Cookie Consent by Free Privacy Policy Generator ๐Ÿ“Œ HackerOne: Pentester can obtain information about other pentesters who applied for the same test, but weren't accepted

๐Ÿ  Team IT Security News

TSecurity.de ist eine Online-Plattform, die sich auf die Bereitstellung von Informationen,alle 15 Minuten neuste Nachrichten, Bildungsressourcen und Dienstleistungen rund um das Thema IT-Sicherheit spezialisiert hat.
Ob es sich um aktuelle Nachrichten, Fachartikel, Blogbeitrรคge, Webinare, Tutorials, oder Tipps & Tricks handelt, TSecurity.de bietet seinen Nutzern einen umfassenden รœberblick รผber die wichtigsten Aspekte der IT-Sicherheit in einer sich stรคndig verรคndernden digitalen Welt.

16.12.2023 - TIP: Wer den Cookie Consent Banner akzeptiert, kann z.B. von Englisch nach Deutsch รผbersetzen, erst Englisch auswรคhlen dann wieder Deutsch!

Google Android Playstore Download Button fรผr Team IT Security



๐Ÿ“š HackerOne: Pentester can obtain information about other pentesters who applied for the same test, but weren't accepted


๐Ÿ’ก Newskategorie: Sicherheitslรผcken
๐Ÿ”— Quelle: vulners.com


image
Hi team, I don't know your policy about pentesters(about their visibility on the platform), But I couldn't find any other pentesters before. 1) For example: GraphQL has the h1_pentester attribute that would explicitly point us to the pentester, but if we make a query, it doesn't reveal the pentester to us. https://hackerone.com/graphql POST {"query":"query { user(username:\\"โ–ˆโ–ˆโ–ˆ\\"){username,h1_pentester}}","variables":{}} Answer: {"data":{"user":{"username":"โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ","h1_pentester":null}}} As we can see, I can't say that he is a pentester. And if I understand the policy correctly in this situation, H1 does not disclose to others who the pentester 2) PoC: https://hackerone.com/graphql POST {"query":"query { pentester_profiles{total_count,nodes{skills{nodes{name}},state,user{username}}}}","variables":{}} Answer: {"data":{"pentester_profiles":{"total_count":8,"nodes":[{"skills":{"nodes":[{"name":"Web Applications"},{"name":"Mobile Applications"},{"name":"Native Applications"},{"name":"Android"},{"name":"iOS"},{"name":"API"}]},"state":"approved","user":{"username":"โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ"}},{"skills":{"nodes":[{"name":"Web Applications"},{"name":"Mobile Applications"},{"name":"Network Security"},{"name":"Android"},{"name":"iOS"},{"name":"API"},{"name":"Web applications"}]},"state":"approved","user":{"username":"โ–ˆโ–ˆโ–ˆโ–ˆโ–ˆโ–ˆ"}},{"skills":{"nodes":[{"name":"Web Applications"},{"name":"Mobile Applications"},{"name":"Native Applications"},{"name":"Network... ...



๐Ÿ“Œ HackerOne: Pentester can obtain information about other pentesters who applied for the same test, but weren't accepted


๐Ÿ“ˆ 170.58 Punkte

๐Ÿ“Œ Ligolo - Reverse Tunneling Made Easy For Pentesters, By Pentesters


๐Ÿ“ˆ 40.84 Punkte

๐Ÿ“Œ HackerOne: Reflected XSS on www.hackerone.com and resources.hackerone.com


๐Ÿ“ˆ 37.81 Punkte

๐Ÿ“Œ HackerOne: Unauthorized user can obtain `report_sources` attribute through Team GraphQL object


๐Ÿ“ˆ 36.58 Punkte

๐Ÿ“Œ LinkedIn: An attacker can submit arbitrary projects to their service accounts and obtain full information on projects of other users.


๐Ÿ“ˆ 36.01 Punkte

๐Ÿ“Œ Itโ€™s the same principle as a master key, but applied to biometric identification with a high rate of success.


๐Ÿ“ˆ 35.6 Punkte

๐Ÿ“Œ Pull Requests Are Accepted At About The Same Rate, Regardless of Gender


๐Ÿ“ˆ 33.14 Punkte

๐Ÿ“Œ Pull Requests Are Accepted At About The Same Rate, Regardless of Gender


๐Ÿ“ˆ 33.14 Punkte

๐Ÿ“Œ HackerOne Rolls Out Pentest Review System for Customers and Pentesters


๐Ÿ“ˆ 33.02 Punkte

๐Ÿ“Œ HackerOne Rolls Out Pentest Review System for Customers and Pentesters


๐Ÿ“ˆ 33.02 Punkte

๐Ÿ“Œ Apple's competitors weren't mentioned in WWDC 2021 keynote, but they were all there


๐Ÿ“ˆ 29.86 Punkte

๐Ÿ“Œ HackerOne: Any user with access to program can resume and suspend HackerOne Gateway


๐Ÿ“ˆ 29.75 Punkte

๐Ÿ“Œ Dev Ports Popular Unity-Era Feature to the Ubuntu Dockย โ€“ But Will It Be Accepted?


๐Ÿ“ˆ 28.91 Punkte

๐Ÿ“Œ Was bedeutet "same same but different"? Bedeutung und Verwendung


๐Ÿ“ˆ 28.83 Punkte

๐Ÿ“Œ Why do websites use their own RSA keys, but at the same time using the same SHAxxx algorithm to hash passwords?


๐Ÿ“ˆ 28.83 Punkte

๐Ÿ“Œ Pentesters Need to Hack AI, but Also Question its Existence


๐Ÿ“ˆ 27.2 Punkte

๐Ÿ“Œ You Can Help Too! (+20K Developers Already Accepted The Change)๐Ÿน


๐Ÿ“ˆ 26.66 Punkte

๐Ÿ“Œ Do you think that Windows Server and Linux are equally powerful or can do mostly the same things / provide the same services etc ?


๐Ÿ“ˆ 26.59 Punkte

๐Ÿ“Œ HackerOne: Support Tickets can be created on behalf of other users using spoofed email | Bypass of #2001913


๐Ÿ“ˆ 25.45 Punkte

๐Ÿ“Œ HackerOne rewards bughunter who found critical security hole inโ€ฆ HackerOne


๐Ÿ“ˆ 25.21 Punkte

๐Ÿ“Œ HackerOne: Hacker email disclosed on submission at hackerone hactivity


๐Ÿ“ˆ 25.21 Punkte

๐Ÿ“Œ HackerOne: Open Redirection in [https://www.hackerone.com/index.php]


๐Ÿ“ˆ 25.21 Punkte

๐Ÿ“Œ HackerOne: Password not checked when disabling 2FA on HackerOne


๐Ÿ“ˆ 25.21 Punkte

๐Ÿ“Œ HackerOne: Subdomain takeover of resources.hackerone.com


๐Ÿ“ˆ 25.21 Punkte

๐Ÿ“Œ HackerOne: Reflected XSS on www.hackerone.com via Wistia embed code


๐Ÿ“ˆ 25.21 Punkte

๐Ÿ“Œ HackerOne: Blind Stored XSS in HackerOne's Sal 4.1.4.2149 (sal.โ–ˆโ–ˆโ–ˆโ–ˆ.com)


๐Ÿ“ˆ 25.21 Punkte

๐Ÿ“Œ HackerOne: HackerOne Jira integration plugin Leaked JWT to unauthorized jira users


๐Ÿ“ˆ 25.21 Punkte

๐Ÿ“Œ HackerOne: HackerOne Undisclosed Report Leak via PoC of Full Disclosure on Hacktivity


๐Ÿ“ˆ 25.21 Punkte

๐Ÿ“Œ HackerOne: HTML injection that may lead to XSS on HackerOne.com through H1 Triage Wizard Chrome Extension


๐Ÿ“ˆ 25.21 Punkte

๐Ÿ“Œ HackerOne: Hackers two email disclosed on submission at hackerone hactivity


๐Ÿ“ˆ 25.21 Punkte

๐Ÿ“Œ HackerOne: Bypass of #2035332 RXSS at image.hackerone.live via the `url` parameter


๐Ÿ“ˆ 25.21 Punkte











matomo