HackerOne Reports
Search through disclosed security reports
10,350 reports found
Showing 1601 - 1620
Hi, I found that the site blog.praca.olx.pl is exposing the content of wp-config.php file in plaintext due that a misconfiguration in the file-manager plugin. The information can be accessed here: http://blog.praca.olx.pl/wp-content/uploads/file-manager/log.txt The credentials are stored in the log.txt file as can be seen in the following image: {F379634} An attacker …
I told Pete I would take a look at Spotify, hi Pete. ## Summary It's possible to take over any store account through bypassing the email confirmation step in *.myshopify.com. I found a way to confirm arbitrary emails, and after confirming arbitrary email in *.myshopify.com, user is able to **integrate** …
## Summary: Modify host header and include the fake website in password reset email. Password reset mail is taking source domain from request header host, which can be modified using burp suite and the modified link is sent to the victims email ## Steps To Reproduce: 1. Go to https://da.theendlessweb.com:2222/ …
## Summary: An open rpcbind port on https://da.theendlessweb.com allows for possible exploitation by an existing Metasploit module. This could lead to large and unfreed memory allocations for XDR strings. ## Description: Port scanning on 149.56.38.19 which is the IP of https://da.theendlessweb.com shows open port 111 which runs 'rpcbind'. By using …
## Summary: *The product does not require that users should have strong passwords, which makes it easier for attackers to compromise user accounts.* ## Steps To Reproduce: 1. Log In at https://da.theendlessweb.com:2222/ 2. Go to https://da.theendlessweb.com:2222/user/password?redirect=yes fill your current password and choose a password like a 1234 or 0000 ## …
XSS is possible in some places because escaping is not enough in the html generation part of RDoc. ### RDoc::Markup::ToHtml#gen_url https://github.com/ruby/rdoc/blob/v6.3.0/lib/rdoc/markup/to_html.rb#L330 ```ruby def gen_url url, text scheme, url, id = parse_url url if %w[http https link].include?(scheme) and url =~ /\.(gif|png|jpg|jpeg|bmp)$/ then "<img src=\"#{url}\" />" else if scheme != 'link' and …
Hi Team, At [Happy Tools](https://happy.tools/), I found an exception to the exclusion of denial of service. The web app allows creating an account/login into an account either using Gmail or WordPress. The vulnerability lies in the fact that after registration, a user can change their email without verification. ## Steps …
I have found an XSS on the "Poll" feature on Twitter.com. Payload Example: `<img src=x onerror=alert(1)>` Screenshot: I have attached a screenshot in this submission in order to demonstrate the issue. Best, Mazin
Hi, I would like to report an CSRF issue on the cards API endpoint (/i/cards/api/v1.json). ##Detail Currently the endpoint is responsible for poll cards (maybe more to come). When a user votes, a request will be sent to this endpoint to record the user's selected choice. By default there's a …
## Entry Hello there! While browsing on expedia, I logged out of the account and as soon as I logged out, it was calling me a parameter called "rurl" directly on the link, I examined it and was able to redirect successfully. ## Default Request GET /?logout=1 HTTP/2 Host: www.expedia.com …
While searchin on Github about Equifax i found some juicy information like a username and password of this subdomain (https://transport5.ec.equifax.com/), internal ip of the database and its username & password In the following link (https://github.com/ajiththorali/Testing/blob/49025b364451fb2076f85ad009a0dc50a941c5ce/target/classes/API_Equifax/propertiesHandle.properties) you could find this info ******* XML_URL = https://transport5.ec.equifax.com/ists/stspost?require_security= HTTP/1.1 Username = 50404 Password = …
## Summary: Hello, I've found a Dependency Confusion vulnerability in the sifnode project. The vulnerability allows me to claim previously unclaimed npm packages that are being used by the sifnode project, and serve malicious content in them which would allow me to gain remote code execution on anyone who installs …
1.go to this link https://www.reddit.com/etc%2fpasswd 2.youll find all the etc/passwd files this data should be protected. 3.these passwd can be used for many illegal purpose and can damage the comapny poc attched: HTTP/2 200 OK Content-Type: text/plain; charset=UTF-8 X-Ua-Compatible: IE=edge X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block Cache-Control: max-age=0, must-revalidate …
Hi, Security Team! Linked to the reports: - https://hackerone.com/reports/1083376 - https://hackerone.com/reports/1097217 In the past reports, we have corrected Reflected XSS. But recently it turned out that with the parameter `breakdown = affiliates`, this vulnerability still works. (Fixed when parameter `breakdown = history`). - Go to `http://revive-adserver.loc/admin/stats.php?entity=global&breakdown=affiliates&statsBreakdown=day%27%20onclick=alert(document.domain)%20accesskey=X%20` - For the payload …
##Description: Affected website: https://sifchain.finance/wp-json/oembed/1.0/embed?url=https://sifchain.finance/&format=xml ##Step-by-step Reproduction : 1. Send this request: ```javascript GET /wp-json/oembed/1.0/embed?url=https://sifchain.finance/&format=xml HTTP/1.1 Host: sifchain.finance Accept-Encoding: gzip, deflate Accept: */* Accept-Language: en User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.66 Safari/537.36 Connection: close Origin: https://hacker4help.com Cookie: __cfduid=df42fbb7a21cec869772467a93a9a4b981620366449 ``` 2. Here you can see the …
Email spoofing is possible To verify: visit :https://www.kitterman.com/spf/validate.html? and type your domain name to check SPF record you can see the results as: NO valid SPF record found POC: 1.visit http://emkei.cz// 2.fill the from email as [email protected] 3.to email as victim email address, enter subject, data and click send 4.you …