HackerOne: Creation of bounties through Customer API leads to private email disclosure

Summary: Hello team, It is possible to reveal any user email using the BountiesHistoryQuery request. To demonstrate this, I will make use of both the API and the graphql requests. Steps To Reproduce ...

Continue Reading
HackerOne: Creation of bounties through Customer API leads to private email disclosure

Summary: Hello team, It is possible to reveal any user email using the BountiesHistoryQuery request. To demonstrate this, I will make use of both the API and the graphql requests. Steps To Reproduce ...

Continue Reading
This Week in Spring – March 12th, 2024

Hi, Spring fans! Welcome to another installment of This Week in Spring! And what a week it's going to be! Do this first: we need your help! Please answer some questions in our State of Spring su ...

Continue Reading
This Week in Spring – March 12th, 2024

Hi, Spring fans! Welcome to another installment of This Week in Spring! And what a week it's going to be! Do this first: we need your help! Please answer some questions in our State of Spring su ...

Continue Reading
GAP-Burp-Extension – Burp Extension To Find Potential Endpoints, Parameters, And Generate A Custom Target Wordlist

This is an evolution of the original getAllParams extension for Burp. Not only does it find more potential parameters for you to investigate, but it also finds potential links to try these parameters ...

Continue Reading
GAP-Burp-Extension – Burp Extension To Find Potential Endpoints, Parameters, And Generate A Custom Target Wordlist

This is an evolution of the original getAllParams extension for Burp. Not only does it find more potential parameters for you to investigate, but it also finds potential links to try these parameters ...

Continue Reading
Unauthenticated views may expose information to anonymous users

Impact A number of Nautobot URL endpoints were found to be improperly accessible to unauthenticated (anonymous) users, including the following: /api/graphql/ (1) /api/users/users/session/ (Nautobot 2 ...

Continue Reading
Unauthenticated views may expose information to anonymous users

Impact A number of Nautobot URL endpoints were found to be improperly accessible to unauthenticated (anonymous) users, including the following: /api/graphql/ (1) /api/users/users/session/ (Nautobot 2 ...

Continue Reading

Back to Main

Subscribe for the latest news: