Greenhouse.io: Subdomain Takeover on demo.greenhouse.io pointing to unbouncepages

Actuall this report is same as of this one:- https://hackerone.com/reports/38007 Subdomain takeover vulnerabilities occur when a subdomain subdomain.example.com is pointing to a service e.g. GitHub pages, Heroku, etc. that has been removed or deleted. This allows an attacker to set up a page on t...

Slack: HTTP parameter pollution from outdated Greenhouse.io JS dependency

Slack's career page was using an outdated Greenhouse JavaScript dependency which resulted in an HTTP parameter pollution vulnerability. This would have allowed the loading of external Greenhouse forms not owned by Slack. We updated the Javascript and the issue is resolved. Thanks @irvinlim! The...

Greenhouse.io: Cache poisoning using NULL bytes and long URLs

This is related to a previous report I made https://hackerone.com/reports/326639. The same endpoint https://boards.greenhouse.io/embed/jobboard/js?for= is still vulnerable to arbitrary string injection, by terminating the customer key in the for parameter with a URL-encoded NULL byte i.e. %00,...

Greenhouse.io: DoS through cache poisoning using invalid HTTP parameters

I was taking a look into a related report https://hackerone.com/reports/298265 and I discovered that the https://boards.greenhouse.io/embed/jobboard/js?for= endpoint doesn't throw errors when I try to pass in an array of for parameters like this:...

Greenhouse.io: Subdomain Takeover using blog.greenhouse.io pointing to Hubspot

Hi, Your subdomain blog.greenhouse.io is pointing to the service called Hubspot. However, your account at Hubspot has expired or has been cancelled. This basically means that anyone can claim your subdomain pointing to Hubspot and create their own site at this URL. This is EXTREMELY dangerous as...

Greenhouse.io: SMTP protection not used (please read carefully )

Details: Companies like Coinbase, Yahoo,Google,Facebook and even hackerone implemented a strict email security policy combining SPF, DKIM, and DMARC but I don't see taht from mailgreenhouse.ioru , You should apply strict SMPT policy to stop spoofed email sending from your domain. POC is attached...

Greenhouse.io: openssh-server Forced Command Handling Information Disclosure Vulnerability on blog.greenhouse.io

Summary of the issue: The authparseoptions function in auth-options.c in sshd in OpenSSH before 5.7 provides debug messages containing authorizedkeys command options, which allows remote authenticated users to obtain potentially sensitive information by reading these messages, as demonstrated by...