HackerOne Reports
Search through disclosed security reports
10,350 reports found
Showing 1081 - 1100
Privileges required: Admin Hi, "user_ldap" plugin can be leveraged to interact with internal services over various protocols. LDAP password field can be exploited with newline chars (\r\n) in order to communicate with protocols like SMTP, Redis and, generally speaking, with all services those speak plain text protocols (e.g. postgres, memcached, …
## Summary: Hello Team, I found the Stored XSS vulnerability in the Custom Style section, this vulnerability can result in an attacker to execute arbitrary JavaScript in the context of the attacked website and the attacked user. This can be abused to steal session cookies, performing requests in the name …
https://www.slackatwork.com/wp-content/themes/twentyfifteen/genericons//example.html#1<img/ src=1 onerror= alert(document.cookie)>
Hey all, There seems to be no filtering of strange unicode characters such as U+202E which is an Right-To-Left-Override. I can send messages like "Hey check out my new song at example.com/song[rtlo]3pm.exe" and everyone would see the link as "example.com/songexe.mp3". Links that end with .exe are very suspicious but everyone …
Hello, during some open redirects testing, I have noticed a very strange redirect that occured when I had modified a parameter using something like `>cofee`. I have digged up further and then I have noticed that one can make a redirect by modifying GET parameters with this structure : `<>//google.com` …
## Summary Acronis True Image has an Antivirus functionality which provides real-time protection and signature-based defenses against viruses and malwares. The Quarantine has a Restore feature which can be used to restore quarantined files back to their original location if the user is sure that the file is not a …
Hi @codeigniter, # Description You are using a vulnerable Javascript library. One or more vulnerabilities were reported for this version of the Javascript library. Consult Attack details and Web References for more information about the affected library and the vulnerabilities that were reported. # Affected URL * [/user_guide/_static/jquery.js](https://www.codeigniter.com/user_guide/_static/jquery.js) * [/userguide3/_static/jquery.js](https://www.codeigniter.com/userguide3/_static/jquery.js) …
Please open the following url ``` https://www.instacart.com/store/partner_recipe?recipe_url=javascript:alert(1)&partner_name=&ingredients%5B%5D=apples&ingredients%5B%5D=butter&ingredients%5B%5D=Splenda+Brown+Sugar+Blend&ingredients%5B%5D=cinnamon&ingredients%5B%5D=nutmeg&title=Barb%27s+Fried+Apples+-Diabetic-Low+Fat&description=&image_url=%2Fassets%2Fimg%2Fno-recipe-image.jpg ``` and click on the "Barb's Fried Apples -Diabetic-Low Fat" image to trigger the payload. The affected parameter is recipe_url
#Description: I have found a security vulnerability that allows an attacker to disclose any user's private email. An attacker can disclose any user's private email by creating a sandbox program then adding that user to a report as a participant. Now if the attacker issued a request to fetch the …
The dangerous bug reporting template ============================= The github bug reporting template for owncloud's server and some apps contains this: ``` The content of config/config.php: If you have access to your command line run e.g.: sudo -u www-data php occ config:list system from within your instance's installation folder or Insert your …
The dangerous bug reporting template ============================= The github bug reporting template for nextcloud's server and some apps contains this: **The content of config/config.php:** ``` If you have access to your command line run e.g.: sudo -u www-data php occ config:list system from within your instance's installation folder or Insert your …
Mruby running on linux x64 gcc version 4.8.4 (Ubuntu 4.8.4-2ubuntu1~14.04.3) poc ``` for i in methods Kernel.initialize.public_methods print print %i[0 0 0 0]end ``` output ``` [----------------------------------registers-----------------------------------] RAX: 0x6b0e00 --> 0x80101 RBX: 0x6bef20 --> 0x6b73d0 --> 0x210 RCX: 0x6ac010 --> 0x7fffffffe0b0 --> 0x0 RDX: 0x8 RSI: 0x6b3830 --> 0x408 RDI: …
Hey again! Founded another missing best practice in mruby. That allow an attacker to Delete (pop) or clear the ___Frozen ARRAY___. This report is similar to [194866](https://hackerone.com/reports/194866) POC === $a = [1,2,3,4,5].freeze $a.pop >"#=> This will give 5 and ___$a___ will become [1,2,3,4]" $a.shift > "#=> This will give 1 …
#Description: When a user tries to send a support a message to an app developer in `apps.shopify.com` , he will be asked to login and once he is logged in , he will be redirected to `apps.shopify.com/[app_id]?authenticity_token=[current_user_authenticity_token]`. Developers can track their app page view in `apps.shopify.com` by adding a google …
## Summary: This is much similar to my report here(https://hackerone.com/reports/2633888) , except it affects a different domain. The application requests a phone number for authentication, then sends an OTP code to the user. But the OTP is leaked in the response which defeats the whole purpose of it's implementation. ## …