XSS via X-Forwarded-Host header
👉 https://hackerone.com/reports/882220
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #geeknik
🔹 State: 🟢 Resolved
🔹 Disclosed: May 11, 2021, 8:19pm (UTC)
👉 https://hackerone.com/reports/882220
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #geeknik
🔹 State: 🟢 Resolved
🔹 Disclosed: May 11, 2021, 8:19pm (UTC)
███ on https://████ enable ███ scraping, injection, stored XSS
👉 https://hackerone.com/reports/1048571
🔹 Severity: High
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #skarsom
🔹 State: 🟢 Resolved
🔹 Disclosed: May 11, 2021, 8:25pm (UTC)
👉 https://hackerone.com/reports/1048571
🔹 Severity: High
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #skarsom
🔹 State: 🟢 Resolved
🔹 Disclosed: May 11, 2021, 8:25pm (UTC)
Moodle XSS on evolve.glovoapp.com
👉 https://hackerone.com/reports/1165540
🔹 Severity: Medium
🔹 Reported To: Glovo
🔹 Reported By: #sn3akysnak3
🔹 State: 🟢 Resolved
🔹 Disclosed: May 12, 2021, 7:41am (UTC)
👉 https://hackerone.com/reports/1165540
🔹 Severity: Medium
🔹 Reported To: Glovo
🔹 Reported By: #sn3akysnak3
🔹 State: 🟢 Resolved
🔹 Disclosed: May 12, 2021, 7:41am (UTC)
Path traversal lead to LFR via [CVE-2019-3394]
👉 https://hackerone.com/reports/980881
🔹 Severity: Critical | 💰 1,500 USD
🔹 Reported To: Mail.ru
🔹 Reported By: #tounsi_007
🔹 State: 🟢 Resolved
🔹 Disclosed: May 12, 2021, 2:09pm (UTC)
👉 https://hackerone.com/reports/980881
🔹 Severity: Critical | 💰 1,500 USD
🔹 Reported To: Mail.ru
🔹 Reported By: #tounsi_007
🔹 State: 🟢 Resolved
🔹 Disclosed: May 12, 2021, 2:09pm (UTC)
Получение локального пути до файла [geekbrains.ru]
👉 https://hackerone.com/reports/1012644
🔹 Severity: Low
🔹 Reported To: Mail.ru
🔹 Reported By: #lobity
🔹 State: 🟢 Resolved
🔹 Disclosed: May 12, 2021, 2:14pm (UTC)
👉 https://hackerone.com/reports/1012644
🔹 Severity: Low
🔹 Reported To: Mail.ru
🔹 Reported By: #lobity
🔹 State: 🟢 Resolved
🔹 Disclosed: May 12, 2021, 2:14pm (UTC)
Wrong Url in Main Page
👉 https://hackerone.com/reports/1188629
🔹 Severity: Low | 💰 200 USD
🔹 Reported To: Sifchain
🔹 Reported By: #n33dm0n3y
🔹 State: 🟢 Resolved
🔹 Disclosed: May 12, 2021, 3:25pm (UTC)
👉 https://hackerone.com/reports/1188629
🔹 Severity: Low | 💰 200 USD
🔹 Reported To: Sifchain
🔹 Reported By: #n33dm0n3y
🔹 State: 🟢 Resolved
🔹 Disclosed: May 12, 2021, 3:25pm (UTC)
SSRF at jira.plazius.ru - CVE-2019-8451
👉 https://hackerone.com/reports/900618
🔹 Severity: High | 💰 1,200 USD
🔹 Reported To: Mail.ru
🔹 Reported By: #cutedoggo
🔹 State: 🟢 Resolved
🔹 Disclosed: May 12, 2021, 3:48pm (UTC)
👉 https://hackerone.com/reports/900618
🔹 Severity: High | 💰 1,200 USD
🔹 Reported To: Mail.ru
🔹 Reported By: #cutedoggo
🔹 State: 🟢 Resolved
🔹 Disclosed: May 12, 2021, 3:48pm (UTC)
Social media links not working
👉 https://hackerone.com/reports/1189282
🔹 Severity: No Rating
🔹 Reported To: Sifchain
🔹 Reported By: #tefa_
🔹 State: 🟤 Duplicate
🔹 Disclosed: May 12, 2021, 5:41pm (UTC)
👉 https://hackerone.com/reports/1189282
🔹 Severity: No Rating
🔹 Reported To: Sifchain
🔹 Reported By: #tefa_
🔹 State: 🟤 Duplicate
🔹 Disclosed: May 12, 2021, 5:41pm (UTC)
CORS Misconfiguration
👉 https://hackerone.com/reports/1194280
🔹 Severity: No Rating
🔹 Reported To: Sifchain
🔹 Reported By: #itsme_ani
🔹 State: 🟤 Duplicate
🔹 Disclosed: May 12, 2021, 6:01pm (UTC)
👉 https://hackerone.com/reports/1194280
🔹 Severity: No Rating
🔹 Reported To: Sifchain
🔹 Reported By: #itsme_ani
🔹 State: 🟤 Duplicate
🔹 Disclosed: May 12, 2021, 6:01pm (UTC)
Wordpress Users Disclosure (/wp-json/wp/v2/users/) on sifchain.finance
👉 https://hackerone.com/reports/1195194
🔹 Severity: Low
🔹 Reported To: Sifchain
🔹 Reported By: #ibrahimauwal1
🔹 State: 🟤 Duplicate
🔹 Disclosed: May 13, 2021, 12:43am (UTC)
👉 https://hackerone.com/reports/1195194
🔹 Severity: Low
🔹 Reported To: Sifchain
🔹 Reported By: #ibrahimauwal1
🔹 State: 🟤 Duplicate
🔹 Disclosed: May 13, 2021, 12:43am (UTC)
Cross Origin Resource Sharing Misconfiguration | Lead to sensitive information.
👉 https://hackerone.com/reports/1189363
🔹 Severity: No Rating
🔹 Reported To: Sifchain
🔹 Reported By: #immortalsurya
🔹 State: 🟤 Duplicate
🔹 Disclosed: May 13, 2021, 3:32am (UTC)
👉 https://hackerone.com/reports/1189363
🔹 Severity: No Rating
🔹 Reported To: Sifchain
🔹 Reported By: #immortalsurya
🔹 State: 🟤 Duplicate
🔹 Disclosed: May 13, 2021, 3:32am (UTC)
CSRF allows to test email forwarding
👉 https://hackerone.com/reports/1131473
🔹 Severity: Low
🔹 Reported To: HackerOne
🔹 Reported By: #muon4
🔹 State: 🟢 Resolved
🔹 Disclosed: May 13, 2021, 5:22am (UTC)
👉 https://hackerone.com/reports/1131473
🔹 Severity: Low
🔹 Reported To: HackerOne
🔹 Reported By: #muon4
🔹 State: 🟢 Resolved
🔹 Disclosed: May 13, 2021, 5:22am (UTC)
Lack warning label when receiving a letter
👉 https://hackerone.com/reports/1128701
🔹 Severity: Low
🔹 Reported To: HackerOne
🔹 Reported By: #haxta4ok00
🔹 State: 🟢 Resolved
🔹 Disclosed: May 13, 2021, 8:25am (UTC)
👉 https://hackerone.com/reports/1128701
🔹 Severity: Low
🔹 Reported To: HackerOne
🔹 Reported By: #haxta4ok00
🔹 State: 🟢 Resolved
🔹 Disclosed: May 13, 2021, 8:25am (UTC)
Email spoofing
👉 https://hackerone.com/reports/1187511
🔹 Severity: No Rating
🔹 Reported To: Sifchain
🔹 Reported By: #tmsm
🔹 State: 🟤 Duplicate
🔹 Disclosed: May 13, 2021, 10:20am (UTC)
👉 https://hackerone.com/reports/1187511
🔹 Severity: No Rating
🔹 Reported To: Sifchain
🔹 Reported By: #tmsm
🔹 State: 🟤 Duplicate
🔹 Disclosed: May 13, 2021, 10:20am (UTC)
Path Transversal inside saveContracts.js
👉 https://hackerone.com/reports/1196917
🔹 Severity: No Rating
🔹 Reported To: Sifchain
🔹 Reported By: #caon
🔹 State: 🔴 N/A
🔹 Disclosed: May 14, 2021, 12:47am (UTC)
👉 https://hackerone.com/reports/1196917
🔹 Severity: No Rating
🔹 Reported To: Sifchain
🔹 Reported By: #caon
🔹 State: 🔴 N/A
🔹 Disclosed: May 14, 2021, 12:47am (UTC)
Found a url on source code which was disclosing different juicy informations like ip addresses and available endponts
👉 https://hackerone.com/reports/1195432
🔹 Severity: No Rating
🔹 Reported To: Sifchain
🔹 Reported By: #paranoid07
🔹 State: 🔴 N/A
🔹 Disclosed: May 14, 2021, 3:25pm (UTC)
👉 https://hackerone.com/reports/1195432
🔹 Severity: No Rating
🔹 Reported To: Sifchain
🔹 Reported By: #paranoid07
🔹 State: 🔴 N/A
🔹 Disclosed: May 14, 2021, 3:25pm (UTC)
No Rate Limit protection in user subnoscription form
👉 https://hackerone.com/reports/1195429
🔹 Severity: Low
🔹 Reported To: Sifchain
🔹 Reported By: #aliyugombe
🔹 State: 🟤 Duplicate
🔹 Disclosed: May 14, 2021, 4:58pm (UTC)
👉 https://hackerone.com/reports/1195429
🔹 Severity: Low
🔹 Reported To: Sifchain
🔹 Reported By: #aliyugombe
🔹 State: 🟤 Duplicate
🔹 Disclosed: May 14, 2021, 4:58pm (UTC)
Corss-Tenant IDOR on Business allowing escalation privilege, invitation takeover, and edition of any other Businesses' employees
👉 https://hackerone.com/reports/1063022
🔹 Severity: Medium | 💰 1,250 USD
🔹 Reported To: Uber
🔹 Reported By: #bubbounty
🔹 State: 🟢 Resolved
🔹 Disclosed: May 14, 2021, 5:02pm (UTC)
👉 https://hackerone.com/reports/1063022
🔹 Severity: Medium | 💰 1,250 USD
🔹 Reported To: Uber
🔹 Reported By: #bubbounty
🔹 State: 🟢 Resolved
🔹 Disclosed: May 14, 2021, 5:02pm (UTC)
Unrestricted File Upload Results in Cross-Site Scripting Attacks
👉 https://hackerone.com/reports/1005355
🔹 Severity: Medium | 💰 2,000 USD
🔹 Reported To: Uber
🔹 Reported By: #hunt4p1zza
🔹 State: 🟢 Resolved
🔹 Disclosed: May 14, 2021, 5:04pm (UTC)
👉 https://hackerone.com/reports/1005355
🔹 Severity: Medium | 💰 2,000 USD
🔹 Reported To: Uber
🔹 Reported By: #hunt4p1zza
🔹 State: 🟢 Resolved
🔹 Disclosed: May 14, 2021, 5:04pm (UTC)
No Valid SPF Records/don't have DMARC record
👉 https://hackerone.com/reports/1194598
🔹 Severity: No Rating
🔹 Reported To: Sifchain
🔹 Reported By: #himan253
🔹 State: 🟤 Duplicate
🔹 Disclosed: May 14, 2021, 5:19pm (UTC)
👉 https://hackerone.com/reports/1194598
🔹 Severity: No Rating
🔹 Reported To: Sifchain
🔹 Reported By: #himan253
🔹 State: 🟤 Duplicate
🔹 Disclosed: May 14, 2021, 5:19pm (UTC)
Request Access for Uber Device Returns Management Platform (https://www.eats-devicereturns.com/request-access/) Bypass Allows Access to PII
👉 https://hackerone.com/reports/1010787
🔹 Severity: High | 💰 750 USD
🔹 Reported To: Uber
🔹 Reported By: #hunt4p1zza
🔹 State: 🟢 Resolved
🔹 Disclosed: May 14, 2021, 5:24pm (UTC)
👉 https://hackerone.com/reports/1010787
🔹 Severity: High | 💰 750 USD
🔹 Reported To: Uber
🔹 Reported By: #hunt4p1zza
🔹 State: 🟢 Resolved
🔹 Disclosed: May 14, 2021, 5:24pm (UTC)