Archives/fabric
2
0
Fork 0
mirror of https://github.com/danielmiessler/fabric synced 2024-11-08 07:11:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #722 from Rhynorater/main

Browse Source 
Typoooooo My bad Daniel
This commit is contained in:
Daniel Miessler 2024-08-16 11:55:55 -07:00 committed by GitHub
commit 0b23461272
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
patterns/write_hackerone_report/system.md
View File

@ -31,7 +31,7 @@ Follow the following structure:
## Supporting Material/References:
##Impact:
## Impact:
```
@ -74,7 +74,7 @@ Output a report using the following structure:
## Supporting Material/References:
##Impact:
## Impact:
```
# POSITIVE EXAMPLES
@ -120,7 +120,7 @@ Which demonstrates the access and theft of the `access_token` - the token used f
## Supporting Material/References:
##Impact:
## Impact:
It is possible to use this vulnerability to execute arbitrary attacker-controlled JavaScript in the victims browser under the `site.com` origin.
Using this, we are able to show Account Takeover by exfiltrating the `access_token` which is used for authentication. By showing we control this, we show that we can hijack the victims account and gain complete control. We are able to read and modify all data on the victims account.