Panther Labs: Twitter Account hijack through broken link in https://runpanther.io

Summary: A linkhttps://twitter.com/runpanther in https://runpanther.io was broken and anyone could create that account which leads to account impersonate Steps To Reproduce: 1.Go to https://runpanther.io 2.Scroll down to bottom there you can see that twitter icon. 3.Click on that icon, you will...

Panther Labs: reflected XSS on panther.com

Summary: When visiting runpanther.io I got redirected to panther.com and the application failed to sanitise user's input resulting into HTML injection and possible XSS. Steps To Reproduce: F1774502 1. Go to...

Panther Labs: Broken subdomain takeover of runpanther which was pointing towards herokuapp

An outdated link on our public blog pointed to a decommissioned Slack sign-up app hosted on Heroku for our also-decommissioned open source Slack community. The reporter was able to re-register the decommissioned subdomain with his own Heroku account...