Keybase: Register multiple users using one invitation (race condition)

Hi, It is possible to create multiple accounts using a single invitationid due to a race condition bug in //api/1.0/signup.json. I have successfully created 8 accounts using invitation with id = 37c5a121adf23e90b875500d The account usernames: novijosiptest1,2,4,5,6,8,9,10 you can delete them, I...

Uber: Bulk UUID enumeration via invite codes

It is possible to enumerate UUID via invite code. During signup if we enter invite code then create request's response contains inviteruuid . As invite codes are public so attacker can easily enumerate bulk UUID . Here is sample request :- POST /signup/clients/create HTTP/1.1 X-Uber-RedirectCount...

PHPFox 4 Cross Site Scripting

Title : PhpFox4 Cross Site Scripting Vuln. Author : bl4ckMohajeM [email protected] Software Link: http://www.phpfox.com/ Version: 4 Date : 06/09/2016 Category: WebApps Tested with : Ubuntu / Win Description In this Cms theres is a Cross Site Scripting Vurlnerablities in 'nsextt' Parameter...

Uber: Stored self-XSS at m.uber.com

There is a stored self-XSS vulnerability at m.uber.com in displaying the uber invite code. If the user sets the invite code at alertdocument.domain value using the main personal area at the uber.com and then signs into the m.uber.com the XSS is fired. Possible other user exploitation case can be...

Uber: Possibility to brute force invite codes in riders.uber.com

When adding new promotion codes for free rides, one could brute force invitation codes since there is no protection against brute force attacks. When going to payment page, it's possible to apply promotion code. If we intercept this request, we can brute force codes, since there is no captcha or...

Uber: Lack of rate limiting on get.uber.com leads to enumeration of promotion codes and estimation of a lower bound on the number of Uber drivers

Invite codes are 5 alphanumeric lower case characters. This means there are 36 26 + 10 possible options for each space in the invite code. In total this means there are 36^5 or 60,466,176 possible invite codes. Through enumerating through all possible invite codes, one can find the total number o...

Cross site scripting

Cross-site scripting XSS vulnerability in the Push-Service-Mails feature in AVM FRITZ!OS before 6.30 allows remote attackers to inject arbitrary web script or HTML via the display name in the FROM field of an SIP INVITE message...

CVE-2015-7242

Cross-site scripting XSS vulnerability in the Push-Service-Mails feature in AVM FRITZ!OS before 6.30 allows remote attackers to inject arbitrary web script or HTML via the display name in the FROM field of an SIP INVITE message...

Whisper: SMS Invite Form Abuse

whisper.sh fails to protect the invite form from abuse from attackers. If a malicious individual wants to abuse this functionality, they could send repeated/automated requests to the same phone number or range of phone numbers that do no actually belong to himself. This would result in lots of...

Coinbase: User email enumuration using Gmail

Hi, Using Gmail it is possible to get the list of email addresses that use/have coinbase accounts. as a prerequisite: we will need a script to bruteforce a list of email addresses. consider this script: python import random values only contain small letters and numbers letters =...

Drupal Node Invite Module Cross-Site Request Forgery Vulnerability

Drupal is a free, open-source content management system developed in PHP and maintained by the Drupal community.Node Invite is one of the modules that is similar to RSVP sending invitations via email. A cross-site request forgery vulnerability exists in the Drupal Node Invite module versions prio...

Drupal Node Invite Module Open Redirect Vulnerability

Drupal is a free, open-source content management system developed in PHP and maintained by the Drupal community.Node Invite is one of the modules that is similar to RSVP sending invitations via email. An open redirection vulnerability exists in the Drupal Node Invite module versions prior to...

Drupal Node Invite Module Cross-Site Scripting Vulnerability

Drupal is a free, open-source content management system developed in PHP and maintained by the Drupal community.Node Invite is one of the modules that is similar to RSVP sending invitations via email. A cross-site scripting vulnerability exists in the Drupal Node Invite module versions prior to...

Google 'Project Fi' Wireless Service: 10 Amazing Facts

Google has just launched its long-rumored wireless cellular service that comes up to give a tough competition for AT&T and Verizon communication. Yes! A wireless Service for Cell Phone users. The web Internet giant, Google is now becoming a Mobile Virtual Network Operator MVNO by offering its...

CVE-2015-3372

Cross-site scripting XSS vulnerability in the Node Invite module before 6.x-2.5 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a node title...

CVE-2015-3371

Open redirect vulnerability in the Node Invite module before 6.x-2.5 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the destination parameter...

CVE-2015-3370

Cross-site request forgery CSRF vulnerability in the Node Invite module before 6.x-2.5 for Drupal allows remote attackers to hijack the authentication of users with the "nodeinvitecanmanageinvite" permission for requests that re-enable node invitations via unspecified vectors...

Open redirect

Open redirect vulnerability in the Node Invite module before 6.x-2.5 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the destination parameter...

Cross site scripting

Cross-site scripting XSS vulnerability in the Node Invite module before 6.x-2.5 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a node title...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the Node Invite module before 6.x-2.5 for Drupal allows remote attackers to hijack the authentication of users with the "nodeinvitecanmanageinvite" permission for requests that re-enable node invitations via unspecified vectors...