HackerOne Reports
Search through disclosed security reports
10,350 reports found
Showing 1801 - 1820
Hi team, Summary: attacker could create a backdoor using google login function.if an attacker stole the login password of victims throught any means. attacker could connect his/her google account and create a backdoor and attacker login with google if the victim disconnect attacker session did not expire and still get …
hello team i have found an stored in add team member ##Step to reproduce 1. Go to https://localizestaging.com/organization/team?filter=all 2. click on add team member 3. On the name, enter payload: </script><svg onload=alert(document.domain)> 4. and in the email add your victim email 4. when he join the team the xss will …
Hi Team, While we were testing our security engine at Shieldfy (https://shieldfy.io), We found a server side request forgery (SSRF) vulnerability in Uppy npm package. It allows hacker to easily extract inside information from the server or take control of internal services. # Module **module name:** Uppy **version:** Latest: 1.8.0 …
Hi, I Found XSS Reflected at https://sketch.pixiv.net/ Via Success URL ##Follow Me :) ##Steps : 1. Open the URL below: https://sketch.pixiv.net/resign_request/success?next_url=javascript%3Aalert%2F**%2F(document.domain) 2. Pop ups appear :) ## Impact If an attacker can control a script that is executed in the victim's browser, then they can typically fully compromise that user. …
Hi, The server fails to check the quantity of the items that are going to be sell. Values <= 0 are accepted as 1. PoC: Go here https://sandbox.reverb.com/fr/item/139897-fender-2-strap-leather-test-2018-leather Intercept the response after clicking "Add to cart" and put "quantity: 0" {F302179} Proceed to checkout {F302180} Place order {F302181} {F302182} I …
## Summary: Attacker could initiate DoS during page loading. ## Products affected: 1.6 (18.05.17.13) Device iPhone 6s (iOS 11.3.1) ## Steps To Reproduce: PoC: ```html <body> <script> let o = document.body.appendChild(document.createElement('object')); // application/json or application/pdf are valid values too o.type = 'text/html' // <-- triggers DoS </script> </body> ``` The …
I would like to report Path Traversal in simplehttpserver. It allows to list any file in another folder of web root. # Module **module name:** simplehttpserver **version:** 0.1.1 **npm page:** `https://www.npmjs.com/package/simplehttpserver` ## Module Description 'simpehttpserver' is an simple imitation of python's SimpleHTTPServer and is intended for testing, development and debugging …
Hello team Thank you so much for organising the ctf it has helped a lot to learn and improve my knowledge now lets got to solution i have preapred short videos as a refrence for each part and broken down ctf in 8 challenges. So the ctf was broken into: …
## Summary: When a website/provider provide free account they will give the user some feature that limited from access, but if we using race condition vulnerability an user can create/bypass limitation from the provider ## Platform(s) Affected: wordpress.com ## Steps To Reproduce: 1. create free account in Gravatar 2. login …
There seems to be a bug in the "File to Share" feature of Nextcloud Talk. This allows any authenticated user/admin to share their "root" level folder by manipulating the ```"path":``` parameter in the JSON body request to the remote API ```/nextcloud/ocs/v2.php/apps/files_sharing/api/v1/shares``` Steps to repo: 1. Create a new user account …
https://olx.pt/ads/?q=?><script>alert(1)</script> where "q" is the vulnerable parameter which triggers cross-site scripting
A common threat web developers face is a password-guessing attack known as a brute force attack. A brute-force attack is an attempt to discover a password by systematically trying every possible combination of letters, numbers, and symbols until you discover the one correct combination that works. This login page doesn't …
One of the SSL certificates used by your SSL server (On your personal website: https://iandunn.name/ ) contains a public key less than 2048 bit long. New Standard for SSL Certificates Industry standards set by the Certification Authority/Browser (CA/B) Forum require that certificates issued after January 1, 2014 MUST be at …
http://bugs.python.org/issue27482
Hello, The OLX.PL is vulnerable to stored XSS attack. When adding new advertisement, it is possible to put a payload in its title (here I used Title<script>alert(1)</script> I see ads are being pre-moderated, however it can remain uncaught also the length limit in title field is enough to insert into …
Summary === The www.olx.ph domain is vulnerable to reflected XSS through the search function. Proof of concept === The following URL contains a (harmless) XSS vector, which causes an alert box to appear https://www.olx.ph/real-estate/ph-bul/?search[order]=filter_float_price%3A%22%3E%3Cscript%3Ealert(document.domain)%3C/script%3E This test was performed using Mozilla Firefox 47.0.1. A print screen of this PoC XSS vector …