HackerOne Reports

Cross-site Scripting (XSS) refers to client-side code injection attack wherein an attacker can execute malicious scripts into a legitimate website or web application. XSS occurs when a web application makes use of unvalidated or unencoded user input within the output it generates. ## Impact Malicious JavaScript has access to all …

This bug was reported directly to GitHub Security Lab.

Hii team, I hope you are doing well. While conducting my research I found that there are some URLs that leads to disavowing some account without any authentication. It allows unauthorized users to disavow or dissociate an email address from an account without requiring proper authentication. Steps to reproduce: 1. …

**Description:** Any user can access the Administration section of the following URL: https://███ When the user goes to the following domain they are automatically logged in as "████████" which is a sys admin user on the application, this allows any user to upload files, add users, change permissions for users …

Hi there, I noticed when we hit the /users_sign_in endpoint too many times it will give us ````` HTTP/1.1 429 Too Many Requests Date: Mon, 19 Sep 2016 01:52:19 GMT Content-Type: text/plain ````` However, this can be "reset" although I struggle to get it to work EVERYTIME on /users/sign_in. This …

**Description:** The host ██████████ has anonymous LDAP login enabled, which means that anyone can connect to the LDAP server without providing any authentication credentials. This allows unauthorized users to perform LDAP queries, potentially retrieving sensitive information such as user details, organizational data, or other critical information stored in the LDAP …

**Description:** access https://████████/qsSearch.aspx Click to sort capture packets ``` POST /qsSearch.aspx HTTP/1.1 Host: ████████ Cookie: ASP.NET_SessionId=qrwzcesx1pczpna5a1bumabn; TS01e0cc7d=01a9fe659bc0aaa5aeffd1dcb0212ef4158c4865925e960169a653a233f6de5425138871ffe81b759d57e8cd4d192f460a8455c20a; TS64c50bb0027=085749d0e4ab2000abff03ce041a6de3cdc980bad78329f846f8a7d1a3ca714fca41b9f4477ff74908e5615eaa1130003df96bf750318bbc06de7b8d1dc03b675cf0ea51da191b5c8a95008b8d5b3f758c0ed139489903314d8927a8c58c8d9d Content-Length: 3764 Sec-Ch-Ua: "Not.A/Brand";v="8", "Chromium";v="114", "Google Chrome";v="114" Sec-Ch-Ua-Mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Content-Type: application/x-www-form-urlencoded; charset=UTF-8 Cache-Control: no-cache X-Requested-With: XMLHttpRequest X-Microsoftajax: Delta=true Sec-Ch-Ua-Platform: …

**Summary:** Hackerone provides a form for reporting vulnerabilities to various programs. where the form supports uploading files & previews (images or videos) but is not allowed to use file ids belonging to other accounts. but with the sumary report feature I as a hacker can reveal files belonging to other …

# CVE-2016-7418 PHP Out-Of-Bounds Read in php_wddx_push_element ## 1. Affected Version + PHP 7.0.10 + PHP 5.6.25 ## 2. Credit This vulnerability was discovered by Ke Liu of Tencent's Xuanwu LAB. ## 3. Testing Environments + **OS**: Ubuntu + **PHP**: [7.0.10](http://php.net/distributions/php-7.0.10.tar.gz) + **Compiler**: Clang + **CFLAGS**: ``-g -O0 -fsanitize=address`` ## …

Greetings, On drone : https://drone.nextcloud.com We observe this : ---- {F152818} I noticed that it's possible to alter the url to write what you want : ---- https://drone.nextcloud.com/rbcafe/settings/settings/badges {F152817} In fact it could be anything : ---- https://drone.nextcloud.com/lonnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnlonnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnlonnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnlonnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnlonnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnlonnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnlonnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnlonnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnlonnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnlonnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnlonnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnn/settings/settings/badges {F152819} The default value of the url can be extracted with a …

This bug was reported directly to GitHub Security Lab.