Lucene search
K
HackeroneRecent

15372 matches found

Hacker One
Hacker One
added 2017/10/27 9:30 p.m.49 views

AlienVault : [www.threatcrowd.org] - reflected XSS

Summary: I have found a reflected XSS in https://www.threatcrowd.org/graphHtml.php, in GET parameter email. Browsers Verified In: Firefox 56.0.1 Steps To Reproduce: 1. Browse to https://www.threatcrowd.org/graphHtml.php?email=%27-alertdocument.domain-%27 2. Click on the embed functionnality in th...

6.3AI score
Exploits0
Hacker One
Hacker One
added 2017/10/27 3:57 p.m.20 views

Infogram: XSS on infogram.com

Hello, There is a XSS on Report templates. Free templates : Report Classic When we modify the values of table we can put XSS Payload. Payload used : " "/...

6.3AI score
Exploits0
Hacker One
Hacker One
added 2017/10/27 3:1 p.m.33 views

Infogram: Password Reset Token Not Expired

Hello Team, Here in this scenario, I've found that the there's a kind of server side invalidation of Password Reset tokens. Like if I've requested for password reset token token1 and I don't use it, after I will make another request for password reset token token2. This time I'll use the token2...

6.9AI score
Exploits0
Hacker One
Hacker One
added 2017/10/27 2:6 p.m.21 views

VK.com: Stored xss в /lead_forms_app.php

XSS в "Форме сбора заявок". Жесть...

6.3AI score
Exploits0
Hacker One
Hacker One
added 2017/10/27 11:40 a.m.105 views

Inflection: XST(Cross Site Tracing)

Researcher reported that OPTIONS and TRACE HTTP methods are enabled. HTTP configuration best practices are not currently in scope for our HackerOne program, so we closed the report. Researcher requested that we disclose it...

6.9AI score
Exploits0
Hacker One
Hacker One
added 2017/10/27 11:4 a.m.15 views

Mail.ru: [health.mail.ru] Раскрытие SSI сценариев

SSI template content leaked on invalid HTTP request in health.mail.ru and few more projects. On the moment of reporting, health.mail.ru was in Main scope of bug bounty program...

0.1AI score
Exploits0
Hacker One
Hacker One
added 2017/10/27 10:36 a.m.47 views

Infogram: Login Cross Site Request Forgery

Login form is not protected against Cross Site Request Forgery. An attacker can craft html page containing POST information to have victim sign into an attacker's account, where the victim can add information assuming he/she is logged into the correct account, where in reality, the victim is sign...

6.6AI score
Exploits0
Hacker One
Hacker One
added 2017/10/27 9:7 a.m.22 views

X (Formerly Twitter): Open Redirect Protection Bypass

Hi Report 281538 is fixed but Attacker can Bypass this Open Redirect Protection. Give this link https://twitter.com/teams/authorize?targetscreenname=&authorizecallback=//www.facebook.com to authorized victim.Twitter will say him to authorize a different account for create team.After authorization...

6.8AI score
Exploits0
Hacker One
Hacker One
added 2017/10/27 3:52 a.m.17 views

Mavenlink: [app.mavenlink.com] IDOR to view sensitive information

The researcher found an IDOR that when exploited would result in an error message that was too verbose. The verbose error message included the title of the workspace that the user was attempting to access and being denied persmission to...

6.8AI score
Exploits0
Hacker One
Hacker One
added 2017/10/27 2:42 a.m.45 views

RecargaPay: IDOR exposes receipts of all users.

@cablej found an insecure direct object reference IDOR that could expose receipts from external users. Thanks for helping us make RecargaPay more secure!...

6.9AI score
Exploits0
Hacker One
Hacker One
added 2017/10/26 10:17 p.m.26 views

HackerOne: Private partial disclosure of h1 infrastructure

Description I've found that following servers & services can be potentially interesting when attacking h1-infrastructure: Payments Admin ██████ API Docs ██████████ API █████████ MailCatcher ██████████ Story Book ███ Karma ████████ Core Test Server █████████ Core Staging ████ Core Production...

6.8AI score
Exploits0
Hacker One
Hacker One
added 2017/10/26 6:6 p.m.21 views

HackerOne: Private Program all members disclosed

After receiving an invite to a private program, it was possible to view all of its team members: https://hackerone.com/invitations/invitation code.json "teammembers":"username":"","username":"","username":"","username":"","username":"","username":""...

6.8AI score
Exploits0
Hacker One
Hacker One
added 2017/10/26 3:23 p.m.32 views

Infogram: A10 – Unvalidated Redirects and Forwards

https://infogram.com/login Web applications frequently redirect and forward users to other pages and websites, and use untrusted data to determine the destination pages. Without proper validation. when i intercept the twitter request and change it to the google then it will redirect you to the...

6.8AI score
Exploits0
Hacker One
Hacker One
added 2017/10/26 12:18 p.m.32 views

IRCCloud: [IRCCloud Android] XSS in ImageViewerActivity

Hi, I'd like to report HTML/JS injection in activity com.irccloud.android.activity.ImageViewerActivity which is exported: xml so can be launched by arbitrary apps installed on the same device. On the newest Androids could be exploited also by Android Instant Apps directly from a web-browser...

7.3AI score
Exploits0
Hacker One
Hacker One
added 2017/10/26 11:30 a.m.55 views

IRCCloud: [IRCCloud Android] Opening arbitrary URLs/XSS in SAMLAuthActivity

Hi, I'd like to report a bug which allow to open arbitrary URLs in com.irccloud.android.activity.SAMLAuthActivity This activity is exported: xml it means that it can be accessed by any third-party apps installed on the same device. On the newest Androids it also could be exploited by Android...

6.8AI score
Exploits0
Hacker One
Hacker One
added 2017/10/26 7:25 a.m.37 views

HackerOne: View Any Program's Team Members through GET https://hackerone.com/invitations/

@nickcas discovered that it was possible to view all the team members of a program through a JSON response that is sent when a user is invited to collaborate on a report via the /invitations/ endpoint. He was able to provide a very clear PoC, which consisted of a list showing all the members of t...

6.6AI score
Exploits0
Hacker One
Hacker One
added 2017/10/25 7:57 p.m.15 views

Infogram: Report Design Critical Stored DOM XSS Vulnerability

Hi Team, Another XSS vulnerability in report designer but this one is critical. Problem Point Report's Overview Table Report Creation Url https://infogram.com/app/edit/e7b161f1-f708-48e5-bab7-de9887ae202a Sample Data Click for Detail Sample URL https://infogram.com/report-classic-1g57pr0g3xdvp01...

6.3AI score
Exploits0
Hacker One
Hacker One
added 2017/10/25 4:55 p.m.15 views

WordPress: UnResolved ChangeSet are Visible to Public That also Causes Information Disclosure

Hello, While testing Your Security I Observed that the Security Report Reported to You After Validation arranged for fix or you can say that a public repository created for the code powering the site at https://code.trac.wordpress.org/changeset/ID that Leaks Following Things 1.UnResolved Bugs 2.P...

7.2AI score
Exploits0
Hacker One
Hacker One
added 2017/10/25 9:43 a.m.21 views

Weblate: no notification send to victim if attacker hacks/accesses his victims WebLate account.

hello team, when a hacker hacks into his victims WebLate account, the victim does not get any notifications. via email for example this means that the victim therefore won't take action to change his password for example in order to secure his account. Risk: very, very dangerous a hacker can now ...

3AI score
Exploits0
Hacker One
Hacker One
added 2017/10/25 8:11 a.m.23 views

Tor: Detecting Tor Browser UI Language

Suppose that a user downloads a non-English version of Tor Browser from https://www.torproject.org/projects/torbrowser.html.en, there is a way to detect which UI language the user is using. I don't think you want websites to detect this info, because at the first time I launched non-English Tor...

6.8AI score
Exploits0
Hacker One
Hacker One
added 2017/10/24 9:25 p.m.25 views

X (Formerly Twitter): OS Command Execution on User's PC via CSV Injection

Summary: Twitter is vulnerable to CSV Injection. If an attacker can successfully exploit this, then they will compromise the PC of the user. The injection point is via a tweet on the main twitter.com site while the retrieval point is via the “Export Data” option on the analytics site. Description...

7.9AI score
Exploits0
Hacker One
Hacker One
added 2017/10/24 8:1 p.m.28 views

Rockstar Games: Stored XSS on profile page via Steam display name

The researcher was able to demonstrate a XSS vulnerability by using their Steam nickname as the payload vector. This was due to insufficient filtering on Linked Account name fields. We pushed out an update that replaces suspicious Linked Account names with a generic string in order to prevent...

6.2AI score
Exploits0
Hacker One
Hacker One
added 2017/10/24 7:50 p.m.16 views

Mail.ru: XSS через подгрузку ссылки.

Доброго времени суток. Я нашел новую xss в https://connect.mail.ru/ POC: 1. Переходим на неизвестную ветку википедии, например эту https://io.wikipedia.org/wiki/Nenufaro 2. Вставляем туда скрипт " F232448 3. Подгружаем страничку википедии через наш сервис...

6.9AI score
Exploits0
Hacker One
Hacker One
added 2017/10/24 7:9 p.m.29 views

Ruby: Take back my all data from [email protected]

Attack...

6.9AI score
Exploits0
Hacker One
Hacker One
added 2017/10/24 5:58 p.m.17 views

Infogram: No Confirmation or Notification During Email Change which can leads to account takeover

Hi Team, I have noticed that, when user change his email through account setting, user doesn't get any notification or confirmation to change an email from xxxx to yyyyy. If user kept his/her account logged-in into PC, cafe, college systems then attacker can change his/her email to own mail and c...

7AI score
Exploits0
Hacker One
Hacker One
added 2017/10/24 5:49 p.m.32 views

Infogram: No notification on Password Change

Hi Team, Description : I noticed there is an issue with password reset functionality user is not receiving notification when he reset password. Even though when user change password through profile, not getting an email notification. Issue: user not always gets a notification about password chang...

7AI score
Exploits0
Hacker One
Hacker One
added 2017/10/24 5:36 p.m.157 views

Infogram: User enumeration via forgot password error message

Hi Team, Vulnerable URL : https://infogram.com/forgot Description: During testing forgot password field whether it's rate limiting is working or not, I noticed forgot password field is vulnerable to user enumeration. When user enter email id which is not available into database it shows an error ...

7AI score
Exploits0
Hacker One
Hacker One
added 2017/10/24 4:4 p.m.15 views

Infogram: XSS on Report Classic

hi team ... i found XSS on https://infogram.com/app//library step .. 1- go to https://infogram.com/app//library 2- choose Report Templates . 3- Use Report Classic 4- click to editdata 5- payload //" “alertdocument.cookie 6-execute XSS and which you edit data XSS stared...

6.3AI score
Exploits0
Hacker One
Hacker One
added 2017/10/24 3:4 p.m.16 views

Infogram: Memory Corruption via Large Pixels

A memory corruption vulnerability was reported in an image processing service. By uploading a maliciously crafted image with extremely large dimensions, an attacker could cause the service to allocate an excessive amount of memory during image processing, potentially leading to memory corruption...

7AI score
Exploits0
Hacker One
Hacker One
added 2017/10/24 1:48 p.m.18 views

Infogram: Application Vulnerable to CSRF - Remove Invited user

POC: 1. Login to the application with a business account. 2. Go to Manage teams, where we can send invites to a team member. Send a Invite to a team member 3. After the invite is sent to a user, the admin has option to Remove User. 4. While trying to remove the user, capture the request in burp ,...

Exploits0
Hacker One
Hacker One
added 2017/10/24 12:46 p.m.23 views

Infogram: Sensitive information is publicly available

During the analysis it was found that some sensitive information like ip is available on this url .https://infogram.com/ip/...

6.6AI score
Exploits0
Hacker One
Hacker One
added 2017/10/24 10:51 a.m.18 views

Infogram: Outdated jQuery Version

During analysis, it was observed that the application is using outdated jQuery version i.e. 1.11.2...

6.9AI score
Exploits0
Hacker One
Hacker One
added 2017/10/24 8:59 a.m.18 views

Tor: Cross-domain linkability when system time changed in Tor Browser

This report is inspired by 257942. That report uses languagechange event as an indicator for different tabs to link multiple visits to a single user. This report uses another trick to achieve the same thing. Malicious websites keeps reading Date.now inside a setInterval loop with a short interval...

6.6AI score
Exploits0
Hacker One
Hacker One
added 2017/10/23 8:49 p.m.37 views

Infogram: Stored XSS in the Custom Logo link (non-Basic plan required)

Description Hello. Recently i contacted with Infogram, and requested trial of the Business version to test some features, which was unavailable in the Basic version. I discovered the stored cross-site scripting issue in the Custom Logo link. F232084 There was some URL checks in place, but i was...

5.8AI score
Exploits0
Hacker One
Hacker One
added 2017/10/23 5:52 p.m.12 views

WordPress: Unauthenticated hidden groups disclosure via Ajax groups search

Note: this issue was previously submitted to [email protected], because I did not have the rep to submit it here. That was cleared up with HackerOne, so I am now submitting the issue here, at @aaroncampbell's direction. Summary It is possible for an unauthenticated user to view the title,...

6.9AI score
Exploits0
Hacker One
Hacker One
added 2017/10/23 10:27 a.m.17 views

Infogram: Internal Ports Scanning via Blind SSRF

Introduction: I found a Blind SSRF issue that allows scanning internal ports. How to reproduce: Login Send the request https://infogram.com/api/webresource/url?q=TARGETURI Look up the response. If valid, it returns status code 200 and the website's title will be exposed, or 404 for otherwise. For...

6.9AI score
Exploits0
Hacker One
Hacker One
added 2017/10/23 9:50 a.m.19 views

Ruby: Bugs

Account info...

6.9AI score
Exploits0
Hacker One
Hacker One
added 2017/10/23 1:27 a.m.31 views

VK.com: XSS в личных сообщениях

XSS в ссылках в личных сообщениях, приходящих в реалтайме...

6.3AI score
Exploits0
Hacker One
Hacker One
added 2017/10/23 1:17 a.m.16 views

Ruby: Provide a security sistem most fit to our team

Now we want to proof that our security sistem is most fit in this year...

6.8AI score
Exploits0
Hacker One
Hacker One
added 2017/10/22 9:24 a.m.2348 views

Tor: Crashes/Buffer at 0x2C0086,name=PBrowser::Msg_Destroy

Hi Team, Steps to Reproduce: 1. Open Tor 2. Navigate to string.html Where string.html : function tor var uristring = unescape"%u4141%u4141"; fori=0; i 3. 'Gah! This tab has crashed. However, running it to debug mode generates the below exception : !!! ParentMessageChannel Error:...

6.8AI score
Exploits0
Hacker One
Hacker One
added 2017/10/22 3:8 a.m.67 views

Duolingo: RCE in TinyCards for Android

We found and confirmed an RCE bug in TinyCards for Android. Is it in scope, and if not how do we report this security issue to DuoLingo...

6.8CVSS7.8AI score0.0348EPSS
Exploits1
Hacker One
Hacker One
added 2017/10/22 2:53 a.m.25 views

Tor: Preferred language option fingerprinting issue in Tor Browser

I'm not so sure if this is an in-scope issue or by-design. But based on my understanding of 1, I feel that Tor doesn't want to make user configuration details of Tor Browser detectable by websites. But in about:preferencescontent, there's a "Languages" section that allows users to "choose your...

6.7AI score
Exploits0
Hacker One
Hacker One
added 2017/10/21 10:48 p.m.72 views

Mavenlink: Password reset link injection allows redirect to malicious URL

@cablej found a vulnerability in our password reset functionality that allowed an attacker using an HTTP request with a modified Host header to cause a password reset link to be emailed to the target user that would navigate to the attacker's domain. Because the password reset emails are sent fro...

6.9AI score
Exploits0
Hacker One
Hacker One
added 2017/10/21 1:41 p.m.51 views

Inflection: Unsubscribe Any User

Researcher reported that HubSpot's "unsubscribe" feature allows any user to unsubscribe from marketing emails without having to confirm their email address. Inflection does not consider this a vulnerability, as we want to make it as easy as possible for users to stop receiving marketing emails th...

6.8AI score
Exploits0
Hacker One
Hacker One
added 2017/10/21 11:28 a.m.20 views

Inflection: Limited Account Takeover via Backup codes

Researcher submitted a duplicate of a previously-submitted report and requested public disclosure of this report...

6.8AI score
Exploits0
Hacker One
Hacker One
added 2017/10/21 7:18 a.m.10 views

Stellar.org: xss

content on a server is including Javascript content from an unrelated domain. When this script code is fetched by a user browser and loaded into the DOM, it will have complete control over the DOM, bypassing the protection offered by the same-origin policy. Even if the source of the script code i...

0.7AI score
Exploits0
Hacker One
Hacker One
added 2017/10/21 4:48 a.m.54 views

Uber: No rate limiting on https://biz.uber.com/confirm allowed an attacker to join arbitrary business.uber.com accounts

A lack of rate limiting on the "/confirm" endpoint made it possible for an attacker to add themselves to arbitrary business.uber.com accounts by brute forcing confirmation codes. If they were able to successfully brute force the correct confirmation code, this would allow an attacker to take ride...

1.9AI score
Exploits0
Hacker One
Hacker One
added 2017/10/21 3:56 a.m.28 views

RubyGems: Negative size in tar header causes infinite loop

Proof of concept The attached file loop.gem causes an infinite loop in any command that tries to iterate over the entries in the tar container. gem install loop.gem gem unpack loop.gem gem specification loop.gem Summary Gem::Package::TarHeader.from uses oct to parse fields in the tar header. oct...

6.9AI score
Exploits0
Hacker One
Hacker One
added 2017/10/20 11:30 p.m.24 views

RBKmoney: IDOR in merchant.rbmonkey.com allows deleting eShops of another user

Website merchant.rbmonkey.com was exposed to an insecure direct object reference vulnerability IDOR which may allow an attacker to deleting shop objects of another user...

6.8AI score
Exploits0
Hacker One
Hacker One
added 2017/10/20 10:23 p.m.22 views

Uber: XSS on partners.uber.com due to no user input sanitisation

The /p3/drivers/vehicles/add endpoint on partners.uber.com was vulnerable to cross site scripting, since the endpoint did not validate the data it received, it did not perform encoding on the data to remove or make harmless HTML-sensitive characters such as . The page response was not served with...

0.5AI score
Exploits0
Total number of security vulnerabilities15372