HackerOne Reports
Search through disclosed security reports
10,350 reports found
Showing 1281 - 1300
Hello Aronis team! When requesting a password reset link at https://alt.5nine.com/passwordrecovery.aspx and using it, after a short time the link becomes invalid. When I open the link I get the message: *"Your validation request is invalid or expired"* But it is still possible to use it to reset the password, …
## Summary Rendering messages of various MessageTypes can lead to arbitrary script execution in the receiving frontend client. ## Description Messages in Rocket.Chat can have various types that influence the rendering as seen in [app/ui-message/client/message.js#L24-L53](https://github.com/RocketChat/Rocket.Chat/blob/45a5d1f869e1a0ba292d0af2c2a58dcdc8761e13/app/ui-message/client/message.js#L24-L53): ```javascript const renderBody = (msg, settings) => { const searchedText = msg.searchedText ? msg.searchedText : …
## Summary Sequential messages can be used to impersonate another user by hiding the leading message. ## Description Sequential messages posted by the same user on the same date are rendered without repeating the author information and timestamp. An adversary can use `customClass` or `className` message attributes to hide the …
The default ASP page at https://███/redirect/default.asp is vulnerable to reflected Cross-Site Scripting in the "url" parameter. To reproduce the issue just visit the following URL and an alert should pop up: - https://██████████/redirect/?url=%3Cscript%3Ealert(document.domain)%3C/script%3E It seems that the redirects subdomain is used to forward users to internal resources, so this vulnerability …
## Summary: DNS rebinding attack is a method of switching the resolution of domain names as wished by the attacker. The aim is to lure the web app to a different IP address/host. In this attack, and particularly in our case, a malicious server will first perform a domain name …
##Vulnerable Website URL or Application: https://sponsoredata.mtn.ci ##Description of Security Issue: A flaw was found in Keycloak before 13.0.0, where it is possible to force the server to call out an unverified URL using the OIDC parameter request_uri. This flaw allows an attacker to use this parameter to execute a Server-side …
This was patched by https://helpx.adobe.com/security/products/flash-player/apsb15-06.html , described as a "double-free vulnerabilit[y] that could lead to code execution".
This bug was reported directly to GitHub Security Lab.
phpinfo() is a debug functionality that prints out detailed information on both the system and the PHP configuration. Step to reproduce: Go here: https://mysmartplans.gsa.gov/phpinfo.php An attacker can obtain information such as: Exact PHP version. Exact OS and its version. Details of the PHP configuration. Internal IP addresses. Server environment variables. …
Hey, I found an IDOR that allow anyone view other user result by changing USERID parameter. /reports/quizzes-taken-by-user.csv/USERID Step to Produce: Go to the Section quizzes-taken-by-user as Shown in the Screenshot attached. Step 2: Click on Download CSV. Step 3 Intercept the Request using the Burp Suite. Step 4 Change the …
hello dear support I have found csrf to XSS on█████████ my payload "><img src=x onerror=prompt``>;<video> ## Impact Malicious JavaScript has access to all the same objects as the rest of the web page, including access to cookies and local storage, which are often used to store session tokens. If an …
##Summary While conducting my researching I discovered that the application Failure to invalidate session after password. In this scenario changing the password doesn't destroys the other sessions which are logged in with old passwords. ##Reproduction Steps ->Login with the same account in Chrome and Firefox Simultaneously ->Change the pass in …