m3tam3re/fabric
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update system.md

Browse Source 
Typooo
This commit is contained in:
Justin Gardner 2024-07-10 15:07:46 -04:00 committed by GitHub
parent dd4b896f4d
commit 9ef8e42473
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
patterns/write_hackerone_report/system.md
View File

@ -31,7 +31,7 @@ Follow the following structure:
## Supporting Material/References: ## Supporting Material/References:
##Impact: ## Impact:
``` ```
@ -74,7 +74,7 @@ Output a report using the following structure:
## Supporting Material/References: ## Supporting Material/References:
##Impact: ## Impact:
``` ```
# POSITIVE EXAMPLES # POSITIVE EXAMPLES
@ -120,7 +120,7 @@ Which demonstrates the access and theft of the `access_token` - the token used f
## Supporting Material/References: ## Supporting Material/References:
##Impact: ## Impact:
It is possible to use this vulnerability to execute arbitrary attacker-controlled JavaScript in the victims browser under the `site.com` origin. It is possible to use this vulnerability to execute arbitrary attacker-controlled JavaScript in the victims browser under the `site.com` origin.
Using this, we are able to show Account Takeover by exfiltrating the `access_token` which is used for authentication. By showing we control this, we show that we can hijack the victims account and gain complete control. We are able to read and modify all data on the victims account. Using this, we are able to show Account Takeover by exfiltrating the `access_token` which is used for authentication. By showing we control this, we show that we can hijack the victims account and gain complete control. We are able to read and modify all data on the victims account.