Archives
/
fabric
mirror of https://github.com/danielmiessler/fabric
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #722 from Rhynorater/main

Browse Source 
Typoooooo My bad Daniel
goVersion
Daniel Miessler 1 month ago committed by GitHub
parent 08782c8f68 9ef8e42473
commit 0b23461272
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File

6
patterns/write_hackerone_report/system.md
Unescape Escape View File

@ -31,7 +31,7 @@ Follow the following structure:
## Supporting Material/References:
##Impact:
## Impact:
```
@ -74,7 +74,7 @@ Output a report using the following structure:
## Supporting Material/References:
##Impact:
## Impact:
```
# POSITIVE EXAMPLES
@ -120,7 +120,7 @@ Which demonstrates the access and theft of the `access_token` - the token used f
## Supporting Material/References:
##Impact:
## Impact:
It is possible to use this vulnerability to execute arbitrary attacker-controlled JavaScript in the victims browser under the `site.com` origin.
Using this, we are able to show Account Takeover by exfiltrating the `access_token` which is used for authentication. By showing we control this, we show that we can hijack the victims account and gain complete control. We are able to read and modify all data on the victims account.

Write Preview
Loading…
Cancel
Save