Lucene search
K
HackeroneRecent

15372 matches found

Hacker One
Hacker One
β€’added 2017/10/15 2:0 a.m.β€’46 views

New Relic: Captcha Bypass on SignUp Form

The g-recaptcha-response parameter was not validated on the server side when submitting a form to the /signups endpoint. Any or no value could be provided for this parameter...

2AI score
Exploits0
Hacker One
Hacker One
β€’added 2017/10/14 7:39 p.m.β€’10 views

New Relic: Newrelic s3 bucket is writeable and deleteable by authorized AWS users

@kunalbahl discovered an open S3 bucket that appeared to belong to us. It was determined that this belonged to another company and this information was forwarded to Amazon for remediation...

3.5AI score
Exploits0
Hacker One
Hacker One
β€’added 2017/10/14 7:3 p.m.β€’10 views

Informatica: [marketplace.informatica.com] - Stored XSS

The researcher has identified and reported a Stored XSS in Informatica website and helped us in resolving the issue...

6.1AI score
Exploits0
Hacker One
Hacker One
β€’added 2017/10/14 3:1 p.m.β€’28 views

Legal Robot: Two accounts can be made with same password

A really nice bug to look into i found this while i was making my own account as i was testing for some serious bug i decided to just look into that how Legal Robot behaves when two account are made with the same password. Hacker Scenario: Person1 makes a account with a password called password n...

6.9AI score
Exploits0
Hacker One
Hacker One
β€’added 2017/10/14 1:1 p.m.β€’24 views

Radancy: xss flash on http://presentatie.werkenbijmcdonalds.nl/

A vulnerability in a flash file caused javascript to be executed in banners hosted on presentatie.werkenbijmcdonalds.nl...

6.8AI score
Exploits0
Hacker One
Hacker One
β€’added 2017/10/14 12:4 p.m.β€’20 views

Inflection: Host Header Injection and Cache Poisoning

Researcher submitted a report duplicating an issue that had already been reported to us, and then requested that we disclose this report publicly. So here we are...

6.8AI score
Exploits0
Hacker One
Hacker One
β€’added 2017/10/14 9:39 a.m.β€’13 views

Mail.ru: XSS Π² Ρ‚Π΅Π»Π΅ письма, Π² Π±Π»ΠΎΡ‡Π½Ρ‹Ρ… стилях.

ЗдравствуйтС! Π‘Π°Π³Π° Π² тСстируСмом HTML парсСрС. Π’ Π±Π»ΠΎΡ‡Π½Ρ‹Ρ… стилях Π Π°Π±ΠΎΡ‡ΠΈΠΉ ΠΊΠΎΠ΄: \test background-image:url'//\27\29\3Bcw:;a:'\3b\3C/style/\20;a:\28\27\27'; background-image:url'//\27\29\3Bcw:;a:'\3b;a:\28\27\27'; \p background-image:url'//\27\29\3Bcw:;a:'\3b;a:\28\27\27'; Π’ Π°Ρ‚Ρ‚Π°Ρ‡Π΅ txt Ρ„Π°ΠΉΠ» с...

6.9AI score
Exploits0
Hacker One
Hacker One
β€’added 2017/10/14 7:34 a.m.β€’20 views

Inflection: Privilege Escalation: Read-Only to Admin

While the interface hides the users page from read-only users, they can still perform PUT requests to the API to change their privileges where they only have read-only permissions...

2.6AI score
Exploits0
Hacker One
Hacker One
β€’added 2017/10/13 10:47 p.m.β€’14 views

Inflection: Goodhire Open Redirect

Researcher reported a duplicate issue...

6.9AI score
Exploits0
Hacker One
Hacker One
β€’added 2017/10/13 4:12 p.m.β€’18 views

Inflection: Information Disclosure and Privilege Escalation in app.goodhire.com/member/developers/api-settings

Researcher reported a missing authorization check when purchasing a report. As a result, any valid user with ordering privileges could place an order on behalf of any other account although would not be able to receive the results of the order. We added an authorization check to ensure that users...

6.8AI score
Exploits0
Hacker One
Hacker One
β€’added 2017/10/13 3:13 a.m.β€’37 views

Inflection: No password confirmation on changing primary email address

Users may change the primary email address associated with their account without being required to confirm their password again. The security researcher reporting this proposed that we add a password confirmation field when performing an email change. After considering the issue, we don't intend ...

6.9AI score
Exploits0
Hacker One
Hacker One
β€’added 2017/10/12 8:42 p.m.β€’23 views

Avito: CSS injection in avito.ru via IE11

Hi Team Security @avito I discovered CSS Injection on avito.ru in form search via IE11 Description CSS injection vulnerabilities arise when an application imports a style sheet from a user-supplied URL, or embeds user input in CSS blocks without adequate escaping. They are closely related to...

0.5AI score
Exploits0
Hacker One
Hacker One
β€’added 2017/10/12 6:39 p.m.β€’18 views

Mail.ru: reflected XSS on healt.mail.ru

Reflected XSS via GET paramters in quiz game on promo site in health.mail.ru subdomain. .health.mail.ru was in the bug bounty program's scope on the moment of report submission...

6.2AI score
Exploits0
Hacker One
Hacker One
β€’added 2017/10/12 2:0 p.m.β€’9 views

Mail.ru: XSS Π½Π° e.mail.ru Π² мобильном ΠΏΡ€ΠΈΠ»ΠΎΠΆΠ΅Π½ΠΈΠΈ!

Cross application scripting via message content in mobile mail application. Vulnerability affected a limited number of external domains connected in Mail.Ru mail application. Users of Mail.Ru mailboxes and largest mailbox providers were not affected, no access to confidential data was possible as...

3.7AI score
Exploits0
Hacker One
Hacker One
β€’added 2017/10/12 12:23 p.m.β€’132 views

Semrush: Email Spoofing

Hey SemRush, It appears that spoofed email can be sent from 1 of your emails. The following email is vulnerable: [email protected] Information: Email spoofing is the forgery of an email header so that the message appears to have originated from someone or somewhere other than the actual source...

6.8AI score
Exploits0
Hacker One
Hacker One
β€’added 2017/10/12 11:6 a.m.β€’33 views

International Islamic University Chittagong: Stored Xss on IIUC

NOTE! Thanks for submitting a report! Please replace all the square sections below with the pertinent details. Remember, the more detail you provide, the easier it is for us to verify and then deploy fix, so be sure to take your time filling out the report! Summary: add summary of the vulnerabili...

5.8AI score
Exploits0
Hacker One
Hacker One
β€’added 2017/10/12 8:55 a.m.β€’18 views

International Islamic University Chittagong: SQL Injection On iiuc

NOTE! Thanks for submitting a report! Please replace all the square sections below with the pertinent details. Remember, the more detail you provide, the easier it is for us to verify and then potentially issue a bounty, so be sure to take your time filling out the report! Summary: add summary of...

8AI score
Exploits0
Hacker One
Hacker One
β€’added 2017/10/11 7:55 p.m.β€’11 views

Razer US: XSS vulnerability on amp.razerzone.com

The tester discovered a reflected XSS vulnerability on a media content server, exploitable via Firefox. This content server was used by Razer employees and close partners to store media related to Razer products. We appreciate the tester's hard work and as a courtesy we granted reputation for thi...

6.2AI score
Exploits0
Hacker One
Hacker One
β€’added 2017/10/11 5:29 p.m.β€’11 views

International Islamic University Chittagong: Reflected XSS

Summary: add summary of the vulnerability Description: search mechanism uses POST method to request for search . So if we change it to get normally the XSS dosen't popup . But if we break it with " this we can get XSS . Platforms Affected: https://ieeeiiucsb.org/search/" Steps To Reproduce: Visit...

6.3AI score
Exploits0
Hacker One
Hacker One
β€’added 2017/10/11 4:47 p.m.β€’28 views

Legal Robot: Legal Robot

well i m hacker in the messag you secktor in your fuckingt...

6.8AI score
Exploits0
Hacker One
Hacker One
β€’added 2017/10/11 7:28 a.m.β€’17 views

Razer US: [amp.razerzone.com] SQL injection via resource_type parameter

The tester discovered multiple SQL Injection vulnerabilities on a media content server. One used exploited a single quote and the other the cookie parameter. This content server was used by Razer employees and close partners to store media related to Razer products. We appreciate the tester's har...

7.9AI score
Exploits0
Hacker One
Hacker One
β€’added 2017/10/11 6:14 a.m.β€’13 views

Mail.ru: Blind XXE on my.mail.ru

Blind XXE in my.mail.ru Moi Mir avatar upload feature. Moi Mir is not covered by regular Bug Bounty program, a bounty was awarded as a bones due to high potential impact. Blind OOB XXE issue was found in upload avatar feature...

6.9AI score
Exploits0
Hacker One
Hacker One
β€’added 2017/10/11 5:41 a.m.β€’15 views

Starbucks: Multiple Subdomain takeovers via unclaimed instances

Hacker @benoculars was able to successfully faciliate multiple subdomain takeovers by taking advantage of a process flow to use some of the space provided for germany.openapi.starbucks.com, psv.openapi.starbucks.com, stage-psv.openapi.starbucks.com, and test-psv.openapi.starbucks.com. While we we...

6.9AI score
Exploits0
Hacker One
Hacker One
β€’added 2017/10/11 4:53 a.m.β€’19 views

Tor: Use of unitialized value in token_check_object (src/or/parsecommon.c:224)

Triggered in 22139c0, compiled with -fsanitize=memory and clang 6.0.0-trunk. ./fuzz-consensus test00d68 =9591==WARNING: MemorySanitizer: use-of-uninitialized-value 0 0x55ca86e51348 in tokencheckobject /root/tor/src/or/parsecommon.c:224:13 1 0x55ca86e51348 in getnexttoken...

2.5AI score
Exploits0
Hacker One
Hacker One
β€’added 2017/10/11 4:47 a.m.β€’12 views

Tor: Use of uninitialized value in networkstatus_parse_vote_from_string (src/or/routerparse.c:3533)

Triggered in 22139c0, compiled with -fsanitize=memory and clang 6.0.0-trunk. ./fuzz-consense test000bbb ==9293==WARNING: MemorySanitizer: use-of-uninitialized-value 0 0x5611f7f7e4de in networkstatusparsevotefromstring /root/tor/src/or/routerparse.c:3533:23 1 0x5611f75bbbd1 in fuzzmain...

6.9AI score
Exploits0
Hacker One
Hacker One
β€’added 2017/10/11 4:7 a.m.β€’11 views

Legal Robot: Broken links for stale domains may be leveraged for Phishing, Misinformation, Defaming

Hi, URL: https://www.legalrobot.com/press/2016/07/07/tech4good-on-a-global-scale/ Broken link for an expired domain which is available for sale: http://ecotechfoundation.net/ You may verify that it is available for sale @...

6.9AI score
Exploits0
Hacker One
Hacker One
β€’added 2017/10/10 6:47 p.m.β€’17 views

New Relic: [NR Infrastructure] Bypass of #200576 through GraphQL query abuse - allows restricted user access to root account license key

@jonbottarini discovered an issue with our GraphQL implementation. This allowed a user without the proper authorization access to privileged account information on the same account. The writeup for this issue can read here: https://labs.detectify.com/2018/03/14/graphql-abuse/...

2.4AI score
Exploits0
Hacker One
Hacker One
β€’added 2017/10/10 2:38 p.m.β€’12 views

ownCloud: Password Complexity Not Enforced On Password Change

Hi! Owncloud does not enforce password complexity on password change, so it's possible to use passwords of any size or form. In example I can set my password to be "a" or "qwerty". How to reproduce: Change your password to something that does not match your required complexity. Proof Of Concept:...

0.6AI score
Exploits0
Hacker One
Hacker One
β€’added 2017/10/10 1:9 p.m.β€’31 views

WordPress: Stored XSS in WordPress

Hi, Introduction --------------- The upload mechanism in WordPress works by the role of the user who's trying to upload something. So every role has a permission to upload certain files. For the lowest role like author can upload harmless file such as txt, png, gif, jpg, zip, with this file the...

6.3AI score
Exploits0
Hacker One
Hacker One
β€’added 2017/10/10 9:4 a.m.β€’20 views

Zendesk: Secret API Key Leakage via Query String

See title...

6.9AI score
Exploits0
Hacker One
Hacker One
β€’added 2017/10/10 6:22 a.m.β€’38 views

Rocket.Chat: Remote Code Execution in Rocket.Chat Desktop

Summary: The Markdown parser can be tricked into allowing arbitrary Javascript leading to "remote code execution". Description: By combining the "link" and inline code block we can trick the parser into breaking out of the current HTML attribute. This allows us to control other attributes of the...

0.2AI score
Exploits0
Hacker One
Hacker One
β€’added 2017/10/09 9:58 p.m.β€’16 views

Tor: Address Bar Spoofing on TOR Browser

Hi TOR team, I would like to report a security bug in your browser: Step 1: Goto http://www.ΥΈokia.com/http://jsbin.com/wuyikedaxi/1/edit?html,output Step 2: Observe that address bar points to http://www.ΥΈokia.com/ which actually to be pointing to http://xn--okia-zgf.com, however browser displays...

1.2AI score
Exploits0
Hacker One
Hacker One
β€’added 2017/10/09 5:46 p.m.β€’202 views

Starbucks: Subdomain takeover on developer.openapi.starbucks.com

Hi team, Summary: Subdomain developer.openapi.starbucks.com is vulnerable to subdomain takeover via Mashery service. The reason why it's worked unfortunately not fully clear to me. Details: Doing my recent research on starbucks.com subdomains, I stumbled upon http://developer.openapi.starbucks.co...

6.9AI score
Exploits0
Hacker One
Hacker One
β€’added 2017/10/09 3:0 p.m.β€’31 views

Mail.ru: Stored XSS using SVG on subdomain infra.mail.ru

It was possible to execute the script in the context of https://infra.mail.ru:8080/ by publishing static script-containing file such as SVG or XML in "Infra" service. This context doesn't use cookies for authentication, but XSS could allow phishing / content spoofing. This problem was addressed b...

6.5AI score
Exploits0
Hacker One
Hacker One
β€’added 2017/10/08 3:56 p.m.β€’17 views

X (Formerly Twitter): Blind XSS in Mobpub Marketplace Admin Production | Sentry via demand.mopub.com (User-Agent)

Summary: I've identified a Blind XSS vulnerability that fires in the Mobpub Marketplace Admin Production | Sentry dashboard and can be triggered by sending a HTTPS request to an endpoint from the domain demand.mopub.com. Description: I've sent the following HTTPS request to the following URL...

6.8AI score
Exploits0
Hacker One
Hacker One
β€’added 2017/10/08 3:38 p.m.β€’25 views

Ubiquiti Inc.: Stored XSS in dev-ucrm-billing-demo.ubnt.com In Client Custom Attribute

Hey, Was Testing the subdomins when I came Accross the subdomain https://dev-ucrm-billing-demo.ubnt.com/ I logged in as an Administrator and while testing i added a User and In Client Custom Attribute 1 i added the Payload: """"/ and Save the Client and Then on client page i.e:...

6.2AI score
Exploits0
Hacker One
Hacker One
β€’added 2017/10/08 7:31 a.m.β€’23 views

IRCCloud: Missing robots exclusion header for user uploads

User uploaded text files can be linked from external websites and end up appearing in search engine result pages if you perform a search such as: site:.irccloud-cdn.com ext:txt It's not possible to completely prevent such listings on all search engines, but some search crawlers support the...

6.7AI score
Exploits0
Hacker One
Hacker One
β€’added 2017/10/07 8:24 p.m.β€’15 views

Automattic: Stored XSS Using Media

Hi, Summary: This exploits an XSS vulnerability on polldaddy.com Steps to Reproduce: 1. Create a multiple-choice question quiz on Polldaddy 2. Insert stored XSS payload into Media Embed such that it matches the shortcode format Payload: 3. When someone goes on the quiz page through the quiz share...

6.1AI score
Exploits0
Hacker One
Hacker One
β€’added 2017/10/07 7:31 a.m.β€’14 views

Weblate: Account Restore / Reactivating an old email via old reset link

Hi, I noticed you now send a confirmation link after loading the reset link, below is a screenshot showing the email and highlighting the error. F227060 Best Regards, @footstep...

0.9AI score
Exploits0
Hacker One
Hacker One
β€’added 2017/10/07 5:47 a.m.β€’26 views

HackerOne: Pending member invitations are not revoked on program name change

Summary: When private program updates the handle of the hackerone program, former team members can see the new updated handles using old invitation link. The invitation link looks like https://hackerone.com/invitations/ This may also be true for participants participating in private programs but ...

6.7AI score
Exploits0
Hacker One
Hacker One
β€’added 2017/10/07 12:56 a.m.β€’13 views

Mail.ru: touch.mail.ru/messages - Stored XSS

XSS in touch.mail.ru image preview feature via crafted attachment filename...

6.3AI score
Exploits0
Hacker One
Hacker One
β€’added 2017/10/06 11:57 p.m.β€’16 views

RubyGems: Gem signature forgery

Summary Inconsistencies in how gem processes gem files make it possible to reuse a signature from an existing signed gem and apply it to arbitrary contents. The forged gem will install even with -P HighSecurity. The attached file multijson-1.12.2.gem is a forged version of the genuine...

Exploits0
Hacker One
Hacker One
β€’added 2017/10/06 9:32 p.m.β€’92 views

WakaTime: Can link to websites from profile

when I input a website to my profile it creates tag link: test.org this is a flaw, how? if the owner of the profile and a malicious link it is possible to redirect the user to a phishing page of wakatime. Here's the scenario of this attack: 1 Attacker put a malicious link on his profile. 2 Once t...

1.6AI score
Exploits0
Hacker One
Hacker One
β€’added 2017/10/06 9:3 p.m.β€’98 views

WakaTime: password token validation

Hello, when I reset password all tokens are valid can be used, should keep valid only token in the last request or you can invalidate all reset links after using one of the requests successfully. Steps: 1 go to the password reset page and request more than one request. 2 go to your email and use...

1AI score
Exploits0
Hacker One
Hacker One
β€’added 2017/10/06 4:27 p.m.β€’36 views

Instacart: Get all instacart emails - missing rate limit on /accounts/register

Hey Instacart team, When signing up for an account, you enter your email. When this email is already in use, the server responds with ""errors":"email":"has already been taken"" This in not a problem, but the fact that you could send this request unlimited times is the issue. This way we can easi...

6.9AI score
Exploits0
Hacker One
Hacker One
β€’added 2017/10/06 9:25 a.m.β€’6 views

Tor: Use of unitialized value in crypto_pk_num_bits (src/common/crypto.c:971)

Vulnerability description not provided...

7.1AI score
Exploits0
Hacker One
Hacker One
β€’added 2017/10/06 9:20 a.m.β€’22 views

Tor: Use of uninitialized value in memarea_strdup (src/common/memarea.c:369)

Triggered in 51e4748 , compiled with clang 6.0.0-trunk and -fsanitize=memory. ./fuzz-hsdescv2 test001 Uninitialized bytes in interceptorstrlen at offset 0 inside 0x7fff5525ff80, 51 ==19693==WARNING: MemorySanitizer: use-of-uninitialized-value 0 0x5570edfe5fbd in memareastrdup...

6.9AI score
Exploits0
Hacker One
Hacker One
β€’added 2017/10/06 8:49 a.m.β€’47 views

RubyGems: Remote code execution on rubygems.org

When parsing a gem POSTed to the /api/v1/gems endpoint, the rubygems.org application immediately calls Gem::Package.newbody.spec inside app/models/pusher.rb. The authors of the application correctly observed that parsing untrusted YAML is dangerous since it can serialize more or less arbitrary...

7.5CVSS9.3AI score0.15853EPSS
Exploits1
Hacker One
Hacker One
β€’added 2017/10/05 7:50 p.m.β€’21 views

Imgur: Xss on community.imgur.com

Hello Team Description: I found a reflected cross site scripting on community.imgur.com Steps To Reproduce: Visit https://community.imgur.com/email/[email protected]%27%22%3E%3Csvg/onload=alertdocument.domain%3E F226739 Regards Santhosh...

0.2AI score
Exploits0
Hacker One
Hacker One
β€’added 2017/10/05 5:47 p.m.β€’31 views

Mail.ru: Stored XSS when you read eamils. <style>

Hello team, I have found stored XSS when you read emails via html tag. PoC: div background-image: url"data:image/jpg;base64,"; background-color: cccccc; lol F226715...

1.2AI score
Exploits0
Total number of security vulnerabilities15372