Search & Find


Post a writeup

Contributors


palant
Write-ups shared: 11

alyssa
Write-ups shared: 8

zseano
Write-ups shared: 6

Spazzyy
Write-ups shared: 5

twiceDi
Write-ups shared: 4

noob
Write-ups shared: 4

janijay007
Write-ups shared: 4

syntaxerror
Write-ups shared: 3

iamthere
Write-ups shared: 3

nikhil
Write-ups shared: 3

tomnomnom
Write-ups shared: 2

updateLap
Write-ups shared: 2

hateshape
Write-ups shared: 2

plenum
Write-ups shared: 2

ehsahil
Write-ups shared: 7

slawbra
Write-ups shared: 2

warlord3112
Write-ups shared: 2

dorkerdevil
Write-ups shared: 2

haxormad
Write-ups shared: 2

andrysec
Write-ups shared: 2

Recognizing basic security flaws in local password managers

Written by palant

Program: Password Depot Rating: Critical
Visit Writeup »

Various RememBear security issues

Written by palant

Program: RememBear Rating: High
Visit Writeup »

the words of the overseas child

Written by aafauzan100gmailcom

Program: [redacted] Rating: High
Visit Writeup »

ornamental plant stem

Written by aafauzan100gmailcom

Program: [redacted] Rating: Low
Visit Writeup »

What is the most affordable transcription service for digital recordings?

Written by alvabenton

Program: You can find affordable transcription services are online. I occasionally use online services as they are cheap and hassle-free. You can upload all the flies and get the transcripts delivered as you wish. It is much better than using any translation service nearby. For my paper, in addition to the notes, I recorded my seminars and conferences on my phone for references. But never used them as I hate spending my time skipping through useless stuff. I end up I am searching for the topics. It was quick but nothing compares to subject knowledge of experts. I was frustrated with the digital records that I couldn’t use. That when I learned about Online transcription services through my friend. He recommended a local service his sister was using at that time. But the cost was to transcribe high for all my recordings. Also, I must wait for a week or so. That is when I searched online and found there are offers for bulk orders. I found it much affordable and very helpful to sort out my notes. Believe me, text notes are way better than any video or audio. You can find many agencies and freelancer who are available for an easy price. I occasionally pile up my files and send to Transcription Services, one I have been using for years now. They are cheap and reliable at any time of year. There are offers too that will cut down your budget. Here is the link to the website.TranscriptionNow.com Rating: Medium
Visit Writeup »

$5000 Apache /server-status page

Written by drs

Program: Unknown Rating: None set
View Writeup »

SQL Injections on [ Telkom Server Acess ]

Written by andrysec

Program: SQL Injections on [ Telkom Server Acess ] Rating: Critical
View Writeup »

SQL Injections on [ Telkom Server Acess ]

Written by andrysec

Program: SQL Injections on [ Telkom Server Acess ] Rating: Critical
View Writeup »

20k Server With Unrestricted Access

Written by Spazzyy

Program: [redacted] Rating:
Visit Writeup »

Long Journey to Google's Hof

Written by haxormad

Program: Google Rating: Low
Visit Writeup »

Infinite Loop story

Written by dorkerdevil

Program: [redacted] Rating: Low
Visit Writeup »

1500$ worth Deserialization vulnerability

Written by dorkerdevil

Program: [redacted] Rating: Critical
Visit Writeup »

Looking for something?

We have 6,992 disclosed issues from HackerOne

Keyword:

Top Disclosers


sp1d3rs
Bugs Found: 361
Bugs Disclosed: 53

bl4de
Bugs Found: 86
Bugs Disclosed: 37

cablej
Bugs Found: 274
Bugs Disclosed: 25

zephrfish
Bugs Found: 101
Bugs Disclosed: 22

anshumanbh
Bugs Found: 69
Bugs Disclosed: 20

alyssa
Bugs Found: 136
Bugs Disclosed: 17

babayaga
Bugs Found: 55
Bugs Disclosed: 17

rootxharsh
Bugs Found: 235
Bugs Disclosed: 15

tungpun
Bugs Found: 44
Bugs Disclosed: 13

juliosoares
Bugs Found: 142
Bugs Disclosed: 11

michiel
Bugs Found: 61
Bugs Disclosed: 11

rijalrojan
Bugs Found: 97
Bugs Disclosed: 10

defmax
Bugs Found: 136
Bugs Disclosed: 10

d1pakda5
Bugs Found: 106
Bugs Disclosed: 9

spam404
Bugs Found: 240
Bugs Disclosed: 8

[lootdog.io] User phone number disclosure

@ Submitted to mailru by theappsec
Bug Type: Information Disclosure

User phone could be self-disclosed on lootdog.io ...


Rating: None | This issue took 4 Day and 20 hours to fix

Algorithmic complexity vulnerability in ZXCVBN leads to remote denial of service attack

@ Submitted to dropbox by davidrenardy
Bug Type: Denial of Service

<a href="/davidrenardy">@davidrenardy</a> discovered that the ZXCVBN algorithm is quadratic in time complexity, which implies that the user can submit an arbitrarily long......


Rating: None | This issue took 3 Day and 0 hours to fix

Link obfuscation bug

@ Submitted to brave by padpao
Bug Type: Cryptographic Issues - Generic

Summary: Link preview in the left bottom of Brave Browser will show the link where the user will be redirected after clicking it, but after clicking the link, the affected user will be redirected......


Rating: Low | This issue took 0 Day and 17 hours to fix

Unrestricted File Upload To Xss Stored [ https://ideas.browser.mail.ru/ ]

@ Submitted to mailru by elmahdi
Bug Type: Cross-site Scripting (XSS) - Stored

Stored XSS in <a title="https://ideas.browser.mail.ru/" href="/redirect?signature=99ad4303e4f13d29518c5dcf683e9f800daef9ff&amp;url=https%3A%2F%2Fideas.browser.mail.ru%2F"......


Rating: Medium | This issue took 17 Day and 6 hours to fix

Public Github Repo Leaking Internal Credentials Leading To DiscoveryIQ Docker Access

@ Submitted to informatica by vinothkumar
Bug Type: Information Disclosure

Researcher has identified and reported public github repo leaking internal information. ...


Rating: Critical | This issue took 0 Day and 0 hours to fix

Blind Stored XSS In "Report a Problem" on www.data.gov/issue/

@ Submitted to tts by rioncool22
Bug Type: Cross-site Scripting (XSS) - Stored

Step To Produce : 1. Open : https://www.data.gov/issue/ 2. fill "Issue Title" and "Description" With XSSHunter Payload 3. XSS Fired In ......


Rating: Medium | This issue took 50 Day and 18 hours to fix

accounts.informatica.com - RCE due to exposed Groovy console

@ Submitted to informatica by 0ang3el
Bug Type: Code Injection

Researcher identified a misconfigured &quot;Groovy&quot; panel on an AEM web application that was vulnerable to RCE. The panel was subsequently disabled. ...


Rating: Critical | This issue took 0 Day and 4 hours to fix

CSRF Vulnerability at https://aw.my.com/

@ Submitted to mailru by mygf
Bug Type: Cross-Site Request Forgery (CSRF)

CSRF vulnerability allowed to change userbar settings in <a title="https://aw.my.com/"......


Rating: Low | This issue took 6 Day and 23 hours to fix

SSRF On [ allods.mail.ru ]

@ Submitted to mailru by elmahdi
Bug Type: Server-Side Request Forgery (SSRF)

SSRF in allods.mail.ru. allods.mail.ru belongs to Ext.B scope. ...


Rating: Medium | This issue took 3 Day and 16 hours to fix

Listing of Amazon S3 Bucket accessible to any amazon authenticated user (vector-maps-e457472599)

@ Submitted to tomtom by zer0ttl
Bug Type: Information Disclosure

Summary: It's possible to get a listing of every files in the S3 bucket `vector-maps-e457472599` # Description: The problem is using the AWS command line, it's possible to get a listing of files......


Rating: Medium | This issue took 9 Day and 5 hours to fix

Group admins can remove arbitrary data from "data" directory (including admin data)

@ Submitted to nextcloud by leonklingele
Bug Type: Privilege Escalation

Steps to reproduce: 1. Create a new user and make him an admin of an arbitrary group 2. Log in as this new user 3. Create a new user "files_external", "appdata_{random-data}", ........


Rating: High | This issue took 99 Day and 23 hours to fix

Version Disclosure (NginX)

@ Submitted to maximum by protector47
Bug Type: Information Disclosure

Hi, I found a version disclosure (Nginx) in the your web server's HTTP response. #Extracted Version: 1.8.0 This information might help an attacker gain a greater understanding of the systems in......


Rating: No rating | This issue took 0 Day and 1 hours to fix

Program Email Nofication settings ignored when being added as an external contributor

@ Submitted to security by the_arch_angel
Bug Type: Information Disclosure

Summary: When being added as an external contributor to a report, the report title are displayed in the email notification despite the program email notification settings being set to `No......


Rating: Low | This issue took 18 Day and 13 hours to fix

XSS risk reduction with X-XSS-Protection: 1; mode=block header

@ Submitted to maximum by dawidczagan
Bug Type: None supplied

As you can read for example on this Microsoft blog (http://blogs.msdn.com/b/ieinternals/archive/2011/01/31/controlling-the-internet-explorer-xss-filter-with-the-x-xss-protection-http-header.aspx): ......


Rating: No rating | This issue took 8 Day and 13 hours to fix

Yarn transfers npm credentials over unencrypted http connection

@ Submitted to nodejs-ecosystem by chalker
Bug Type: Missing Encryption of Sensitive Data

# Module module name: yarn version: 1.16.0 npm page: `https://www.npmjs.com/package/yarn` Module Description > Fast, reliable, and secure dependency management. Module Stats ......


Rating: High | This issue took 2 Day and 23 hours to fix

Multiple HTTP/2 DOS Issues

@ Submitted to nodejs by jasnell
Bug Type: Denial of Service

A security researcher conducted a broad survey of HTTP/2 implementations to investigate common Denial of Service attack vectors. The Node.js implementation was been found to be subject to a number of......


Rating: High | This issue took 83 Day and 18 hours to fix

Private Key exposed in Travis Log can Compromise all the test servers.

@ Submitted to tronfoundation by hayageek
Bug Type: Cleartext Storage of Sensitive Information

# REQUIRED: 1. Summary of the bug Summary: Private key is printed in Travis Console log https://travis-ci.org/tronprotocol/java-tron/builds/361945077#L4101 Github provides information of test......


Rating: Low | This issue took 1 Day and 10 hours to fix

Reflected XSS on https://inventory.upserve.com/ (affects IE users only)

@ Submitted to upserve by stealthy
Bug Type: Cross-site Scripting (XSS) - Reflected

The REQUEST_URI was assigned as the value of a hidden field in the login form without proper escaping resulting in a reflected cross-site scripting bug. Browsers were mitigating the issue and IE was......


Rating: Medium | This issue took 14 Day and 5 hours to fix

subdomain take over at recommendation.algolia.com

@ Submitted to algolia by badcracker
Bug Type: Violation of Secure Design Principles

Description hello sir, your subdomain recommendation.algolia.com cname is recommendation.us and recommendation.us is for sell which can lead to subdomain take over steps to reproduce 1. check the......


Rating: Medium | This issue took 0 Day and 0 hours to fix

Earn free DAI interest (inflation) through instant CDP+DSR in one tx

@ Submitted to makerdao_bbp by lucash-dev
Bug Type: Business Logic Errors

Summary: The MCD contracts contain different mechanisms for accumulating rates in different contracts, namely `pot` and `jug` corresponding to the cost of a loan and interest earned on savings.......


Rating: High | This issue took 7 Day and 13 hours to fix

xss reflected in littleguy.vanillastaging.com

@ Submitted to vanilla by black_b
Bug Type: Cross-site Scripting (XSS) - Reflected

Go littleguy.vanillastaging.com create a account and go http://littleguy.vanillastaging.com/discussion/comment/ Go:......


Rating: High | This issue took 73 Day and 18 hours to fix

SQL Injection vulnerability located at ████████

@ Submitted to deptofdefense by rootaccess
Bug Type: SQL Injection

Summary: I have found a SQL Injection at ███████ in the ████ Portal. Description: The SQL injection is being caused by the unsanitized parameter of `_itemID=` i......


Rating: High | This issue took 145 Day and 0 hours to fix

Can register any mobile number in MFA without current code.

@ Submitted to grammarly by chackmate
Bug Type: Improper Access Control - Generic

<a href="/chackmate">@chackmate</a> identified a vulnerability that allows a user to connect arbitrary phone numbers with their account.<br> No users affected. ...


Rating: Low | This issue took 7 Day and 0 hours to fix

Stored XSS in mail app

@ Submitted to appsuite by zee_shan
Bug Type: Cross-site Scripting (XSS) - Stored

Vulnerability Details:<br> When replying to a HTML E-Mail with specific payload, that payload could be executed as script code. The user would have to have HTML composing enabled to exploit this......


Rating: Medium | This issue took 0 Day and 2 hours to fix

[kb.informatica.com] Dom Based xss

@ Submitted to informatica by e3xpl0it
Bug Type: Cross-site Scripting (XSS) - Generic

Hi! I found Dom based xss on this subdomain https://kb.informatica.com javaScript security is very important, even more in portals where users store their personal data. Attackers can target those......


Rating: Medium | This issue took 202 Day and 11 hours to fix