{"id": "H1:208407", "hash": "80d2f804efa5df83ad6fd2f18e34b275", "type": "hackerone", "bulletinFamily": "bugbounty", "title": "HackerOne: Able to create basic user account via Google login on HackerOne Drupal CMS", "description": "**Summary:**\nHi,\nI've found that hackerone.com has drupal installed and when I navigated to this URL\nhttps://www.hackerone.com/user/password\nFound \"Log in\" and \"password reset option\".\nWhen I clicked on login it redirected me to google login\nThen I login using my gmail account and it redirected to hackerone.com\nThen I requested to pasword reset and got link from email and able to acces the \n internal drupal\n\n**Description (Include Impact):**\nAble to create a new account on that CMS.\n\n### Steps To Reproduce\n\n1. Navigate to this https://www.hackerone.com/user/password\n2. Click \"Log in\" using google account.\n3.Again navigate to this https://www.hackerone.com/user/password\n\nput the google mail and click on the request.\n\nA one-time login link will be provided to that email\n\n\n\n\n\nPOC:(Unlisted)\nhttps://youtu.be/lBio9OZpLpM\n", "published": "2017-02-23T12:59:58", "modified": "2017-04-25T07:38:05", "cvss": {"vector": "NONE", "score": 0.0}, "href": "https://hackerone.com/reports/208407", "reporter": "ishahriyar", "references": [], "cvelist": [], "lastseen": "2018-04-19T17:34:09", "history": [{"lastseen": "2017-08-22T11:09:36", "edition": 1, "bulletin": {"id": "H1:208407", "hash": "64c8b0521db81e19a2c367abc4d0a5606c99145ad31fae8461c6e549f9ba4c29", "type": "hackerone", "bulletinFamily": "bugbounty", "title": "HackerOne: Able to create basic user account via Google login on HackerOne Drupal CMS", "description": "**Summary:**\nHi,\nI've found that hackerone.com has drupal installed and when I navigated to this URL\nhttps://www.hackerone.com/user/password\nFound \"Log in\" and \"password reset option\".\nWhen I clicked on login it redirected me to google login\nThen I login using my gmail account and it redirected to hackerone.com\nThen I requested to pasword reset and got link from email and able to acces the \n internal drupal\n\n**Description (Include Impact):**\nAble to create a new account on that CMS.\n\n### Steps To Reproduce\n\n1. Navigate to this https://www.hackerone.com/user/password\n2. Click \"Log in\" using google account.\n3.Again navigate to this https://www.hackerone.com/user/password\n\nput the google mail and click on the request.\n\nA one-time login link will be provided to that email\n\n\n\n\n\nPOC:(Unlisted)\nhttps://youtu.be/lBio9OZpLpM\n", "published": "2017-02-23T12:59:58", "modified": "1970-01-01T00:00:00", "cvss": {"vector": "NONE", "score": 0.0}, "href": "https://hackerone.com/reports/208407", "reporter": "ishahriyar", "references": [], "cvelist": [], "lastseen": "2017-08-22T11:09:36", "history": [], "viewCount": 1, "enchantments": {}, "objectVersion": "1.4", "bounty": 0.0, "bountyState": "resolved", "h1team": {"profile_picture_urls": {"medium": "https://profile-photos.hackerone-user-content.com/production/000/000/013/28af2ada2cc00aa9427504fc5a14f587362df84b_medium.png?1445331713", "small": "https://profile-photos.hackerone-user-content.com/production/000/000/013/68fea1fe00dc833f4109e015738af4b374727e56_small.png?1445331713"}, "url": "https://hackerone.com/security", "handle": "security"}, "h1reporter": {"hacker_mediation": false, "url": "/ishahriyar", "disabled": false, "username": "ishahriyar", "profile_picture_urls": {"small": "https://profile-photos.hackerone-user-content.com/production/000/018/459/08b7928dece9c87f0cddbdb6701040a05d95075a_small.png?1439935268"}}}, "differentElements": ["h1reporter"]}, {"lastseen": "2017-08-29T13:11:23", "edition": 3, "bulletin": {"id": "H1:208407", "hash": "3b8ce1bb8162e01e63abe63a254f40a3b989976a58e256dd66e52be71a43deb4", "type": "hackerone", "bulletinFamily": "bugbounty", "title": "HackerOne: Able to create basic user account via Google login on HackerOne Drupal CMS", "description": "**Summary:**\nHi,\nI've found that hackerone.com has drupal installed and when I navigated to this URL\nhttps://www.hackerone.com/user/password\nFound \"Log in\" and \"password reset option\".\nWhen I clicked on login it redirected me to google login\nThen I login using my gmail account and it redirected to hackerone.com\nThen I requested to pasword reset and got link from email and able to acces the \n internal drupal\n\n**Description (Include Impact):**\nAble to create a new account on that CMS.\n\n### Steps To Reproduce\n\n1. Navigate to this https://www.hackerone.com/user/password\n2. Click \"Log in\" using google account.\n3.Again navigate to this https://www.hackerone.com/user/password\n\nput the google mail and click on the request.\n\nA one-time login link will be provided to that email\n\n\n\n\n\nPOC:(Unlisted)\nhttps://youtu.be/lBio9OZpLpM\n", "published": "2017-02-23T12:59:58", "modified": "2017-04-25T07:38:05", "cvss": {"vector": "NONE", "score": 0.0}, "href": "https://hackerone.com/reports/208407", "reporter": "ishahriyar", "references": [], "cvelist": [], "lastseen": "2017-08-29T13:11:23", "history": [], "viewCount": 3, "enchantments": {"score": {"value": 6.4, "modified": "2017-08-29T13:11:23"}}, "objectVersion": "1.4", "bounty": 0.0, "bountyState": "resolved", "h1team": {"profile_picture_urls": {"medium": "https://profile-photos.hackerone-user-content.com/production/000/000/013/28af2ada2cc00aa9427504fc5a14f587362df84b_medium.png?1445331713", "small": "https://profile-photos.hackerone-user-content.com/production/000/000/013/68fea1fe00dc833f4109e015738af4b374727e56_small.png?1445331713"}, "url": "https://hackerone.com/security", "handle": "security"}, "h1reporter": {"url": "/ishahriyar", "username": "ishahriyar", "profile_picture_urls": {"small": "https://profile-photos.hackerone-user-content.com/production/000/018/459/08b7928dece9c87f0cddbdb6701040a05d95075a_small.png?1439935268"}, "disabled": false, "hacker_mediation": false, "is_me?": false}}, "differentElements": ["h1reporter"]}, {"lastseen": "2018-02-07T16:57:59", "edition": 4, "bulletin": {"id": "H1:208407", "hash": "badf4de4a3aff6a97586351e6414313d4d59ce8b69abc6bb64df074e97923700", "type": "hackerone", "bulletinFamily": "bugbounty", "title": "HackerOne: Able to create basic user account via Google login on HackerOne Drupal CMS", "description": "**Summary:**\nHi,\nI've found that hackerone.com has drupal installed and when I navigated to this URL\nhttps://www.hackerone.com/user/password\nFound \"Log in\" and \"password reset option\".\nWhen I clicked on login it redirected me to google login\nThen I login using my gmail account and it redirected to hackerone.com\nThen I requested to pasword reset and got link from email and able to acces the \n internal drupal\n\n**Description (Include Impact):**\nAble to create a new account on that CMS.\n\n### Steps To Reproduce\n\n1. Navigate to this https://www.hackerone.com/user/password\n2. Click \"Log in\" using google account.\n3.Again navigate to this https://www.hackerone.com/user/password\n\nput the google mail and click on the request.\n\nA one-time login link will be provided to that email\n\n\n\n\n\nPOC:(Unlisted)\nhttps://youtu.be/lBio9OZpLpM\n", "published": "2017-02-23T12:59:58", "modified": "2017-04-25T07:38:05", "cvss": {"vector": "NONE", "score": 0.0}, "href": "https://hackerone.com/reports/208407", "reporter": "ishahriyar", "references": [], "cvelist": [], "lastseen": "2018-02-07T16:57:59", "history": [], "viewCount": 3, "enchantments": {"score": {"vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N/", "value": 3.5, "modified": "2018-02-07T16:57:59"}}, "objectVersion": "1.4", "bounty": 0.0, "bountyState": "resolved", "h1team": {"profile_picture_urls": {"medium": "https://profile-photos.hackerone-user-content.com/production/000/000/013/28af2ada2cc00aa9427504fc5a14f587362df84b_medium.png?1445331713", "small": "https://profile-photos.hackerone-user-content.com/production/000/000/013/68fea1fe00dc833f4109e015738af4b374727e56_small.png?1445331713"}, "url": "https://hackerone.com/security", "handle": "security"}, "h1reporter": {"disabled": false, "url": "/ishahriyar", "username": "ishahriyar", "hackerone_triager": false, "profile_picture_urls": {"small": "https://profile-photos.hackerone-user-content.com/production/000/018/459/08b7928dece9c87f0cddbdb6701040a05d95075a_small.png?1439935268"}, "hacker_mediation": false, "is_me?": false}}, "differentElements": ["h1team", "h1reporter"]}, {"lastseen": "2017-08-28T23:19:23", "edition": 2, "bulletin": {"id": "H1:208407", "hash": "2e65aa1c8773e248bbfb575eea43c952ef05e2088b35d87a45847029a60b70cf", "type": "hackerone", "bulletinFamily": "bugbounty", "title": "HackerOne: Able to create basic user account via Google login on HackerOne Drupal CMS", "description": "**Summary:**\nHi,\nI've found that hackerone.com has drupal installed and when I navigated to this URL\nhttps://www.hackerone.com/user/password\nFound \"Log in\" and \"password reset option\".\nWhen I clicked on login it redirected me to google login\nThen I login using my gmail account and it redirected to hackerone.com\nThen I requested to pasword reset and got link from email and able to acces the \n internal drupal\n\n**Description (Include Impact):**\nAble to create a new account on that CMS.\n\n### Steps To Reproduce\n\n1. Navigate to this https://www.hackerone.com/user/password\n2. Click \"Log in\" using google account.\n3.Again navigate to this https://www.hackerone.com/user/password\n\nput the google mail and click on the request.\n\nA one-time login link will be provided to that email\n\n\n\n\n\nPOC:(Unlisted)\nhttps://youtu.be/lBio9OZpLpM\n", "published": "2017-02-23T12:59:58", "modified": "1970-01-01T00:00:00", "cvss": {"vector": "NONE", "score": 0.0}, "href": "https://hackerone.com/reports/208407", "reporter": "ishahriyar", "references": [], "cvelist": [], "lastseen": "2017-08-28T23:19:23", "history": [], "viewCount": 1, "enchantments": {}, "objectVersion": "1.4", "bounty": 0.0, "bountyState": "resolved", "h1team": {"profile_picture_urls": {"medium": "https://profile-photos.hackerone-user-content.com/production/000/000/013/28af2ada2cc00aa9427504fc5a14f587362df84b_medium.png?1445331713", "small": "https://profile-photos.hackerone-user-content.com/production/000/000/013/68fea1fe00dc833f4109e015738af4b374727e56_small.png?1445331713"}, "url": "https://hackerone.com/security", "handle": "security"}, "h1reporter": {"url": "/ishahriyar", "username": "ishahriyar", "profile_picture_urls": {"small": "https://profile-photos.hackerone-user-content.com/production/000/018/459/08b7928dece9c87f0cddbdb6701040a05d95075a_small.png?1439935268"}, "disabled": false, "hacker_mediation": false, "is_me?": false}}, "differentElements": ["modified"]}], "viewCount": 6, "enchantments": {"score": {"value": -0.0, "vector": "NONE", "modified": "2018-04-19T17:34:09"}, "dependencies": {"references": [], "modified": "2018-04-19T17:34:09"}, "vulnersScore": -0.0}, "objectVersion": "1.4", "bounty": 0.0, "bountyState": "resolved", "h1team": {"profile_picture_urls": {"medium": "https://profile-photos.hackerone-user-content.com/000/000/013/28af2ada2cc00aa9427504fc5a14f587362df84b_medium.png?1445331713", "small": "https://profile-photos.hackerone-user-content.com/000/000/013/68fea1fe00dc833f4109e015738af4b374727e56_small.png?1445331713"}, "url": "https://hackerone.com/security", "handle": "security"}, "h1reporter": {"disabled": false, "url": "/ishahriyar", "username": "ishahriyar", "hackerone_triager": false, "profile_picture_urls": {"small": "https://profile-photos.hackerone-user-content.com/000/018/459/08b7928dece9c87f0cddbdb6701040a05d95075a_small.png?1439935268"}, "hacker_mediation": false, "is_me?": false}, "_object_type": "robots.models.hackerone.HackerOneBulletin", "_object_types": ["robots.models.hackerone.HackerOneBulletin", "robots.models.base.Bulletin"]}

{}