HackerOne Reports
Search through disclosed security reports
10,350 reports found
Showing 1821 - 1840
This issue has been patched by Adobe: https://helpx.adobe.com/security/products/flash-player/apsb16-25.html (CVE-2016-4178) Flash “local-with-filesystem” policy can be bypassed using the “navigateToURL” function. It is not possible to target the local files using a Flash file in a website using normal methods such as the “file://” protocol or the “\\localhost\c$” path due to the …
Hi, I would like to report HTML Injection and possible cross site scripting (XSS) vulnerability in **sms-be-vip.twitter.com** ##Overview The **sms-be-vip.twitter.com** 404 error page appears to be vulnerable to XSS and HTML Injection as it doesn't encode the HTML tags in the path name such as ```https://sms-be-vip.twitter.com/<h1>TEST</h1>```. But the HTML tags …
Hi! The script for video downloading doesn't properly filter the input filename, and it's possible to read arbitrary files from File System PoC http://makeyourad1.olx.in/converted/final/ready/madeit/download.php?file=download.php http://makeyourad1.olx.in/converted/final/ready/madeit/download.php?file=../../../../b<< http://makeyourad1.olx.in/converted/final/ready/madeit/download.php?file=../../../../c<< screenshots are attached below
Hi Team, Vulnerable URL :- https://olx.qa/en/account/confirm/?email=&hash=26d7e919ff37300d2f363c9066dd5b9d&ts=14682640390036a<script>alert(1)<%2fscript>261db&p=0674cd7dFl22cq3mM5jZfwjNxZ7slA==&vk=0&utm_source=test&utm_medium=email&utm_campaign=link XSS will be trigger. Well as you guys mentioned in the report #150735 that .qa might not be in scope Nevertheless reporting here to making the platform secure. And in a hope to get HOF ;) Regards, Nilesh S
Hi, Zawad again. This time I checked letgo.com and found XSS there. (I hope you will reward all bugs reported now, when you start offering cash ;-) , kidding ) **Description** I first looked at the search box and enter random text and checked the HTML codes, looked like you …
Hi team, I've found a path traversal issue in the Grafana instances hosted on the MTN platforms. With the path traversal it's possible for an unauthenticated user to read arbitrary files on the server. This IP " 41.242.91.22 " Domain Name " mtn.com.gn " is for MTN Group {F1545670} {F1545682} …
hello security, There is an user sessions issue on your application that should be fixed. Proof of Concept Suppose, you have an account on olx.com Somehow an attacker manage to get your password and logged in your account.. after knowing that your ID has been compromised what you'll do ? …
Heyy there, I was able to bypass the fix for the reflected xss reported in #2035332 After the bug patch, the server now validates the `Content-Type` of the requested resource. The check is done by making a `HEAD` based request to the resource to get the `Content-Type` then if it …
## Summary: Hi Team, It's low hanging security risk but it's significant for users. where attacker able to get victim IP, Address and Browser details. This is disclosing users information. one click information disclosed. CSRF vulnerability on password reser link. Attacker can ask for a password reset link on his …
I have identified a vulnerability in the Hai AI chat system, following an invitation by HackerOne for a ==spot check==. This vulnerability centers around the AI's handling of ASCII encoded messages. Specifically, I found that by encoding a message into ASCII format and then asking Hai to decode and respond, …
hi there, when i was working on your [domain](█████). i got to know that website is using drupal. and after a long fuzzing i found a file on your domain which was leaking some user hashed and data stored in your DBMS this data could be confidential to you so …
It was observed that the application is vulnerable to cross-site scripting (XSS). XSS is a type of attack that involves running a malicious scripts on a victim’s browser. poc attached another parameter at #1636345 q_13787 payload: %22%27%3e%3csvg%2fonload%3dconfirm(666)%3e ## Impact Cookie Stealing - A malicious user can steal cookies and use …
## Summary: There is reflected XSS on *.simperium.com. The bug exists due to a vulnerable version of sockjs library. ## Platform(s) Affected: simperium.com js.simperium.com ## Steps To Reproduce: 1. Visit https://simperium.com/sock/1/0/0/0/htmlfile?c=alert('XSS')// 2. You will see an alert message because of executed JS ## Impact XSS may be used by an …
**Summary:** The given application has a form to fill in the details of the candidates in order to seek admission to various courses. The application has the functionality to submit the given form and provide a registration confirmation to the candidate with their name on the page. By cycling the …
PoC http://greenhouse.io/%0d%0aSet-Cookie:test=test;domain=.greenhouse.io HTTP Response: Location: http://www.greenhouse.io/ Set-Cookie:test=test;domain=.greenhouse.io Result: Creating cookie test=test on .greenhouse.io $uri or $document_uri is used in the redirection-URL.
hi, i found and reported XXE in greenhouse.io and it turns out it is XXE in Apache POI :) this vulnerability allows me to read system files and do other dangerous stuff. they reported it to Apache POI and they fixed it: http://mail-archives.apache.org/mod_mbox/www-announce/201408.mbox/%3C003401cfbb3b%24a48ef2d0%24edacd870%24%40apache.org%3E they told me it affects thousands of …