HackerOne Reports
Search through disclosed security reports
10,350 reports found
Showing 1121 - 1140
Hi guys, I found XSS vulnerability on Home page olx.com.ar via auto save search text 1. Copy full link and go to the URL in browser: >https://www.olx.com.ar/nf/search/xss%22-'%20%22%3E%3Ciframe/src%20////onload%20=%20alert(document.cookie)%20onerror=alert(document.cookie) 2. Click logo button go back to home page look play load xss Sincerely, Jeyhun Jafarov (c37hun) Cybersecurity Specialist [email protected]
Hi Uber, I found issue on https://business.uber.com/server/organizations/[id]/trips2?per_page=15&requestAtStart=&requestAtStop=&count=true Step to reproduce: 1. Get https://business.uber.com/server/organizations/[your_organization_id]/trips2?per_page=15&requestAtStart=&requestAtStop=&count=true 2. Chang to victim organization If valid id, it will return result, but if not it will show error with internal state ``` {"error":{"name":"TchannelUnexpectedError","fullType":"tchannel.unexpected","type":"tchannel.unexpected","message":"Unexpected Error: 'validation_error.must_be_a_valid_uuid_v4'","isErrorFrame":true,"codeName":"UnexpectedError","errorCode":5,"originalId":2,"remoteAddr":"10.160.14.41:21306"}} ``` In `employee_invites`, it return 403. As previous I report #151465 …
Hi, As you mentioned the scope of vulnerability as >Any plugin listed on my WordPress.org profile. I am reporting this issue. I have seen from your [WordPress.org](https://profiles.wordpress.org/iandunn/#content-plugins) profile the second plugin listed is **Camptix Event Ticketing** So I looked at the source code of the plugin (https://github.com/Automattic/camptix) Although I don't …
**Summary:** I found a potential risk in the aws-lambda-ecs-run-task when I deployed it in the awslabs repository on GitHub. The application created a function with a role that has too many excessive permissions. A malicious user could leverage these permissions to escalate his/her privilege in multiple ways. **Description:** The aws-lambda-ecs-run-task …
When asked to both use a .netrc file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has an entry that matches the redirect target hostname …
### Summary If Kroki has been enabled, it's possible to craft a `pre` block so that arbitrary attributes can be injected into the resulting `img` tag. The css selector for finding a valid node to convert into a kroki diagram checks for either `pre[lang="#{diagram_type}"] > code` or for `pre > …
Hey Skyliner, I have found Email Spoofing type of Vulnerability in your Website. Attacker can use your E-Mail to send emails to others. Email spoofing is the creation of email messages with a forged sender address. Because the core email protocols do not have any mechanism for authentication, it is …
Hey Parogine, I have found **Email Spoofing** type of Vulnerability in your Website, **E-Mail Spoofing** Now the Question is, What is **E-mail Spoofing**: **Email spoofing** is the creation of email messages with a forged sender address. Because the core email protocols do not have any mechanism for authentication, it is …
Seeing your s3 Amazon bucket, the problem is, visiting your amazon bucket will shows the files on the bucket, while secure bucket would bring up an access denied page. I have attached Screenshots comparing your bucket with secure bucket to show you what a secure bucket looks like and where …
Hello Security team, While testing nextcloud.com i have found that you are not using the lastest version of wordpress you are using old version 4.5.3 which is vulnerable to Directory Traversal / Denial of Serivce Description : A path traversal vulnerability was found in the Core Ajax handlers of the …
Hi you have Session hijacking attack https://www.owasp.org/index.php/Session_hijacking_attack Yes, you use HttpOnly cookie , but in older browsers bypass such restrictions exist , that does not prevent in theory find this in the future . As you update the site on a daily basis and it is possible to find when …
## Summary: An attacker can trick users into unknowingly clicking the "Connect my WakaTime account" button in the WakaTime App consent dialog using a double-clickjacking attack. This allows an attacker to register a WakaTime OAuth App, host a phishing page, and make the victim accidentally click the Authorize button. The …
## Issue Summary A LibreChat endpoint/UI is found to be accessible to the public Internet, with self registration (for any non AWS/Amazon Corporate domains) enabled, allowing an attacker to use a ChatGPT like UI to access multiple public models (Example : Claude) with the API access it has enabled, as …
Description: Gratipay is not validating csrf token at server side for few requests. So csrf protection is not implemented application wide. Proof of concept (Video):https://drive.google.com/file/d/0B8z7y7DxxQbwUHY4YTduYzMxbnc/view?usp=sharing Recommended Fix: For CSRF Protection: 1. Each critical operation request must be accompanied with a "token" •Token is: - Long, Random, not repeated for application …
I found that There is a Form for Submitting User Information for applying for Beta Program. But this has NO Protection against Clickjacking Issue & also this form needs the following inputs that can b somewhat useful for an attacker. #Information Like: Name: Email: Company Following is HTML code i …
Dear Team, There are few email spoofing tools available on for free and one of them is http://emkei.cz/ When i tried to send an email from [email protected] to my mail, it was successful and straight away delivered into my inbox but when i tried to send it from another mail …