Top disclosed reports from HackerOne. Contribute to theori-io/hackerone-reports development by creating an account on GitHub.
GitHub is where people build software. More than 150 million people use GitHub to discover, fork, and contribute to over 420 million projects.
当访问一个目标的子域(假如是:wwblog.qq.com)时,长这样,可以尝试去用github.io去接管一下 通过dig + 域名 会得到一个cname地址,一般是 xxxx.github.io的域名,直接访问这个域也是404 原理就是 wwblog.qq.com子域名cname指向了一个空的GitHub的页面,而这个GitHub页面可以被任何人创建并接管 接管攻击过程 在GitHu...
Will HackerOne integrate with the tools in your workflow? See all our integrations: Jira, GitHub, MS Teams, Slack, Splunk, and many more.
Engage with pentesters via integrated tools like GitHub, Jira, Slack, and ServiceNow. Gain immediate visibility into critical vulnerabilities for faster decision-making and remediation. Coordinate with the security team in real time, ensuring fast fixes. Image Validation of fixes + retesting After vu...
这个是来自于hackerone自己的漏洞,赏金直接给到了25000美元,毫不吝啬的给到了严重级别的评级,没有降级。(没有对比没有伤害) 下面来分析下这个思路 首先来看看原文内容。 Navigate to https://hackerone.com/organizations/ORG/analytics/reports Create new report. ...
Since January, thousands of hackers have expressed their enthusiasm for the first Hacker101 content drop (almost 80,000 total video views and more than 8,800 stars on GitHub in just five months!). Now it's time to take things to the next level. We've pre
It can translate dense technical reports into clear, actionable guidance—ensuring that teams across an organisation can coordinate effectively. “Faster processes and automation allow security teams to focus on strategically important tasks,” Gautam explained. For high-risk threats, AI is proving ...
https://hackerone.com/reports/242964 漏洞很简单,hackerone官方就给回复了一句话。 虽然我们再用户提交付款方式时向用户发送电子邮件,但是再他们的首选付款方式被修改时,我们未发送通知。这份报告指处了这个疏忽。 虽然很简单的一个漏洞,但是也给了500美刀。下面,我来分享这个漏洞。
https://hackerone.com/reports/1418891 https://blog.csdn.net/feinifi/article/details/121293135 https://nightlies.apache.org/flink/flink-docs-master/docs/ops/rest_api/ Grafana Image Renderer配置文件RCE 环境搭建 VMware-ubuntu20.04下执行该命令 ...