U.S. Department of State - HackerOne Reports
View on HackerOne9
Total Reports
1
Critical
2
High
3
Medium
3
Low
IDOR in TalentMAP API can be abused to enumerate personal information of all the users
Reported by:
nhx1
|
Disclosed:
High
Weakness: Insecure Direct Object Reference (IDOR)
Accessing unauthorized administration pages and seeing admin password - speakerkit.state.gov
Reported by:
qualw1n
|
Disclosed:
High
Weakness: Improper Access Control - Generic
Time Based SQL Injection
Reported by:
shadow-krd
|
Disclosed:
Critical
Weakness: SQL Injection
RXSS on https://travel.state.gov/content/travel/en/search.html
Reported by:
tmz900
|
Disclosed:
Medium
Weakness: Cross-site Scripting (XSS) - Reflected
xss and html injection on ( https://labs.history.state.gov)
Reported by:
iismailu
|
Disclosed:
Medium
Weakness: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
HTML INJECTION on coins.state.gov
Reported by:
devdevrl
|
Disclosed:
Low
Weakness: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
LDAP anonymous access enabled at certrep.pki.state.gov:389
Reported by:
doosec101
|
Disclosed:
Medium
Weakness: Improper Access Control - Generic
Bypassing Whitelist to perform SSRF for internal host scanning
Reported by:
imthatt
|
Disclosed:
Low
Weakness: Server-Side Request Forgery (SSRF)
Impact of Using the PHP Function "phpinfo()" on System Security - PHP info page disclosure
Reported by:
carpc
|
Disclosed:
Low
Weakness: Information Disclosure