HackerOne Reports
Search through disclosed security reports
10,350 reports found
Showing 1181 - 1200
This bug was reported directly to GitHub Security Lab.
>Hello All I Found RXSS in your OWN Website ## Steps To Reproduce Go to Those Links. https://██████/(A('onerror=%22alert%601%60%22testabcd))/ ## Browsers I test them on Firefox and Google Chrome. ##Fix:- Filter input on arrival Encode data on output Use appropriate response headers Content Security Policy. Regards, xElkomy ## Impact View any …
## Summary: There is an incorrect integer overflow check in `Curl_auth_create_plain_message` in `lib/vauth/cleartext.c` , leading to a potential heap buffer overflow of controlled length and data. The exploitation seems quite easy, yet the vulnerability can only be triggered locally and does not seem to lead to RCE. This vulnerability is …
Report Submission Form ## Summary: During my recon I found these two buckets dl.k8s.io and dl.kubernetes.io which actually redirects to https://storage.googleapis.com/kubernetes-release/. By searching the string "password" under https://storage.googleapis.com/kubernetes-release/ I found a file called rsyncd.password (https://storage.googleapis.com/kubernetes-release/archive/anago-v1.10.0-alpha.1/k8s.io/kubernetes/_output-v1.10.0-alpha.1/images/kube-build:build-734df85a63-5-v1.9.2-1/rsyncd.password) where the password "**VmvrL2DyKbJB5jb5EkNfqYPpmLBf0LjS**" is stored in plaintext. {F825675} {F825676} This password is used in …
If you send a language[]=en in https://infogram.com/api/users/me user be forever get an Internal Server error ( EVEN AFTER re-logining): https://youtu.be/AxYa11lEiWA (I idk why does hackerone can't upload this video so I uploaded this video privately to the youtube!) In this video, I'm trying to relogin to the my another account …
Git metadata directory (.git) was found in this folder. An attacker can extract sensitive information by requesting the hidden metadata directory that version control tool Git creates. The metadata directories are used for development purposes to keep track of development changes to a set of source code before it is …
Hello, I Have an endpoint in ██████████that's vulerable to CSRF which lead to delete a victim's account Steps to reproduce: 1. Nevgaite to ███Create an account 2. Click on your profile 3. You will see DELETE ACCOUNT button 4. Click on it and type YES in the input 5. Make …
Hello Team, During my research, I found the following host to be vulnerable to CVE 2020-3580 which is POST BASED XSS. Vulnerable URL: https://█████/+CSCOE+/saml/sp/acs?tgname=a ## Impact Attackers can steal cookies and even takeover accounts and perform different malicious activities. ## System Host(s) ███ ## Affected Product(s) and Version(s) ## CVE …
Hello Team, During my research, I found the following host to be vulnerable to CVE 2020-3580 which is POST BASED XSS. Vulnerable URL: https://████/+CSCOE+/saml/sp/acs?tgname=a ## Impact Attackers can steal cookies and even takeover accounts and perform different malicious activities. ## System Host(s) ███ ## Affected Product(s) and Version(s) ## CVE …
##Summary: A non-privileged Stocky user (created within Stocky) may be able to create a new admin user. ##Steps to reproduce: 1.Create a non-privileged user in Stocky, don't give admin privileges to that user. 2.Login with the non-privileged user and go to https://stocky.shopifyapps.com/users/me, update any field and intercept the request. 3. …
Dear Team, I have found a stored XSS when create a document via API-based engine. The XSS payload stored in `url` field. To understand about document schema for API-based engine, please go to https://swiftype.com/documentation/site-search/guides/schema-design#api-based After indexed a document with XSS payload stored in `url` field. When view the document details, …
> NOTE! Thanks for submitting a report! Please replace *all* the [square] sections below with the pertinent details. Remember, the more detail you provide, the easier it is for us to verify and then potentially issue a bounty, so be sure to take your time filling out the report! **Name …
Hi , There is no state parameter in bitbucket login request . https://bitbucket.org/site/oauth1/authorize?oauth_token=ZmCHb7dnyYVYKTYRNt . As you can see that there is no state parameter in above request there it is possible to exploit login csrf.
hello , While performing security testing of your website i have found the vulnerability called Clickjacking. URL is in scope and vulnerable to Clickjacking. What is Clickjacking ? Clickjacking (User Interface redress attack, UI redress attack, UI redressing) is a malicious technique of tricking a Web user into clicking on …
## Summary A little bit about Rate Limit: A rate limiting algorithm is used to check if the user session (or IP-address) has to be limited based on the information in the session cache. In case a client made too many requests within a given time frame, HTTP-Servers can respond …
Target: https://gopher.hey.com/ Description: Content spoofing, also referred to as content injection, "arbitrary text injection" or virtual defacement, is an attack targeting a user made possible by an injection vulnerability in a web application. When an application does not properly handle user-supplied data, an attacker can supply content to a web …
## Summary The ColdFusion Debugging Panel exposed at below URL. ``` http://www.grouplogic.com/CFIDE/debug/cf_debugFr.cfm?userPage= ``` The **userPage** parameter is not properly sanitized and is displayed without proper output encoding. This results in reflected cross site scripting. ## Steps To Reproduce Enter any of below payload in the **userPage** parameter and access the …
welcome all : i found that no rate limit in reset password in ::: ==https://app.upchieve.org/resetpassword== Summary: No rate limit check on forgot password which can lead to mass mailing and spamming of users and possible employees A little bit about Rate Limit: A rate limiting algorithm is used to check …