Lucene search
K
HackeroneMost viewed

15306 matches found

Hacker One
Hacker One
β€’added 2017/04/14 10:21 a.m.β€’40 views

Nextcloud: https://portal.nextcloud.com/.htaccess file is readable

@mksahilisr reported a disclosure of the .htaccess file on https://portal.nextcloud.com. This has been resolved by adding the following to the Apache server configuration: order allow,deny deny from all Since the .htaccess file contained some potential sensitive data this report has only been...

6.8AI score
Exploits0
Hacker One
Hacker One
β€’added 2017/03/19 12:16 p.m.β€’40 views

Mail.ru: Reflected XSS on frag.mail.ru

Domain, site, application The "frag.mail.ru" is affected by a reflected XSS vulnerability on the "/user/register/" handler. Testing environment The exploitation of the issue has been tested on the latest version at the time of writing of Firefox: 52.0.1 both 32 and 64 bit on Sierra and Windows 7...

0.1AI score
Exploits0
Hacker One
Hacker One
β€’added 2017/03/03 12:24 p.m.β€’41 views

Open-Xchange: RTLO character in file names

DESCRIPTION ------- Hello, I have noticed that you allow the RTLO Right-To-Left-Override character is not filtered from the names of the files saved to drive, or in the attachement names, thus allowing 2 things : 1. Someone sends a malicious file html or exe or something esle via email that...

0.2AI score
Exploits0
Hacker One
Hacker One
β€’added 2017/02/24 1:55 p.m.β€’40 views

Ubiquiti Inc.: Reflected cross-site scripting (XSS) vulnerability in scores.ubnt.com allows attackers to inject arbitrary web script via p parameter.

Dear Ubiquiti Networks bug bounty team, Short Description --- scores.ubnt.com is still vulnerable to reflected XSS, a form of client-side code injection wherein one can execute malicious scripts into a page. The fix to https://hackerone.com/reports/158484 does not suffice for some browsers mainly...

0.2AI score
Exploits0
Hacker One
Hacker One
β€’added 2017/01/21 2:56 p.m.β€’40 views

LocalTapiola: SQL Injection on /webApp/lapsuudenturva (viestinta.lahitapiola.fi)

Issue The reporter found a blind SQL Injection attack in an application in viestinta.lahitapiola.fi. Fix The issue was investigated and found to be valid. The fix was to remove the application as it was not needed. Reasoning The reported case was valid and within the scope of the bug bounty...

0.7AI score
Exploits0
Hacker One
Hacker One
β€’added 2017/01/11 2:43 a.m.β€’40 views

Discourse: XSS in topics because of bandcamp preview engine vulnerability

Load http://try.discourse.org 2. Click "New topic" 3. Enter this payload https://89.223.28.48/bandcamp.com/album/index.html?XSSa2 to field with placeholder "Type title or paste a link here" 4. Wait for the preview engine to parse the link 4. XSS will fire F151439 You should sanitize external...

0.3AI score
Exploits0
Hacker One
Hacker One
β€’added 2017/01/04 9:39 a.m.β€’40 views

Internet Bug Bounty: NULL Pointer Dereference while unserialize php object

Because no checking result of objectinitex so that if user passing implement class, abstract class the result of this is FALSE and args is NULL, so that lead program crash if UNEXPECTEDclasstype-ceflags & ZENDACCINTERFACE|ZENDACCTRAIT|ZENDACCIMPLICITABSTRACTCLASS|ZENDACCEXPLICITABSTRACTCLASS if...

5CVSS8.5AI score0.05879EPSS
Exploits0
Hacker One
Hacker One
β€’added 2016/12/01 11:2 p.m.β€’40 views

WordPress: Wordpress 4.7 - CSRF -> HTTP SSRF any private ip:port and basic-auth

Description This report is a variant on report 110801 but with broader vector. 110801 was a XSRF SSRF that allowd unintended GET requests to 0.0.0.0 on port 80, 443 and 8080. This vulnerability uses same entry vector of the press this scrape function but entirely bypasses the ip and port filter...

6.9AI score
Exploits0
Hacker One
Hacker One
β€’added 2016/11/14 9:7 p.m.β€’40 views

PortSwigger Web Security: XSS in IE11 on portswigger.net via Flash

Hello Portswigger Security Team, There is a reflective XSS vulnerability in portswigger.net. The flash file https://portswigger.net/burp/tutorials/video-js/video-js.swf is from an old video.js library version 3.2.0 which is vulnerable to XSS. This XSS will be blocked by CSP instruction object-src...

0.4AI score
Exploits0
Hacker One
Hacker One
β€’added 2016/10/26 7:40 p.m.β€’40 views

Informatica: [parc.informatica.com] Reflected Cross Site Scripting and Open Redirect

Hi ! I just want to report you a vulnerability in your subdomain ,,parc'' Description In this link https://parc.informatica.com/partners/apex/Cloudchat?endpoint= the vulnerable parameter is ,,endpoint''. Once the parameter takes the value of a XSS vector or a website link the code is executed aft...

0.1AI score
Exploits0
Hacker One
Hacker One
β€’added 2016/10/20 1:46 p.m.β€’40 views

Mindoktor: XSS at endpoint clinic.mindoktor.se in flash cookie

Issue : XSS found at endpoint clinic.mindoktor.se/user/login Endpoint :clinic.mindoktor.se/user/login Steps of reproduction 1 . Go to above Endoint 2. enter random email and password 3. Intercept the request with a sniffer Like Burp Suit 4. Change the email parameter to...

6.2AI score
Exploits0
Hacker One
Hacker One
β€’added 2016/09/09 2:27 p.m.β€’40 views

VK.com: Π’Ρ‚ΠΎΡ€ΠΎΠΉ способ ΠΎΠ±Ρ…ΠΎΠ΄Π° 2FA

НСдостаточная ΠΏΡ€ΠΎΠ²Π΅Ρ€ΠΊΠ° ΠΏΠΎΠ»ΡŒΠ·ΠΎΠ²Π°Ρ‚Π΅Π»Ρ ΠΏΡ€ΠΈ смСнС IP-адрСса. Π›Π°Π·Π΅ΠΉΠΊΠ° с Ρ€Π΅Π»ΠΎΠ³ΠΈΠ½ΠΎΠΌ ΠΏΡ€ΠΈ смСнС IP Ρƒ ΠΏΠΎΠ»ΡŒΠ·ΠΎΠ²Π°Ρ‚Π΅Π»Ρ...

6.9AI score
Exploits0
Hacker One
Hacker One
β€’added 2016/09/01 10:16 p.m.β€’40 views

Instacart: Seemingly sensitive information at /api/v2/zones

Overview == https://www.instacart.com/api/v2/zones is accessible by a regular Instacart user and seems to return sensitive information such as names, emails, phone numbers, money amounts and dates. GET /api/v2/zones "meta": "code": 200 , "data": "zones": ... "id": 73, "name": "β–ˆβ–ˆβ–ˆβ–ˆ", "createdat":...

0.4AI score
Exploits0
Hacker One
Hacker One
β€’added 2016/08/09 2:26 p.m.β€’40 views

Shopify: (FULL PATH DISCLOSURE) Unknown MySQL server host 'shardm-reader.chi2.shopify.io'

Hello, Found a website of you guys that is poiting to: shardm-reader.chi2.shopify.io' This domain is disclosure fill path because there is none MySQL server host. POC: https://104.196.154.1/ Response a whole page with path disclosures: lib/patches/mysqlmonitoring.rb:19:in connect'...

0.1AI score
Exploits0
Hacker One
Hacker One
β€’added 2016/06/27 2:12 a.m.β€’40 views

Coinbase: Application error message

poc url:https://developers.coinbase.com/api/%e3h This page contains an error/warning message that may disclose sensitive information.The message can also contain the location of the file that produced the unhandled exception.This may be a false positive if the error message is found in...

6.8AI score
Exploits0
Hacker One
Hacker One
β€’added 2016/06/17 1:2 a.m.β€’40 views

Internet Bug Bounty: Adobe Flash Player ShimContentResolver(resolverType=0) class Memory Corruption Vulnerability

I. Summary Adobe Flash Player is prone to a vulnerability which leads to memory corruption because of improper validation of ShimContentResolver.resolve. ------------------------------------------------------------------ II. Description Normally, resolve should validate its parameter with...

9.3CVSS9AI score0.04387EPSS
Exploits0
Hacker One
Hacker One
β€’added 2016/05/05 1:26 p.m.β€’40 views

Vimeo: CSRF on Vimeo via cross site flashing leading to info disclosure and private videos go public

Hello Vimeo Security Team. There is a CSRF vulnerability on Vimeo.com. With this vulnerability, an attacker can make all the victim's vimeo videos go public just by having the victim open a link to the attacker webpage. He can also get the victim's vimeo name, user id, user account type and perfo...

6.8AI score
Exploits0
Hacker One
Hacker One
β€’added 2016/04/25 5:2 p.m.β€’40 views

Zendesk: XSS In /zuora/ functionality

Hello there, I wanted to report a XSS vulnerability in the /zuora/ functionality on the zendesk application. Affected URL: -...

6.1AI score
Exploits0
Hacker One
Hacker One
β€’added 2016/03/26 10:31 p.m.β€’40 views

Uber: text injection in get.uber.com/check-otp

Text Injection no HTML or JS in a landing page on get.uber.com...

0.6AI score
Exploits0
Hacker One
Hacker One
β€’added 2016/02/16 6:48 p.m.β€’40 views

VK.com: vk.com/login.php

Π’Ρ‹ΠΏΠΎΠ»Π½ΠΈΠ² 3 ΠΏΡ€ΠΎΡΡ‚Π΅ΠΉΡˆΠΈΡ… шага, ΠΈ Π’Ρ‹ ΡΡ‚ΠΎΠ»ΠΊΠ½Ρ‘Ρ‚Π΅ΡΡŒ с ΠΎΡ‚ΠΊΠ°Π·ΠΎΠΌ сСрвСра Ρ‡Ρ‚ΠΎ-Π»ΠΈΠ±ΠΎ Π΄Π΅Π»Π°Ρ‚ΡŒ. Π¨Π°Π³ 1: ΠŸΠ΅Ρ€Π΅ΠΉΡ‚ΠΈ ΠΏΠΎ адрСсу vk.com/login.php Π¨Π°Π³ 2: ВвСсти Π² ΠΏΠΎΠ»Π΅ "Π»ΠΎΠ³ΠΈΠ½" символы 00 ΠΈΠ»ΠΈ 000 ΠΈΠ»ΠΈ 0000, ΠΈ Ρ‚Π°ΠΊ Π΄ΠΎ 17 Π½ΡƒΠ»Π΅ΠΉ, ΠΏΠ°Ρ€ΠΎΠ»ΡŒ ΡƒΠΊΠ°Π·Π°Ρ‚ΡŒ любой. Π¨Π°Π³ 3: ΠΠ°ΠΆΠ°Ρ‚ΡŒ Π»ΠΎΠ³ΠΈΠ½ ΠΈ сСрвСр Π±ΡƒΠ΄Π΅Ρ‚ сильно Π½Π΅Π΄ΠΎΠ²ΠΎΠ»Π΅Π½. Бпасибо, ΠΈ ΠΈΡΠΏΡ€Π°Π²ΡŒΡ‚Π΅ св...

6.9AI score
Exploits0
Hacker One
Hacker One
β€’added 2016/01/16 11:32 a.m.β€’40 views

withinsecurity: Content Spoofing OR Text Injection in https://withinsecurity.com

Hi, I just found Content Spoofing OR Text-based injection vulnerability in https://withinsecurity.com site that would like to get fixed, Below are the POC and steps to reproduced an issue. 1 Go to https://withinsecurity.com this site 2 Then just changed above url like this...

7AI score
Exploits0
Hacker One
Hacker One
β€’added 2016/01/06 8:34 a.m.β€’40 views

Ruby on Rails: Validation bypass for Active Record and Active Model

Possible Input Validation Circumvention in Active Model There is a possible input validation circumvention vulnerability in Active Model. This vulnerability has been assigned the CVE identifier CVE-2016-0753. Versions Affected: 4.1.0 and newer Not affected: 4.0.13 and older Fixed Versions:...

5CVSS1.1AI score0.07157EPSS
Exploits0
Hacker One
Hacker One
β€’added 2015/12/18 7:14 a.m.β€’40 views

HackerOne: Know whether private program for company exist or not

HI, There are some company which are hosting private BB on HackerOne which are not visible unless they invite you. However, you can check if any company is hosting private BB on HackerOne or not if you can guess the username they use. Generally most company chooses the same name as their company...

0.2AI score
Exploits0
Hacker One
Hacker One
β€’added 2015/10/19 4:0 p.m.β€’40 views

Whisper: SMS Invite Form Abuse

whisper.sh fails to protect the invite form from abuse from attackers. If a malicious individual wants to abuse this functionality, they could send repeated/automated requests to the same phone number or range of phone numbers that do no actually belong to himself. This would result in lots of...

0.9AI score
Exploits0
Hacker One
Hacker One
β€’added 2015/06/04 2:56 p.m.β€’40 views

Mail.ru: help2.m.smailru.net: XSS

GET /login/index.php/article/articleview/ALERT"alert1 HTTP/1.1 Host: help2.m.smailru.net User-Agent: Mozilla/5.0 Macintosh; Intel Mac OS X 10.10; rv:32.0 Gecko/20100101 Firefox/32.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language:...

0.9AI score
Exploits0
Hacker One
Hacker One
β€’added 2015/05/10 12:0 a.m.β€’40 views

Internet Bug Bounty: PHP yaml_parse/yaml_parse_file/yaml_parse_url Unsafe Deserialization

https://bugs.php.net/bug.php?id=69617 Description: ------------ The PHP unserialize function is considered unsafe due to its behavior regarding class instantiation; in cases where serialized data is attacker controlled, it can be tampered with, allowing for the instantiation of arbitrary PHP...

7.7AI score
Exploits0
Hacker One
Hacker One
β€’added 2015/02/13 11:7 a.m.β€’40 views

Enter: Email Enumeration (POC)

HI i am opening the ticket again now i have a poc to show you First here is the issue again: 1.log in robocoin account go to settings 2.choose change my email 3.enter your pass 4.enter any email you want to check 5.if the email isn't registered a message appears sayingthe email is changed 6.if it...

6.9AI score
Exploits0
Hacker One
Hacker One
β€’added 2014/06/27 12:30 p.m.β€’40 views

Faceless: Tap Jacking Attack on Button Tags

UI Redressing Tap jacking attack may trick users into tapping a specifically crafted malicious App popup window e.g. toast view, making it a gateway for varied threats such as framing attack. Using this technique, a malicious App could potentially trick a user into making purchases, clicking on...

1.7AI score
Exploits0
Hacker One
Hacker One
β€’added 2014/03/22 10:54 a.m.β€’40 views

Slack: Stored XSS in Slackbot Direct Messages

Whenever a new team is created, Slackbot uses automated profile completion by asking a few questions from the user like the first name, last name, skype account etc. But instead of providing the correct details we provide as input then Slackbot will cause the data go inside the anchor tag ... so...

0.3AI score
Exploits0
Hacker One
Hacker One
β€’added 2014/03/04 9:46 p.m.β€’40 views

HackerOne: Control Characters Not Stripped From Username on Signup

Hey, To be honest, I'm not sure if there is any real security implications of this bug, but it's IMO something which should be fixed at some point since it'll be pretty easy. On signup, the username you chose has to be alphanumeric. If you submit someone else's username, followed by a null-byte...

6.8AI score
Exploits0
Hacker One
Hacker One
β€’added 2014/03/01 6:33 p.m.β€’40 views

Yahoo!: Yahoo mail login page bruteforce protection bypass

Thank you for your submission to Yahoo’s Bug Bounty program. While we recognize the effort that you put into the research and writing of a report for us to evaluate, we will take your report into consideration for any future releases. We appreciate your adherence to responsible disclosure...

6.6AI score
Exploits0
Hacker One
Hacker One
β€’added 2025/12/15 7:45 a.m.β€’39 views

curl: Path Traversal Bypass in file:// URLs Due to Incomplete URL-Encoded Path Normalization

Summary: The dedotdotify function in lib/urlapi.c is responsible for removing path traversal sequences ../ and ./ from URLs according to RFC 3986. However, the function only recognizes literal forward slashes / when identifying path segments and does not handle URL-encoded slashes %2f or %2F. Thi...

7.1AI score
Exploits0
Hacker One
Hacker One
β€’added 2025/03/18 3:27 p.m.β€’39 views

AWS VDP: Amazon Kendra Intelligent Ranking Service Reporting "AWS Internal" for CloudTrail Events Generated from FIPS Endpoints

The AWS Kendra Intelligent Ranking service was found to incorrectly report the user-agent and network information as "AWS Internal" for four API endpoints that are FIPS endpoints. This issue can lead to the obscuring of request information that may be used to track down an adversary...

6.9AI score
Exploits0
Hacker One
Hacker One
β€’added 2024/10/27 10:34 p.m.β€’39 views

Cosmos: Heap-Buffer-Overread in contains_whitespace when calling parser_validate after supplying a maliciously crafted buffer to parser_parse

A heap-buffer-overread vulnerability was discovered in the containswhitespace function when calling parservalidate after supplying a maliciously crafted buffer to parserparse. The vulnerability was not exploitable in the primary use case of the library, but a length check was added to prevent thi...

7.2AI score
Exploits0
Hacker One
Hacker One
β€’added 2024/06/01 1:55 p.m.β€’39 views

HackerOne: [ Spot Check ] Team members can edit a user's write-up

Team members could edit a user's spot check write-up. The write-up could be modified through a GraphQL request, even though there was no option to edit the write-up in the user interface. This was considered unintended functionality, as HackerOne had previously fixed vulnerabilities where team...

7.1AI score
Exploits0
Hacker One
Hacker One
β€’added 2024/04/17 1:32 p.m.β€’39 views

Liberapay: Unsafe yaml load can lead to remote code execution

The YAML load function can lead to remote code execution vulnerability. The vulnerability allows the construction of arbitrary Python objects from untrusted YAML data, which can be exploited by an attacker...

8.2AI score
Exploits0
Hacker One
Hacker One
β€’added 2024/03/26 4:32 p.m.β€’39 views

U.S. Dept Of Defense: Reflected Cross-site Scripting via search query on β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆ

The summary is as follows: A reflected cross-site scripting vulnerability was discovered in the search query functionality of the β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆ website. An attacker could execute arbitrary JavaScript code in the victim's browser by injecting malicious payload into the search query parameter...

6.8AI score
Exploits0
Hacker One
Hacker One
β€’added 2023/10/03 12:6 p.m.β€’39 views

U.S. Dept Of Defense: User automatically logged in as Sys Admin user on https://β–ˆβ–ˆβ–ˆ/Administration/Administration.aspx

A vulnerability was discovered where any user could be automatically logged in as a system administrator on a web application. This allowed unrestricted access and privileges could be abused to modify user privileges, add or delete users, and upload files, jeopardizing the integrity of the...

7.2AI score
Exploits0
Hacker One
Hacker One
β€’added 2022/05/25 10:45 p.m.β€’39 views

Exodus: 2 Cache Poisoning Attack Methods Affect Core Functionality www.exodus.com

Summary: www.exodus.com hosts static js and css files on Server: cloudflare . Which is cached by cloudflare and passed to all other users accessing the source. I was able to impact the core functionality by using a custom HTTP. Here are 2 details of the Bug. Steps To Reproduce: 1. 501 Not...

6.6AI score
Exploits0
Hacker One
Hacker One
β€’added 2021/11/11 1:26 p.m.β€’39 views

Evernote: [34.96.80.155] Server Logs Disclosure lead to Information Leakage

Summary: In this case server log is available for any in /server-status Steps To Reproduce: 1. Go to https://34.96.80.155/server-status/ and follow attack scenario's Attack Scenario's: Serg.io 1. User go to server and enter sensitive info that can be logged example : http://host/login?privatekey=...

0.5AI score
Exploits0
Hacker One
Hacker One
β€’added 2021/10/05 7:33 a.m.β€’39 views

Nextcloud: When sharing a Deck card in conversation the metaData can be manipulated to open arbitrary URL

Summary: This report is similar to 1337178 In Nextcloud Deck a user can post their decks in to a conversation via nextcloud talk. The link in metaData can be manipulated to point to a another URL. Steps To Reproduce: 0. Setup burpsuite to proxy 1. Go to Nextcloud Deck and pick a board 2. Pick any...

5.8CVSS0.4AI score0.00878EPSS
Exploits1
Hacker One
Hacker One
β€’added 2021/06/07 11:28 a.m.β€’39 views

Rockstar Games: Cache Poisoning DoS on updates.rockstargames.com

In this report, the researcher discovered that there was a cache poisoning weakness on updates.rockstargames.com due to an unkeyed header, trailer. By sending this header, an attacker could cause the cache to save a malformed response with status code 400. An example of such a request, as provide...

0.3AI score
Exploits0
Hacker One
Hacker One
β€’added 2021/02/03 9:39 a.m.β€’39 views

Zenly: Google Maps API key stored as plain text leading to DOS and financial damage

The researcher highlighted the fact that the Google Maps API key which is by design easily retrievable from the .apk was missing some restrictions. It then could be used by anyone to query the Google Static Map API, and possibly lead to financial damage. Resolved by enforcing missing restrictions...

0.8AI score
Exploits0
Hacker One
Hacker One
β€’added 2020/12/24 9:31 a.m.β€’39 views

h1-ctf: Writeup Hackyholiday CTF

Hi there, Find my writeup on attached : F1128138 Thanks adam for making the CTF, Really PAIN for my head! Impact Hackerone Hoodie ? 😍😍...

1.8AI score
Exploits0
Hacker One
Hacker One
β€’added 2020/11/30 3:27 p.m.β€’39 views

Stripo Inc: No rate limit in email subscription

I managed to bypass the following report 1029723 please follow the steps below: Description: No rate limit in Email Subscription, you just have to add a fixed throttle in Burp Suite to avoid the 429 response. Note: I will use tempmail in the screenshots PoC Steps: 1. Go to https://stripo.email/ a...

7.1AI score
Exploits0
Hacker One
Hacker One
β€’added 2020/10/19 4:7 p.m.β€’39 views

Informatica: Improper Sanitization leads to XSS Fire on admin panel

Summary Because the HTML is not sanitized when taking the input on https://accounts.informatica.com/registration.html, the input is vulnerable to XSS. When a payload such as " is put into the form under company it triggers a blind xss. When the payload successfully is loaded, it dumps information...

5.7AI score
Exploits0
Hacker One
Hacker One
β€’added 2020/10/04 7:26 a.m.β€’39 views

TikTok: Bypass "Industry Documents" Validation

The researcher found that the attacker can bypass the review process and mark the document as "approved" when a user adds Industry Documents. The attacker will bypass only the qualification status at frontend, the form status is still under review, and it will be reviewed by an employee...

2.7AI score
Exploits0
Hacker One
Hacker One
β€’added 2020/10/02 1:48 p.m.β€’39 views

RBKmoney: Apple Pay cryptogram replay and amount tampering

During Apple Pay in-app or on-site payments the device generates a payment cryptogram, which contains a transaction ID, encrypted payment data, etc. This is an example of the cryptogram which the phone passes to the internet acquiring service on api.transferwise.com: "token": "paymentData":...

Exploits0
Hacker One
Hacker One
β€’added 2020/07/03 3:11 a.m.β€’39 views

Mail.ru: ΠžΡ‚ΠΊΡ€Ρ‹Ρ‚Π°Ρ Π°Π΄ΠΌΠΈΠ½ΠΊΠ° Tarantool

Testing installation of internal Tarantool admin inteface without actual users data was available from external network...

4AI score
Exploits0
Hacker One
Hacker One
β€’added 2020/06/03 4:2 a.m.β€’39 views

h1-ctf: [H1-2006 2020] 36 hours of brain cycles utilized on solving a neat puzzle

Here we go: F852423 Recon: The given scope is: .bountypay.h1ctf.com Found subdomains: bountypay.h1ctf.com api.bountypay.h1ctf.com app.bountypay.h1ctf.com software.bountypay.h1ctf.com staff.bountypay.h1ctf.com www.bountypay.h1ctf.com Relevant GitHub repository:...

6AI score
Exploits0
Total number of security vulnerabilities5000