4 matches found
HackerOne: [IDOR] Improper Access Control on Embedded Submission Form
The researcher discovered an improper access control vulnerability that allowed them to access sensitive program information for private/inactive embedded submission forms by leveraging the form's UUID. The researcher used reconnaissance techniques to obtain a list of UUIDs for various private...
HackerOne: Submitting report through Embedded Submission form gives user indefinite access to a profile
Summary: Hi team, @jobert , @ben After testing on the sandbox, I noticed that one of my accountswhich I removed from the program can see some of the information. I don't know if it affects other programs that have other States - private-only, private-only whit external link. I could not find the...
HackerOne: Embedded submission form UUIDs can be enumerated through GraphQL node interface, exposing sensitive program details
It's possible for an attacker to enumerate embedded submission form UUIDs through HackerOne's GraphQL node interface. In normal application behavior, an embedded submission form is queried through GraphQL with a UUID. These UUIDs are random and they're not susceptible to brute force attacks...
HackerOne: SQL injection in GraphQL endpoint through embedded_submission_form_uuid parameter
The embeddedsubmissionformuuid parameter in the /graphql endpoint is vulnerable to a SQL injection. Execute the following command to reproduce the behavior: Locally: curl -X POST http://localhost:8080/graphql?embeddedsubmissionformuuid=1%27%3BSELECT%201%3BSELECT%20pgsleep\30%3B--%27...