Search & Find


Post a writeup

Contributors


palant
Write-ups shared: 12

alyssa
Write-ups shared: 8

zseano
Write-ups shared: 6

Spazzyy
Write-ups shared: 5

twiceDi
Write-ups shared: 4

noob
Write-ups shared: 4

janijay007
Write-ups shared: 4

syntaxerror
Write-ups shared: 3

iamthere
Write-ups shared: 3

nikhil
Write-ups shared: 3

tomnomnom
Write-ups shared: 2

updateLap
Write-ups shared: 2

hateshape
Write-ups shared: 2

plenum
Write-ups shared: 2

ehsahil
Write-ups shared: 7

slawbra
Write-ups shared: 2

warlord3112
Write-ups shared: 2

dorkerdevil
Write-ups shared: 2

haxormad
Write-ups shared: 2

andrysec
Write-ups shared: 2

Recognizing basic security flaws in local password managers

Written by palant

Program: Password Depot Rating: Critical
Visit Writeup »

Various RememBear security issues

Written by palant

Program: RememBear Rating: High
Visit Writeup »

the words of the overseas child

Written by aafauzan100gmailcom

Program: [redacted] Rating: High
Visit Writeup »

ornamental plant stem

Written by aafauzan100gmailcom

Program: [redacted] Rating: Low
Visit Writeup »

$5000 Apache /server-status page

Written by drs

Program: Unknown Rating: None set
View Writeup »

SQL Injections on [ Telkom Server Acess ]

Written by andrysec

Program: SQL Injections on [ Telkom Server Acess ] Rating: Critical
View Writeup »

SQL Injections on [ Telkom Server Acess ]

Written by andrysec

Program: SQL Injections on [ Telkom Server Acess ] Rating: Critical
View Writeup »

20k Server With Unrestricted Access

Written by Spazzyy

Program: [redacted] Rating:
Visit Writeup »

Long Journey to Google's Hof

Written by haxormad

Program: Google Rating: Low
Visit Writeup »

Infinite Loop story

Written by dorkerdevil

Program: [redacted] Rating: Low
Visit Writeup »

1500$ worth Deserialization vulnerability

Written by dorkerdevil

Program: [redacted] Rating: Critical
Visit Writeup »

Looking for something?

We have 7,202 disclosed issues from HackerOne

Keyword:

Top Disclosers


sp1d3rs
Bugs Found: 361
Bugs Disclosed: 53

bl4de
Bugs Found: 86
Bugs Disclosed: 37

cablej
Bugs Found: 274
Bugs Disclosed: 25

zephrfish
Bugs Found: 101
Bugs Disclosed: 22

anshumanbh
Bugs Found: 69
Bugs Disclosed: 20

alyssa
Bugs Found: 136
Bugs Disclosed: 17

babayaga
Bugs Found: 55
Bugs Disclosed: 17

rootxharsh
Bugs Found: 235
Bugs Disclosed: 15

tungpun
Bugs Found: 44
Bugs Disclosed: 13

juliosoares
Bugs Found: 142
Bugs Disclosed: 11

michiel
Bugs Found: 61
Bugs Disclosed: 11

rijalrojan
Bugs Found: 97
Bugs Disclosed: 10

defmax
Bugs Found: 136
Bugs Disclosed: 10

d1pakda5
Bugs Found: 106
Bugs Disclosed: 9

spam404
Bugs Found: 240
Bugs Disclosed: 8

Silent omission of certificate hostname verification in LibreSSL and BoringSSL

@ Submitted to Internet by tiran
Bug Type: Improper Certificate Validation

Abstract LibreSSL and BoringSSL implemented ``X509_VERIFY_PARAM_set1_host`` differently than OpenSSL. All applications that use the preferred and documented way to configure a TLS connection for......


Rating: Critical | This issue took 499 Day and 11 hours to resolve

[https-proxy-agent] Socket returned without TLS upgrade on non-200 CONNECT response, allowing request data to be sent over unencrypted connection

@ Submitted to Nodejs-ecosystem by kadler15
Bug Type: Man-in-the-Middle

I would like to report a man-in-the-middle vulnerability in `https-proxy-agent`. It allows an attacker with access to the network firewall or targeted proxy server to obtain secrets (e.g. a HTTP basic......


Rating: Medium | This issue took 99 Day and 21 hours to resolve

Открытые сорцы

@ Submitted to Mailru by linkks
Bug Type: Information Disclosure

gitlab repository with opensource projects was available from external network on geekbrains.ru subdomain. While no sensitive information was leaked, decision was made to limit the access to......


Rating: None | This issue took 48 Day and 19 hours to resolve

[CVE-2018-18313] regcomp: heap-buffer-overflow read in S_grok_bslash_N

@ Submitted to Ibb-perl by etsukata
Bug Type: Heap Overflow

See: https://rt.perl.org/Public/Bug/Display.html?id=133192 CVE ID: CVE-2018-18313 Impact Potential information leak(ex: secret variables or source codes)...


Rating: Critical | This issue took 129 Day and 23 hours to resolve

Windows builds with insecure path defaults (CVE-2019-1552)

@ Submitted to Ibb-openssl by mirchr
Bug Type: Code Injection

Advisory: https://www.openssl.org/news/secadv/20190730.txt ``` Severity: Low OpenSSL has internal defaults for a directory tree where it can find a configuration file as well as certificates used......


Rating: Low | This issue took 26 Day and 5 hours to resolve

Publicly Accessible Harshi Corp Consul

@ Submitted to Mailru by l33tcyberops
Bug Type: Improper Access Control - Generic

Consul interface was available from outside on one of my.com subdomains. ...


Rating: Medium | This issue took 3 Day and 8 hours to resolve

Exim off-by-one RCE vulnerability

@ Submitted to Internet by mehqq
Bug Type: Off-by-one Error

Hi, I found an off-by-one in Exim MTA utility function. It was reported to exim and official patch has been released, assigned CVE-2018-6789. This bug affects all versions of exim. This bug is......


Rating: Critical | This issue took 499 Day and 11 hours to resolve

Mercurial git subrepo lead to arbritary command injection

@ Submitted to Internet by pnig0s
Bug Type: Command Injection - Generic

Hi IBB, I'd like to submit a issue exist in Mercurial. ``` It is possible that a specially malformed repository can cause Git subrepositories to run arbitrary code in the form of a......


Rating: Critical | This issue took 499 Day and 23 hours to resolve

[health.mail.ru] Раскрытие SSI сценариев

@ Submitted to Mailru by bobrov
Bug Type: Information Disclosure

SSI template content leaked on invalid HTTP request in health.mail.ru and few more projects. On the moment of reporting, health.mail.ru was in Main scope of bug bounty program. ...


Rating: None | This issue took 422 Day and 22 hours to resolve

CVE-2019-5736: Escape from Docker and Kubernetes containers to root on host

@ Submitted to Internet by adam_iwaniuk
Bug Type: Privilege Escalation

description here: https://blog.dragonsector.pl/2019/02/cve-2019-5736-escape-from-docker-and.html PoC: https://github.com/q3k/cve-2019-5736-poc Some more links:......


Rating: High | This issue took 132 Day and 23 hours to resolve

Application level denial of service due to shutting down the server

@ Submitted to Nodejs-ecosystem by 3la2kb
Bug Type: Denial of Service

Module module name: http-live-simulator version: 1.0.7 npm page: https://www.npmjs.com/package/http-live-simulator Description I've found a way to crash the server due to the way it......


Rating: Low | This issue took 68 Day and 23 hours to resolve

Web Cache Poisoning

@ Submitted to Mailru by linkks
Bug Type: Cross-site Scripting (XSS) - Stored

Reverse proxy cache poisoning via host header content could lead to stored XSS in uxui.geekbrains.ru ...


Rating: No rating | This issue took 70 Day and 1 hours to resolve

[CVE-2018-18312] regcomp: heap-buffer-overflow write / reg_node overrun

@ Submitted to Ibb-perl by etsukata
Bug Type: Heap Overflow

See: https://rt.perl.org/Public/Bug/Display.html?id=133423 CVE ID: CVE-2018-18312 Impact Potential RCE...


Rating: Critical | This issue took 129 Day and 23 hours to resolve

Stored XSS in localhost:* via integrated torrent downloader

@ Submitted to Brave by ryotak
Bug Type: Cross-site Scripting (XSS) - Stored

Summary: Due to filename of downloading torrent file isn't sanitized, an attacker is able to execute arbitrary JavaScript on localhost:* by abusing crafted torrent file. Products affected: ......


Rating: Medium | This issue took 0 Day and 0 hours to resolve

[screenshot.mail.ru] CRLF Injection

@ Submitted to Mailru by bobrov
Bug Type: CRLF Injection

CRLF injection in screenshot.mail.ru allowed to manipulate response headers. ...


Rating: Low | This issue took 4 Day and 2 hours to resolve

Periscope-all Firebase database takeover

@ Submitted to Twitter by deeptiman
Bug Type: Improper Access Control - Generic

Hello, I found one public Firebase database of periscope.tv and I can able to insert data to this database and i only used it once for the testing purposes, so other database queries also possible. ......


Rating: Critical | This issue took 17 Day and 20 hours to resolve

Blind SSRF [ Sentry Misconfiguraton ]

@ Submitted to Mailru by elmahdi
Bug Type: Server-Side Request Forgery (SSRF)

Researcher found Blind SSRF via Sentry misconfiguration. This report received smaller bounty since server located in dedicated hosting (colocation) network separated from production servers ...


Rating: Low | This issue took 13 Day and 19 hours to resolve

CSS injection via BB code tag "█████"

@ Submitted to Phpbb by hanno
Bug Type: Resource Injection

The input to the "█████" BBcode tag is not properly filtered. It gets converted into a CSS style attribute for a span HTML element. Quotes (") are removed, so there's no way......


Rating: Medium | This issue took 122 Day and 0 hours to resolve

ChaCha20-Poly1305 with long nonces

@ Submitted to Ibb-openssl by jorandirkgreef
Bug Type: Missing Encryption of Sensitive Data

This report relates to CVE-2019-1543, https://www.openssl.org/news/secadv/20190306.txt, which I reported to the OpenSSL maintainers a few days ago. OpenSSL accepts nonces for the AEAD cipher......


Rating: High | This issue took 129 Day and 22 hours to resolve

[special.mail.ru] Information Disclosure

@ Submitted to Mailru by bobrov
Bug Type: Information Disclosure

special.mail.ru was running misconfigured Laravel in debug mode, disclosing some sensitive information ...


Rating: Medium | This issue took 9 Day and 20 hours to resolve

Arbitrary file creation with semi-controlled content (leads to DoS, EoP and others) at Steam Windows Client

@ Submitted to Valve by xi-tauw
Bug Type: Path Traversal

The vulnerability allows to create arbitrary file with some crafted text (or append to existing file). Tested on actual version 5.31.28.21 (SteamService.exe filevesion info). At start of the report I......


Rating: Medium | This issue took 7 Day and 9 hours to resolve

Steal all MKR from `flap` during liquidation by exploiting lack of validation in `flap.kick`

@ Submitted to Makerdao_bbp by lucash-dev
Bug Type: Improper Input Validation

Summary: The `flap` contract provides the ability to auction DAI for MKR. That's a fundamental functionality of the MCD system, invoked usually from the `vow` contract. A flaw in the validation of......


Rating: High | This issue took 20 Day and 3 hours to resolve

Integer overflow leading to buffer overflow

@ Submitted to Ibb-perl by jkrshnmenon
Bug Type: Integer Overflow

There exists an integer overflow in Perl_my_setenv @ util.c : 2070 2070: void Perl_my_setenv(pTHX_ const char *nam, const char *val) { ... 2166: const int nlen = strlen(nam); ... 2171: ......


Rating: Critical | This issue took 129 Day and 23 hours to resolve

Ruby is shipping a vulnerable jQuery

@ Submitted to Ruby by chrisseaton
Bug Type: None supplied

No this isn't a report about the website! Ruby ships Darkfish as part of RDoc https://github.com/ruby/ruby/tree/HEAD/lib/rdoc/generator/template/darkfish......


Rating: Low | This issue took 153 Day and 7 hours to resolve

Last pipeline status for MR leaked

@ Submitted to Gitlab by xanbanx
Bug Type: Improper Authentication - Generic

Hi GitLab security team, # Summary GitLab allows for public and internal projects to restrict the visibility of pipelines to project members only. Then, only project members should have access to......


Rating: Low | This issue took 101 Day and 15 hours to resolve