact …
## Summary Got it! Thanks guys for going through the trouble to make these. Best regards @nahamsec @adamtlangley @B3nac for hosting and @hackingfish @zonkism and @clos for peer support to make it. Writeup to follow, but let's have the flag first! {F859962} ## Impact Participating in CTFs can cause sleepless …
### Summary An attacker can run arbitrary pipeline jobs as a `victim` user. This means the attacker can access the user private repositories, member only repositories, registry, etc... by using the victim `CI_JOB_TOKEN` token. > This is only my recent research and I wanted to report it as soon as …
# Description it's possible to run arbitrary js code using https://polaris.shopify.com/demo + `postMessage` following codes are from [this file](https://polaris.shopify.com/assets/baseline/demo-3801177f8c9e2fc96d7fbd9b73f76b32a8aa35fee26bee5aa0964e71955cf960.js) which formatted using [prettier](https://prettier.io/playground/) `Demo` component (line 381) uses `addEventListener` to listen for `message` events (line #401): ```js componentDidMount() { window.addEventListener("message", this.handleMessage), this.throttledSendDetails(), window.addEventListener("click", handleAnchorClick); } ``` `handleMessage` method (line #499) …
Last week, Hackerone’s CEO Marten lost his credentials for BountyPay. A tweet from hackerone’s official twitter account asked for help from ethical hackers and bounty hunters to help the CEO recover his credentials and insure May’s payments. As an active bug hunter on Hackerone, I decided to take on this …
I would like to report an arbitrary code execution vulnerability in `is-my-json-valid`. It allows to execute arbitrary code if an attacker-controlled schema is passed to `is-my-json-valid`. The module Readme doesn't say anything about the risks of untrusted schemas, so I by default assume that this is applicable. If it's not …
# Summary: Ultimate aim is to pay the payments of hackerone using bounty pay with no use privileges at starting. Given scope is : *.bountypay.h1ctf.com **Enumerated subdomains are :** 1. www.bountypay.h1ctf.com 2. app.bountypay.h1ctf.com 3. staff.bountypay.h1ctf.com 4. api.bountypay.h1ctf.com 5. software.bountypay.h1ctf.com (cant access gloabally) The overall CTF can be divided into levels, …
This bug was reported directly to GitHub Security Lab.
Report Submission Form ## Summary: attacker can create admissionwebhook cause ssrf in cloudprovider server. cloudprovider like GKE AKS EKS. ## Kubernetes Version: kubernetes v1.18.6 ## Component Version: Docker version 19.03.6, build 369ce74a3c ## Steps To Reproduce: 1. use follwing command create v1.18.6 kubernetes, wait for the download process done. `minikube …
## Summary: After some testing in Calendar App, i found when im trying to Edit calendar appointment details and change the appointment to non-exsist id there is ```HTTP/1.1 500 Internal Server Error``` that disclose full path & internal SQL query. ## Steps To Reproduce: - login and navigate to ```/nextcloud/index.php/apps/calendar/dayGridMonth/now``` …
> NOTE! Thanks for submitting a report! Please replace *all* the (parenthesized) sections below with the pertinent details. Remember, the more detail you provide, the easier it is for us to triage and respond quickly, so be sure to take your time filling out the report! ### Summary Using the …
Description Companies like Twiter,Facebook and even Hackerone implemented a strict email security policy (combining SPF, DKIM, and DMARC) but I don't see that from gratipay You should apply strict SMPT policy to stop spoofed email sending from your domain. POC is attached. Exploit scenario: An attacker would send a Fake …