Session Fixation in Nextcloud Talk

None...

HackerOne: Private program disclosure through notifications

Hello Team, Summary: I recently came across hackerone report: https://hackerone.com/reports/1179241 . I though this was fixed but today I have have faced similar experience. I have received a Scope and policy update from the program "██████" which I am not part of. ████████ When I was clicking on...

Ping Identity: Broken Link on Ping Identity's Vulnerability Submission Form on Hackerone

Summary: Ping Identity has an unclaimed broken link on their HackerOne security page which can be claimed by any malicious user, who could then exploit this issue with clever social engineering to deceive new researchers to submit their legitimate findings to the wrong hands. Similar to this...

Bbscope - Scope Gathering Tool For HackerOne, Bugcrowd, And Intigriti!

The ultimate scope gathering tool for HackerOne, Bugcrowd, and Intigriti by sw33tLie. Need to grep all the large scope domains that you've got on your bug bounty platforms? This is the right tool for the job. What about getting a list of android apps that you are allowed to test? We've got you...

HackerOne: HackerOne making payments in USDC (Coinbase stable coin)

Summary: Hello Everyone, My name is Ariel and I’m a manager in HackerOne’s community team. As a part of a Hack Week project, HackerOne is now supporting payments via USDC, Coinbase’s stable coin. This has been a feature requested by many hackers, that we are now glad to announce as supported. Mor...

Sensitive data may not be removed from storage on account removal

None...

HackerOne: Report Bulk endpoint "agree-on-going-public" action may reveal Report disclosure state for invite-only programs

Hello, Hope you are doing well, SUMMARY -In hackerone user doesn't have permission to do any action like "disclosing/undiclosing" in disclosed report. -Here user can send the "cancel-disclosure-request" request to the server and server accepts the request gave 200ok response with ""flash":"The...

h1-ctf: HackerOne’s 100K CTF Writeup

Greetings team It has been a great challenge, thank you very much for the fun moments and also for the annoying ones : ██████████ P.S. I will put my writeup in my next comment. Impact ---...

Gitlab 13.9.3 - Remote Code Execution (Authenticated)

Exploit Title: Gitlab 13.9.3 - Remote Code Execution Authenticated Date: 02/06/2021 Exploit Author: enox Vendor Homepage: https://about.gitlab.com/ Software Link: https://gitlab.com/ Version: 13.9.4 Tested On: Ubuntu 20.04 Environment: Gitlab 13.9.1 CE Credits: https://hackerone.com/reports/11254...

Gitlab 13.9.3 - Remote Code Execution (Authenticated) Exploit

Exploit Title: Gitlab 13.9.3 - Remote Code Execution Authenticated Exploit Author: enox Vendor Homepage: https://about.gitlab.com/ Software Link: https://gitlab.com/ Version: 13.9.4 Tested On: Ubuntu 20.04 Environment: Gitlab 13.9.1 CE Credits: https://hackerone.com/reports/1125425...

Gitlab 13.9.3 Remote Code Execution

Exploit Title: Gitlab 13.9.3 - Remote Code Execution Authenticated Date: 02/06/2021 Exploit Author: enox Vendor Homepage: https://about.gitlab.com/ Software Link: https://gitlab.com/ Version: 13.9.4 Tested On: Ubuntu 20.04 Environment: Gitlab 13.9.1 CE Credits: https://hackerone.com/reports/11254...

Attacker can obtain write access to any federated share/public link

None...

Files Drop public link can be added as federated share

None...

End to end encryption folder locking is not properly protected

None...

IPS Community Suite 4.5.4.2 PHP Code Injection

------------------------------------------------------------------------------ IPS Community Suite = 4.5.4.2 previewBlock PHP Code Injection Vulnerability ------------------------------------------------------------------------------ - Software Link: https://invisioncommunity.com - Affected...

Nextcloud: Ransomware protection is missing extentions take 2

As requested in https://hackerone.com/reports/1195568 Impact So not spam ;...

Sifchain: CORS Misconfiguration

Summary: An cross-origin resource sharing CORS policy controls whether and how content running on other domains can perform two-way interaction with the domain that publishes the policy. The policy is fine-grained and can apply access controls per-request based on the URL and other features of th...

Nextcloud: public webdav endpoint not bruteforce protected

Again related to https://hackerone.com/reports/1173684 I am having some trouble finding the code. However if you do curl -u "RANDOM1:RANDOM2" -X PROPFIND https://server/public.php/webdav And then check your ocbruteforceattempts table. You'll see there is no entry registered. Impact Low just like ...

Sifchain: wrong url in hackerone > goes to wix.com > unconnected

Summary: Hi there, this is a very small issue out of scope. Your current domain name in your hackerone program is wrong: http://sifchain.finance and moves to wix.com Steps To Reproduce: 1. Login as a researcher 2. Open the program from sifchain: https://hackerone.com/sifchain?type=team 3. click o...

Sifchain: Possibility of DoS attack at https://sifchain.finance// via CVE-2018-6389 exploitation

There is possibility in /wp-admin/load-scripts.php script to generate large 3Mb amount of data via simple non-authenticated request to server. The vulnerability is registered as https://vulners.com/cve/CVE-2018-6389 Details Detailed attack scenario is described for example here:...