1. Reverse Engineering >
  2. Exploits >
  3. HackerOne: Disclosure of the name of a program that has a private part with an external link

ArabicEnglishFrenchGermanGreekItalianJapaneseKoreanPersianPolishPortugueseRussianSpanishTurkishVietnamese

HackerOne: Disclosure of the name of a program that has a private part with an external link


Exploits vom | Direktlink: vulners.com Nachrichten Bewertung


image
Summary: Hi team , @jobert , @bencode . Not so long ago, you made an output to the program panel of information about whether the program has the function- retest. Also, this is reflected in the report by the attribute active_retest_subscription. It seems that it is reflected in publish reports that are created in programs that have external links. The function itself cannot be enabled in the sandbox, which means that it can only be found in real programs. It turns out that if we see this attribute in the report, it means that the program is real, which means it is private Steps To Reproduce Go to https://hackerone.com/hacktivity/publish Input program , create reports Check .json report - https://hackerone.com/reports/ID.json If we see this attribute, it means that the program is private. And it has the retest function enabled Thanks! @haxta4ok00 Impact Disclosure of the name of a program that has a private part with an external......

Externe Webseite mit kompletten Inhalt öffnen



https://vulners.com/hackerone/H1:871142?utm_source=rss&utm_medium=rss&utm_campaign=rss

Team Security Social Media

➤ Weitere Beiträge von Team Security | IT Sicherheit

  • D-Link DGS-1510-28XMP bis 1.31 Information Disclosure [CVE-2017-6206]

    vom 715.06 Punkte ic_school_black_18dp
    In D-Link DGS-1510-28XMP, DGS-1510-28X, DGS-1510-52X, DGS-1510-52, DGS-1510-28P, DGS-1510-28 sowie DGS-1510-20 bis 1.31 wurde eine problematische Schwachstelle gefunden. Betroffen ist eine unbekannte Funktion. Durch Manipulation mit einer unbekannten Ei
  • D-Link DGS-1510-28XMP bis 1.31 erweiterte Rechte [CVE-2017-6205]

    vom 710.08 Punkte ic_school_black_18dp
    Es wurde eine kritische Schwachstelle in D-Link DGS-1510-28XMP, DGS-1510-28X, DGS-1510-52X, DGS-1510-52, DGS-1510-28P, DGS-1510-28 sowie DGS-1510-20 bis 1.31 gefunden. Hiervon betroffen ist eine unbekannte Funktion. Durch die Manipulation mit einer un
  • Net::Ping::External bis 0.15 auf Perl Argument Shell Metacharacter erweiterte Rechte

    vom 212.45 Punkte ic_school_black_18dp
    In Net::Ping::External bis 0.15 auf Perl wurde eine kritische Schwachstelle ausgemacht. Betroffen ist eine unbekannte Funktion der Komponente Argument Handler. Mit der Manipulation durch Shell Metacharacter kann eine erweiterte Rechte-Schwachstelle ausgenutzt werden. C
  • Announcing TypeScript 3.8

    vom 192.96 Punkte ic_school_black_18dp
    Today we’re proud to release TypeScript 3.8! For those unfamiliar with TypeScript, it’s a language that adds syntax for types on top of JavaScript which can be analyzed through a process called static type-checking. This type-checking can tell us about
  • Announcing TypeScript 3.8 RC

    vom 172.18 Punkte ic_school_black_18dp
    Today we’re announcing the Release Candidate for TypeScript 3.8! Between this RC and our final release, we expect no changes apart from critical bug fixes. To get started using the RC, you can get it through NuGet, or through npm with the following command: npm install typescri
  • Azure Container Registry Private Link support preview for virtual networks

    vom 171.47 Punkte ic_school_black_18dp
    Azure Container Registry announces preview support for Azure Private Link, a means to limit network traffic of resources within the Azure network. With Private Link, the registry endpoints are assigned private IP addresses, routing traffic within a
  • MMD-0037-2015 - A bad Shellshock & Linux/XOR.DDoS CNC "under the hood"

    vom 153.27 Punkte ic_school_black_18dp
    The background Yesterday was a hectic day when we gathered to check all recent ELF threats cross-fired in the internet traffic when I was informed of a recent shellshock attack. Seeing the command pattern of the one-liner shell executed script used I knew
  • MMD-0037-2015 - A bad Shellshock & Linux/XOR.DDoS CNC "under the hood"

    vom 153.27 Punkte ic_school_black_18dp
    The background Yesterday was a hectic day when we gathered to check all recent ELF threats cross-fired in the internet traffic when I was informed of a recent shellshock attack. Seeing the command pattern of the one-liner shell executed script used I knew
  • Subfinder - A Subdomain Discovery Tool That Discovers Valid Subdomains For Websites

    vom 153.05 Punkte ic_school_black_18dp
    subfinder is a subdomain discovery tool that discovers valid subdomains for websites by using passive online sources. It has a simple modular architecture and is optimized for speed. subfinder is built for doing one thing only - passive subdomain enumeration, an
  • HackerOne: A small set of users were assigned someone else's payout preference

    vom 152.56 Punkte ic_school_black_18dp
    On December 20th, 2016, HackerOne introduced a new payout preference that allowed employee bounties to be paid through payroll. At the time, a feature was added to our support backend that allowed the IT department to provision this special payout pr
  • Regex Performance Improvements in .NET 5

    vom 142.74 Punkte ic_school_black_18dp
    The System.Text.RegularExpressions namespace has been in .NET for years, all the way back to .NET Framework 1.1. It’s used in hundreds of places within the .NET implementation itself, and directly by thousands upon thousands of applications. Across all of t
  • Performance Improvements in .NET Core 3.0

    vom 140.11 Punkte ic_school_black_18dp
    Back when we were getting ready to ship .NET Core 2.0, I wrote a blog post exploring some of the many performance improvements that had gone into it. I enjoyed putting it together so much and received such a positive response to the post that I did it

Team Security Diskussion über HackerOne: Disclosure of the name of a program that has a private part with an external link