942 matches found
Slack: Team admin can add billing contacts
Billing contacts can only be added by team owners. However, team admin can escalate his privileges and add billing contacts. Steps to reproduce: 1.Log in as team admin 2.Send the below request using his token and it adds '[email protected]' to billing contacts. POST /api/team.billing.addContact...
Slack: Team admin can change unauthorized team setting (allow_message_deletion)
Team admin can escalate his privileges and change 'allowmessagedeletion' team setting, which can be changed only by a team owner. Steps to reproduce: 1. Log in as team admin. 2. Send the below request using his cookie & token and notice that it changes 'allowmessagedeletion' team setting to true...
Slack: Team admin can change unauthorized team setting (require_at_for_mention)
Team admin can escalate his privileges and change 'requireatformention' team setting, which can be changed only by a team owner. Steps to reproduce: 1. Log in as team admin 2. Send the below request using his token and notice that it changes 'requireatformention' setting to true. POST...
Slack: a stored xss in slack integration https://onerror.slack.com/services/import
location of the stored xss bug : https://hunter22.slack.com/admin/name in team name :put this payload :" stored xss executed here: https://hunter22.slack.com/services/import...
Slack: HTTP Strict Transport Policy not enabled on newly made accounts
Hey As we know that the HSTS prevents MITM against SSL. I just checked the headers of the account i created localhost.slack.com SERVER RESPONSE: 200 OK Cache-Control: private, no-cache, no-store, must-revalidate Content-Encoding: gzip Content-Type: text/html; charset="utf-8" Date: Wed, 03 Sep 201...
Slack: Content Spoofing all Integrations in https://team.slack.com/services/new/
Hello There, I've discovered 48+ content spoofing and confirmed all of your Integrations at https://team.slack.com/services/new/ is vulnerable to Content spoofing and exploitable to all users. Content Spoofing An attack technique used to trick a user into thinking that fake web site content is...
Slack: Content spoofing at Stripe Integrations
I have found Content Spoofing Vulnerable in Slack at Stripe Integrations vulnerability is exploitable to all users Proof of concept: https://asdasda.slack.com/services/2481499413?error=content%20spoofing%20! Regards, Jayson Zabate...
lftp <= 2.6.9 - Remote Stack based Overflow Exploit
No description provided by source. / lftp remote stack-based overflow exploit by Li0n7 voila fr Vulnerability discovered by Ulf Harnhammar Ulf.Harnhammar.9485 student uu se Lftp versions later than 2.6.10 are prone to a remotly exploitable stack-based overflow in trynetscapeproxy and trysquideplf...
Slack: Open Redirect login account
An open redirect is an application that takes a parameter and redirects a user to the parameter value without any validation. This vulnerability is used in phishing attacks to get users to visit malicious sites without realizing it. Reproduction Instructions go to...
Slack: SSRF on https://whitehataudit.slack.com/account/photo
During post request to https://whitehataudit.slack.com/account/photo: POST /account/photo HTTP/1.1 Host: whitehataudit.slack.com User-Agent: Mozilla/5.0 Macintosh; Intel Mac OS X 10.9; rv:29.0 Gecko/20100101 Firefox/29.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8...
Slack: Remote file Inclusion - RFI in upload
Hello, Everysite has a RFI vulnerability. Everysite i.e .slack.com is having this vulnerability. Proof of concept / Steps to Reproduce : ================================= 1. Sign in to your account on slack eg. I signed in https://pran3hiva.slack.com 2. Now, go to 'Change photo'. i.e...
Slack: XSS in gist integration
Create a gist called: " 2. have gist integration enabled and put a link in a slack chat 3. Visit the 'raw' or 'new window' pages for this gist, for example: https://outpost.slack.com/files/zemnmez/F029MDY33/svgonloadalert1...
Slack: Stored XSS in slack.com (integrations)
Hi Slack, i'm going to report stored xss in slack integrations. Attack String Payload: http://jeroldcamacho.com/%5Ex1s1s/slack.com.txt Proof of Concept: here is the videoVideo. video: https://www.dropbox.com/s/3qfo5fdezn6ci2q/slack.com%20xss.avi Thanks, Jerold Camacho...
Slack: Stored XSS Found
The type of XSS Vulnerability I found on your website is a stored xss. after i connect my github account and add a new integration then i chose my repositories then on the right side of that is a textfield that has a placeholder of Branches optional. then i put the following code on that textfiel...
Slack: open redirect in https://slack.com
Navigate to Https://slack.com append "/link?url=url=http://bing.com" or enter any website of your choice with http:// vulnerable link https://slack.com/link?url=http://bing.com notice that user is redirected to bing.com without being validated or notified...
Slack: Facebook Takeover using Slack using 302 from files.slack.com with access_token
Hi, I noticed that your Facebook application used in the "Import Photo" can be used to take over the Facebook account of the user being attacked. It's multiple issues in one: 1. You have a 302 redirect from a .slack.com domain. Hash-values will follow the redirect. 2. The Facebook application OAu...
Slack: Duplicate of #4550
Here's the duplicate ticket you asked for 4550 XSS in Slack Redirection...
Slack: Stored XSS in Slackbot Direct Messages
Whenever a new team is created, Slackbot uses automated profile completion by asking a few questions from the user like the first name, last name, skype account etc. But instead of providing the correct details we provide as input then Slackbot will cause the data go inside the anchor tag ... so...
Slack: Open Redirect in Slack
This link shall redirect to google.co.in: http://prakhar.slack.com/link?url=http%3A%2F%2Fgoogle.co.in Straight, open redirection! Thanks!...
Slack: Content Spoofing
Here is an unvalidated insertion of an image, resulting to content spoofing https://awayon.slack.com/account/photo?url=http://www.thenewstribe.com/wp-content/uploads/2014/01/Syrian-Electronic-Army-hacked-CNN.jpg It displays any photo, what the attacker must know is just the "awayon" or the team...