HackerOne Reports
Search through disclosed security reports
10,350 reports found
Showing 881 - 900
1. Выбираем любую удаленную страницу. 2. Например, открываем http://vk.com/id55555 3. Видим сообщение о том, что "Страница удалена, либо еще не создана" и никакой информации более. 4. Воспользуемся widget_subscribe.php с одним лишь параметром oid 5. https://vk.com/widget_subscribe.php?oid=55555 6. Profit! Наталья Кузнецова 7. Кстати, я смог на неё ещё и подписаться. После этого …
I would like to report Cross-Site Websocket Hijacking in `socket.io` It allows an attacker to bypass origin protection using special symbols include "`" and "$" # Module **module name:** `socket.io` **version:** `2.3.0` **npm page:** `https://www.npmjs.com/package/socket.io` ## Module Description > Socket.IO enables real-time bidirectional event-based communication ## Module Stats [1] weekly …
**Description:** I'm able to control the url being inserted into the query line at ``` https://█████/████&url=http%3a%2f%2fgalnagli.com%2f%3Cimg+src%3dx+onerror%3dalert%28document.domain%29%3E ``` The server issues a request (there is also SSRF here I'll report later) to the domain specified, and it renders the path being entered, so when supplying as a path: ``` <img src=x …
Hi, ## Description I have discovered one of your Amazon S3 bucket and tested it via the AWS command line tool on Linux. It looks like permissions are not well configured and allow dangerous actions to everyone. The vulnerable bucket is: `zomato-share` ## PoC: `aws s3 ls s3://zomato-share` `aws s3 …
Hi again, ###Description: As I reported in previous report about account deletion about without entering password #229904 I've just noticed that there's no email notification received after successfully removal of account. **Fixation:** User should be notified by email notification at his email after removal of an account. Cheers Mansoor
##Description I saw the fixed issue in the https://hackerone.com/reports/223692 and i think i found another filter bypass. I noticed that we actually can use special keywords like %(branch)s, %(file)s and %(line)s. So XSS can be achieved in this way: `%(branch)s:alert(1);//https://` if the branch will be named `javascript`, the payload will …
Hi team, I noticed that when requesting multiple reset links at https://demo.weblate.org/ all tokens are valid and can be used. In numerous applications the following policy is adopted as an additional security measure: - keep valid only that token with shorter lifetime (last requested) or - invalidate all reset links …
### Affected URL: https://demo.weblate.org/accounts/register/ ### Issue: The captchas are implement so that the site can differentiate between the legitimate user and the bot. The captcha challenge should be something that a bot cannot solve easily and a human could easily solve. However, in the above URL captcha is simple enough …
### Affected Domain: https://demo.weblate.org/ ### Issue: The sites like Facebook and Google keeps tracks of old password and does not allow user to set password similar to their old passwords. However in case of demo.weblate.org. It is possible for a user to set new password which is exactly similar to …
Hi Weblate, Hope you all have a good day! Its a minor issue, but hope you'll fix it. It seems like after changing password for example my current password is : mypassword1 And lets assume that the hacker got an access to my account, and me of course will change …
Hi, Rate limit issue exist in hosted.weblate.org. An attacker can able to send as many email as he want to the victim mail. The attacker can successfully bruteforce on any users mail account even when the rate limiting is enabled. Step to reproduce : 1. sign up and login to …
## Summary: During testing it's been found that in `accounts.shopify.com` it's possible to change your email address to any email address that you don't own and confirm that email due to the confirmation token being leaked. ## Steps to reproduce: 1. Login to `https://accounts.shopify.com/account` 2. Click **Change** Next to email …
Hi Team, This report is the pretty much same of my closed report here: #223355 , the difference is __[BUG#2] when a user created an account BUT did not supply the password__, therefor there is nothing to reauthenticate when deleting the account, it will successfully delete the account without supplying …
Hi Team, Domain: `demo.weblate.org` In this bug, i have found a way to login any person to the attackers account, therefor when any user login to attackers account, the attacker can see the victims activity inside attackers account such as sensitive information. The issue relies on __registration confirmation together with …
##Description The demo instance, located on https://demo.weblate.org is leaking user's IP-adresses in the Activity log. {F185728} ##Impact The authenticated user can disclose valid IP adresses of other users through Activity log. The feature works as it should (*so no changes should be made on the GitHub or other sites like …
Hi nextcloud, Here is Shaifullah Shaon (Black_EyE), An Ethical Hacker. a white hat cyber security researcher from Bangladesh reporting a serious [3'rd ranking in OWASP] security vulnerability on your system. There is an Email Spoofing Vulnerability from nextcloud. Steps to reproduce: 1) Go to http://emkei.cz/ 2) Fill "From Email" field …