+- Dark C0d3rs (https://darkcoders.wiki)
+-- Forum: Exploit Log (https://darkcoders.wiki/Forum-Exploit-Log)
+--- Forum: Research Papers/Vulnerability reports (https://darkcoders.wiki/Forum-Research-Papers-Vulnerability-reports)
+--- Thread: HackerOne Disclosed Reports - 2025-07-29 (/Thread-HackerOne-Disclosed-Reports-2025-07-29)
HackerOne disclosed reports - 2025-07-29 - hashXploiter - 07-30-2025
resolved
Bypass "No Links" Restriction in Biography via Protocol-Relative URL (//)
Bug reported by _dha was disclosed at July 29, 2025, 2:43 pm | Improper Input Validation
The report identifies a bypass vulnerability in the biography field on addons.allizom.org. Despite the application's policy against allowing links, it was possible to embed functional hyperlinks using protocol-relative URLs (//evil.com). This violation of the declared application policy was achieved by including an tag with the protocol-relative URL.
resolved
Mozilla VPN Clients: RCE via file write and path traversal
Bug reported by Rein Daelman was disclosed at July 29, 2025, 9:53 am | Path Traversal
The report describes a path traversal vulnerability in the Mozilla VPN client software that allowed for remote code execution. The vulnerability was found in the "live_reload" command of the client's inspector feature, which could be accessed when the client was in developer mode with "Use Staging Servers" enabled. The vulnerable code in the InspectorHotreloader::fetchAndAnnounce() function failed to properly sanitize file paths when downloading remote files to a temporary folder, enabling attackers to write arbitrary files to any location on the filesystem.