HackerOne Reports
Search through disclosed security reports
10,350 reports found
Showing 1161 - 1180
## Summary: In one of my previous reports i send parameter tampering report vulnerability. Then you asked me to send PoC and you just closed it, that's why i'm sending you this new report with exactly name of vulnerability. Integer Overflows are closely related to other conditions that occur when …
This bug was reported directly to GitHub Security Lab.
### Summary {F1745460} While testing for the ability to define custom redirects in Gitlab Pages, I discovered I was able to define `Domain-level redirects` which are explicitly disabled in the documentation. At a first glance, the validation step seems to disable any link not starting with `/`, It has however …
Hello Team, i have found a Xss on the Shopify email app, but it's a bit wired, it's not executing directly but when i am coping the code it is getting executed. step-1: Navigate to https://s1-aug.myshopify.com/admin/apps/shopify-email/editor/3694417 step-2: Add the xss pay load anywhere like subject, preview text or in the …
#INTRODUCTION ##_I used two accounts to search for this vulnerability:_ - id: 5410425 email: ████[email protected] - id: 5407773 email: ████@anosimple.com ##_IP used:_ ███ ##_Endpoint URL:_ https://www.semrush.com/academy/courses/userEnroll #EXPLOITATION ##_Description of Security Issue:_ When a user clicks on the "Enroll for free" button in the course pages such as here https://www.semrush.com/academy/library/courses?spec=ALL&lang=en-US, the …
Description === When users wants to Disable his/her TwoFactor Authentication, they have to know their account password. But using this vulnerability They don't need password to disable it. this will allow hacker who get someone cookie to disabling twofactor auth and also Fullytakeover the account. How To Reproduce === 1. …
## Summary: A SSRF attack can be performed leading to localhost port scanning. Link : https://img.lemlist.com/api/image-templates/itp_vBBNpQuMsy6FYLQAc/?preview=true&email=email@ ## Steps To Reproduce: To perform this port scan you'll need to setup a few files. First of all you need to change the url in {F696241}. {F696243} That being done you will need …
Summary: You can create a very long password until you get the last user to put and aries or [DoS]. ** Normally passwords have 8-10-24 digits ## Impact DoS
##Summary Clickjacking (User Interface redress attack, UI redress attack, UI redressing) is a malicious technique of tricking a Web user into clicking on something different from what the user perceives they are clicking on, thus potentially revealing confidential information or taking control of their computer while clicking on seemingly innocuous …
## Summary: Stripo uses Spring boot for the backend API development , and misconfigured the application to open actuator APIs to the public. This issue is found in 3 domains , don't know if I need to publish 3 reports for that, or just one report , but the domains …
During initialization, **mms_mini.exe** (service binary of mmsminisrv) loads library *C:\Program Files (x86)\Common Files\Acronis\Home\libssl10.dll*. The library then tries to load non-existing file: *C:\bs_hudson\workspace\mod-openssl-fips-win\205\product\out\standard\vs_2013_release\OpenSSL\ssl\openssl.cnf*. The path seems to be hardcoded leftover from compilation. {F926518} Because by default any user is able to create directories on C:\ drive, it is possible to create …
Привет команда ВК вводим в гугл site:api.vk.com получаем список ссылок сужаем запрос site:api.vk.com access_token Получаем ссылки с access_token https://api.vk.com/method/audio.getPopular.xml?access_token=73e0a5e18bb491249705e60ff352df91bd34a55ee634c9448b187feee9a8bcffde7eefb9000ea03d845a2&sort=&count=11&only_eng=0 Получаем список друзей https://api.vk.com/method/friends.get.xml?&access_token=73e0a5e18bb491249705e60ff352df91bd34a55ee634c9448b187feee9a8bcffde7eefb9000ea03d845a2&sort=&count=11&only_eng=0 Дальше экспериментировать не стал. Спасибо заранее
## Summary: I found a version disclosure (Nginx) in your web server's HTTP response. ***Extracted Version:*** 1.16.1 This information might help an attacker gain a greater understanding of the systems in use and potentially develop further attacks targeted at the specific version of Nginx. ## Steps To Reproduce: ***Checkout the …
Linked to the report [https://hackerone.com/reports/1083376](https://hackerone.com/reports/1083376) I found a reflected XSS attack on `/admin/stats.php`. Revive-Adserver version is `revive-adserver-5.1.1`. ### This time I found the parameter `statsBreakdown` - Go to `http://revive-adserver.loc/admin/stats.php?statsBreakdown=day%27%20onclick=alert(document.domain)%20accesskey=X%20&listorder=key&orderdirection=up&day=&setPerPage=15&entity=global&breakdown=history&period_preset=last_month&period_start=01+December+2020&period_end=31+December+2020` - For the payload to be executed, the user needs to press the access key combination for the hidden input field …
I found a reflected XSS attack on `/admin/campaign-zone-zones.php`. Revive-Adserver version is `revive-adserver-5.1.1`. - Go to `http://revive-adserver.loc/admin/campaign-zone-zones.php?_=&clientid=1&campaignid=1&status=available%22%3E%3Cimg%20src=1%20onerror=alert(document.domain)%3E&text=` - Malicious code executed {F1187355} Rendered response from server: {F1187356} ## Impact With this vulnerability, an attacker can for example steal users cookies or redirect users on malicious website.