HackerOne Reports
Search through disclosed security reports
10,350 reports found
Showing 901 - 920
## Description Hi, there is a protection bypass in the linkfilter function. By using the character 。 (%E3%80%82 url encoded) instead of a normal dot in urls, it is possible to bypass the blocking. ## PoC Normal request : https://steamcommunity.com/linkfilter/?url=pornhub.com {F240919} Bypass : https://steamcommunity.com/linkfilter/?url=pornhub%E3%80%82com {F240920}
**Summary:** Username&password is Disclosure for login into dashboard in readme file in [https://███] **Description:** * open [this](https://██████████/README.md) and u will see the username and password in the file ## Impact * Disclosure Sensitive Information "username&password"
Hello, When you visit any projects from `https://hosted.weblate.org/` , there is a button provided on top-right called `Watch` / `Unwatch` for each projects. when you click on that button, a POST request is sent which contains csrf token. But this request also works without that token. Just hit the urls …
Hi team, I found that there is some design flaw in the website in Password reset functionality. This report is basically combination of two reports ( #223329 & #223339) those are already resolved but i bypass the fixes provided for. Issue 1: Bypass the Logout CSRF fix. **Steps to reproduce/POC:** …
SUMMARY ------------- Hello, I have notices that you do not properly strip the RTLO (right to left override) character __in the sharing page of the file__, thus allowing someone to mask the real extension of a file and if the user downloads, then opens the file something may be executed …
From within the http request function of the Acunetix and IronWasp programs I was able to view the passwd and hosts files at https://nightly.ubnt.com. Please see the attached screenshots for proof. I have tried to reproduce from within firefox and internet explorer without much luck however if you need it …
## Affected URL: https://demo.weblate.org/accounts/email/ ## Issue: The account section of profile says: "You can add another email address on the Authentication tab." But there is no option of adding another email in Authentication. However, I was able to guess the above endpoint. The problem here is, the site lacks password …
Hello Team , I have found an issue through which unwanted users can be added to victim's workspace inside *.cloud.mattermost.com . So I have created an workspace with my email id , let's say email1 and invited email2 to my workspace . Email2 is not having an account at mattermost …
Tested against POODLE MITM and www.rockstargames.com is vulnerable, i simply went into terminal and used this command "openssl s_client -connect www.rockstargames.com:443 -ssl3" proof attached in image below How to fix: Disable SSLv3
Hi everyone, I would like to report here a Blind SSRF vulnerability through the Nextcloud Mail application. Tested on latest Mail release : `2.0.1`. ## Steps To Reproduce: This is a similar report to report #1736390, but this time on a different parameter. The vulnerable parameter is `smtpHost`. The only …
## Summary ELMAH (Error Logging Modules and Handlers) is an application-wide error logging facility that is completely pluggable. If ELMAH is not properly configured, the **elmah.axd** handler can be accessed without authorization. This page will list all the error messages generated by the web application. ## Impact ## Impact May …
The Quora is using HTTP post method to send logs to the Quora Server and save the logs on the server Which is not Validating the size of the log data and directly storing a large amount of data on the server. i mean when the logs are sended to …
CVE-2017-7521 Remote server crashes/double-free/memory leaks in certificate processing CVE-2017-7520 Remote (including MITM) client crash, data leak CVE-2017-7508 Remote server crash (forced assertion failure) CVE-2017-7522 Crash mbed TLS/PolarSSL-based server (no cve) Remote/mitm Null-pointer dereference in establish_http_proxy_passthru() (no cve) Stack buffer overflow if long –tls-cipher is given (no cve) Remote (including MITM) …
The following program triggers a null pointer dereference with mruby b200c747: ```ruby def method_missing(m) ensure begin A rescue break rescue end end send '' ``` ASAN report: ```text ASAN:DEADLYSIGNAL ================================================================= ==12116==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x00000051bfaa bp 0x7fff4a650cd0 sp 0x7fff4a648a80 T0) #0 0x51bfa9 in mrb_vm_exec /home/vagrant/mruby/src/vm.c:1427:9 #1 …
Hi There, One of the DoD Site is vulnerable to blind sql injection. #Affected Domain: www.███ #PoC: Navigate to below url ``http://www.█████████/viewVideo.asp?t=7`` Just replace ``7`` with ``pg_sleep(__30__)--`` ***GET /viewVideo.asp?t=pg_sleep(__30__)--*** As a response you can see time delay compared with ``viewVideo.asp?t=7`` #####Time Slot: *viewVideo.asp?t=7* -----------> 240-330 milliseconds *viewVideo.asp?t=pg_sleep(__30__)--* -----------> 15000-19000 milliseconds …
### Affected URL: https://demo.weblate.org/contact/?t=account ### Issue: I have found an issue similar to [223454](https://hackerone.com/reports/223454). There is no restriction to number of character that can be send as email, username and other field. If any more information is needed feel free to contact me.