HackerOne Reports
Search through disclosed security reports
10,350 reports found
Showing 1841 - 1860
FULL DISCLOSURE: I am a HackerOne employee and learned about it through this submission: https://███████-/issues/67828 **Summary:** Members of the HackerOne program (and likely other program members on their own program) and Triage can edit the information of the original report I used https://hackerone.com/reports/2000000 to demonstrate and the changes have since …
## Summary: Hello Team, When i'm testing you're website i have found the vulnerability which called Clickjacking. ## Description: Clickjacing also know as ( UI redress attack ). By this vulnerability attacker can Hijack the site which is vulnerable by clickjacking.when an attacker uses multiple transparent or opaque layers to …
As there is a bonus for the first solver, I am sending only the flag for now. {F687111} ## Impact .
Username enumeration I have found a vulnerability in your site that allows me to verify if an user exits in the ssh due to the use of OpenSSH 7.6p1. PoC 1 Download and compile the given exploit file 2 open a terminal and run the exploit I have attached a …
I would like to report a prototype pollution vulnerability in chart.js It allows an attacker to inject properties on Object.prototype which can for some applications lead to XSS. # Module **module name:** chart.js **version:** 2.9.3 **npm page:** `https://www.npmjs.com/package/chart.js` ## Module Description Simple yet flexible JavaScript charting for designers & developers …
## Summary: Hello, I hope you are having a good day!, There is a feature called "Shopify Github Integration", it helps to associate a GitHub account to a Shopify store. In the Github connection proccess there is a URL [https://online-store-git.shopifycloud.com](https://online-store-git.shopifycloud.com) which is vulnerable to XXS reflected. ## Shops Used to …
HI @judgeme! I noticed that the attacker can learn email users who left feedback at the time of buying. Step to reproduce: 1. Login to our store and install your 'Checkout Comments' addon 2. Make fake order in or store and write a comment ███ 3. Then go to our …
Hello Team, I found a zip file containing documents about DoD. From what I looked at are documents for new soldiers who are starting out, but I didn't just find these files but several others like advice, commander files, plans, certificates and others. ███ ██████ █████████ In some of the …
Zomato
•
Claiming the listing of a non-delivery restaurant through OTP manipulation
Critical
$3,250
Closed
**Summary:** Am able to claim any restaurant which is not claimed before. **Description:** An endpoint `POST /restaurant-onboard-diy/v2/send-auto-claim-otp HTTP/2` sends OTP to the restaurant mobile no. ##Request (Request:1) is - ``` POST /restaurant-onboard-diy/v2/send-auto-claim-otp HTTP/2 Host: www.zomato.com Cookie: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX Content-Length: 58 Sec-Ch-Ua: " Not A;Brand";v="99", "Chromium";v="90" Accept: application/json, text/plain, */* X-Zomato-Csrft: XXXXXXXXXXXXXXXXXXXXXXX …
**Summary:** I found a potential risk in the experimental-programmatic-access-ccft when I deployed it in the AWS Serverless Application Repository. A malicious can leverage the "sts:AssumeRole" permissions for "*" resources to escalate permission. **Description:** The experimental-programmatic-access-ccft application creates a function named ExtractCarbonEmissionsFunction, and the associated role is assigned policies with permissions …
[https://hackerone.com/reports/1962701](https://hackerone.com/reports/1962701) Restrictions set with the new process based permission flag can by bypassed with the built-in inspector module. ## Impact Permission Model is a mechanism for restricting access to specific resources during execution. This bypasses those restrictions.
Hello, I'm reporting for CVE-2023-32001 on curl which was resolved in last Wednesday's curl release. ### Vulnerability explanation: As we can see in the following curl code (line 59-61 https://github.com/curl/curl/blob/fb802b521af997230b65174a559f5c419520e142/lib/fopen.c ): ```C if(stat(filename, &sb) == -1 || !S_ISREG(sb.st_mode)) { /* a non-regular file, fallback to direct fopen() */ *fh = …
## Summary: This report highlights a vulnerability in the garbage collection process, where the endpoint "/metrics" can be bypassed by using uppercase letters. Additionally, it is important to note that if your system contains similar endpoints, they might also be susceptible to the same bypass method. This report aims to …
## Summary: hey , i found a stored xss at `https://██████.8x8.com/api/██████mentInfoById/ID` , when i analysis javascript code i understand user can modify her ip address with endpoint `https://███.8x8.com/api/patchPaymentMethod/ID` , next point i understand when we open `https://████████.8x8.com/api/██████████mentInfoById/ID` server set `Content-Type: text/html;charset=UTF-8` , this was interesting point , then i modify …