HackerOne Reports
Search through disclosed security reports
10,350 reports found
Showing 1361 - 1380
# H1-415 CTF Writeup ## Intro HackerOne kicked off this year's H1-415 CTF with the following tweet: {F692033} Loading the target challenge website shows that the website is called `My Docz Converter`. A quick look at the challenge website shows that it allows users to register an account and then …
## Summary: Dear Team, Today when I trying to find bugs on happy tools I have found 2 domains below for staging environment - https://maildev.happytools.dev - https:// api.happytools.dev Two websites above ssl certificate was expired. But you can adjust your date-time to 02/02/2020 or before that time to access those …
Hello, I'm just submitting both flags for CTF, will send my write up on hacker summary, since it's 7:00 am now :). Original flag for CTF: `h1ctf{y3s_1m_c0sm1c_n0w}` Extra flag for unintended account takeover: `h1ctf{wtf_1s_happ3ning_w1th_th1s_s1mulat1on}` Sincerely, @nukedx ## Impact By chaining multiple vulnerabilities attacker can leak secret user files.
## Summary: HTML injection in main domain can allow hackers forward users to any another domain. Also, if anybody can find method to bypass cloudflare filter hackers can steak cookie with with vuln ## Steps To Reproduce: [add details for how we can reproduce the issue] 1. Go to https://nordvpn.com/blog/?1%25%32%32%25%33%65%25%33%63%25%32%66%25%36%31%25%33%65%25%33%63%25%36%31%25%30%63href%25%33%64%25%32%32http://3232235777 …
CVE-2021-3711 In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen" parameter is populated with the buffer size required …
A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages for …
hello team in my recent testing i found that any users could upload attachments to any users pentest scoping form without having access to it as long as they have the scope id. note: before you start you will require two account to test for this bug. steps to reproduce: …
Hi, ## Description I found out that it is possible to publish a paid theme without purchasing it. I remember trying this some time ago and it seemed to be safe from this kind of attack. ## Steps to reproduce 1. Make sure you have the default theme installed and …
Hi Team I have found an issue in support rider amount calculation at the time of checkout where the amount is tamperable by negative fraction of rupees which makes the total amount decreased by maximum of 1rs. POC - 1-Goto - zomato.com 2 - Add anything to your cart 3- …
## Summary: Hi team, There is a race condition vulnerability when following a user. If you send the `Follow` requests asynchronously, you can follow a user multiple times instead getting an error message. I've been using Turbo Intruder extension at Burp Suite for trying Race Condition attacks. I can recommend …
Vulnerability : A. Type:- Cross Site Scripting (Stored) B. Description:- Stored XSS, also known as persistent XSS, is the more damaging than non-persistent XSS. It occurs when a malicious script is injected directly into a vulnerable web application. Summary : When you will create a particular user you will have …
Hi team ## Summary connect.acronis.com ( ip 88.99.142.45:1883 ) has unauth mosquitto mqtt, anyone can connect and read\write messages ## Steps To Reproduce [add details for how we can reproduce the issue] 1. https://github.com/bapowell/python-mqtt-client-shell 1. python3 mqtt_client_shell.py 1. connection 1. host 88.99.142.45 1. connect 1. subscribe "#" 1 ``` Payload …
This bug was reported directly to GitHub Security Lab.