or Create a profile
03 Sep, 2019 07:18 PM
I have been trying to reach somebody about a series of OS Command Injections I found with your scanner. HackerOne is assuming it is a false positive, but I am looking at the report, and feel like you are right about labelling it a critical threat. It looks like it affects the source, user email and login information pages. What would you use, other than Burp Suite, to recreate a command inject like the one in the attached file?
I told them the injection, signature and gave them the proof from report that I can generate from Arachni, so I'd like to know what you recommend I would do next.
Formatting help /
(switch to plain text)
(switch to Markdown)
You can attach files up to 10MB
If you don't have an account yet, we need to confirm you're human and not a machine trying to post spam.
A conversation has been started with the Arachni staff to resolve this discussion.
This discussion is private.
Only you and Arachni support staff can see and reply to it.
This discussion is public. Everyone can see and reply to it.
You can use Command ⌘ instead of Control ^ on Mac
Powered by Tender™.