HackerOne Reports

Install the app Login with Valid credentials Settings - Choose Secured connection (HTTPS) Close the app Set the proxy and Open the app verify that Connection isn't Secured and able to intercept (PFA POC) Expected Result : Secured layer & SSL PINING should be applied successfully.

## Description: Versions of tcpdump before 4.9.2 are vulnerable to a buffer over-read in print-mptcp.c. This vulnerability was disclosed to the tcpdump maintainers and was recently patched in version 4.9.2 and disclosed as (CVE-2017-13040). Patch: https://github.com/the-tcpdump-group/tcpdump/commit/4c3aee4bb0294c232d56b6d34e9eeb74f630fe8c This vulnerability can be exploited in two ways. The first is to produce a …

Hello team, I found unrestricted file upload via avatar in https://accounts.shopify.com/accounts/<ID>, and XSS Stored in PNG IDAT chunks using exiftool , >exiftool command ``` exiftool -Comment="\"><script>alert(prompt('XSS BY ZEROX4'))</script>" xss_comment_exif_metadata_double_quote.png ``` #Payload example : ``` �PNG � IHDRdp�TtEXtSoftwareAdobe ImageReadyq�e<9tEXtComment"><script>alert(prompt('XSS BY ZEROX4'))</script> /-{IDATx���E��K��s�9xd$#���J� %IR$�(���s�9Ñ������evnv���>����q�;;;S�U������\.����=��=�ܿ��BCb����QHyԑEYՑ�s$s�T�:�x���8���إ�}2`���0P����@�(��j�(����D�J�d�%[� ``` >or payload file example >https://raw.githubusercontent.com/swisskyrepo/PayloadsAllTheThings/master/XSS%20Injection/Files/xss_comment_exif_metadata_double_quote.png and after …

## Description: Versions of tcpdump before 4.9.2 are vulnerable to a buffer over-read in print-icmp6.c. This vulnerability was disclosed to the tcpdump maintainers and was recently patched in version 4.9.2 and disclosed as (CVE-2017-13041). Patch: https://github.com/the-tcpdump-group/tcpdump/commit/f4b9e24c7384d882a7f434cc7413925bf871d63e This vulnerability can be exploited in two ways. The first is to produce a …

```struct array_entry_t``` in ```contrib/epee/include/storages/portable_storage_base.h``` does not implement a copy constructor. Wherever there is code that attempts to copy-construct ```array_entry_t```, the compiler inserts a copy constructor for ```array_entry_t``` that merely copies over the values. The struct possesses an iterator (```mutable typename entry_container<t_entry_type>::type::const_iterator m_it```) which is copied over by the implicit copy …

Hello security all teams **Relevant Products/Components:** last version **Detailed Description:** Reflected XSS so have high impact. **Steps To Reproduce:** 1-go in subdomain 2-and check url if tableau uses 3-Uses you can add this redirect dir in url with Authentication redirect:- /en/embeddedAuthRedirect.html?auth=javascript:alert(%22xElkomy%22) **Such as** https://████████/en/embeddedAuthRedirect.html?auth=javascript:alert(%22xElkomy%22) **Browsers Verified In:** all browsers supporting …

Hello team! I've found a Race Condition vulnerability which allows to redeem gift cards multiple times. This how a s/he can easily buy stuff just bying one gift card and redeem it over and over again. ## Steps to reproduce ### Preparations - Burp Suite Pro - Turbo Intruder Note: …

https://github.com/nextcloud/server/blob/67551f379f3105d117b9d19095dd381450fe40dd/lib/private/Files/Node/Folder.php#L68-L73 is validating and normalizing the string in the wrong order. Validation checks for `/../` kind of situations and `normalizePath` later on replaces `\` with `/`, so it would be possible to get `/../` again. ```php public function getFullPath($path) { if (!$this->isValidPath($path)) { throw new NotPermittedException('Invalid path'); } return $this->path …

There is a vulnerability in [https://developers.zomato.com/documentation](https://developers.zomato.com/documentation) due to an old version of Swagger UI **Step to reproduce:** - Create an endpoint containing : ```json {"swagger":"2.0","info":{"description":"This is a sample server Petstore server. You can find out more about Swagger at [http://swagger.io](http://swagger.io) or on [irc.freenode.net, #swagger](http://swagger.io/irc/). For this sample, you can use …

Before i shed more light on this: I noticed i can create over 200 apps but i don't really know how valid that was. I want to report that there is no rate limiting in changing room subject. Attacker scenrio: 1. Navigate to https://chaturbate.com/b/your username 2. Try to create a …