Information disclosure -> 2fa bypass -> POST exploitation
👉 https://hackerone.com/reports/1276373
🔹 Severity: Medium | 💰 300 USD
🔹 Reported To: Algolia
🔹 Reported By: #akashhamal0x01
🔹 State: 🟢 Resolved
🔹 Disclosed: September 8, 2021, 1:40pm (UTC)
👉 https://hackerone.com/reports/1276373
🔹 Severity: Medium | 💰 300 USD
🔹 Reported To: Algolia
🔹 Reported By: #akashhamal0x01
🔹 State: 🟢 Resolved
🔹 Disclosed: September 8, 2021, 1:40pm (UTC)
[185.30.178.57:8080] - Vulnerable to Jetleak
👉 https://hackerone.com/reports/1289029
🔹 Severity: Critical | 💰 250 USD
🔹 Reported To: Mail.ru
🔹 Reported By: #xaleraf4ra
🔹 State: 🟢 Resolved
🔹 Disclosed: September 8, 2021, 4:43pm (UTC)
👉 https://hackerone.com/reports/1289029
🔹 Severity: Critical | 💰 250 USD
🔹 Reported To: Mail.ru
🔹 Reported By: #xaleraf4ra
🔹 State: 🟢 Resolved
🔹 Disclosed: September 8, 2021, 4:43pm (UTC)
DNS Miconfiguration Leads to Subdomain Takeover - max1.liveplan.com
👉 https://hackerone.com/reports/1294492
🔹 Severity: High
🔹 Reported To: Palo Alto Software
🔹 Reported By: #melbadry9
🔹 State: 🟢 Resolved
🔹 Disclosed: September 8, 2021, 4:45pm (UTC)
👉 https://hackerone.com/reports/1294492
🔹 Severity: High
🔹 Reported To: Palo Alto Software
🔹 Reported By: #melbadry9
🔹 State: 🟢 Resolved
🔹 Disclosed: September 8, 2021, 4:45pm (UTC)
Underrepresentation Bias through Twitter's Cropping Algorithm
👉 https://hackerone.com/reports/1294062
🔹 Severity: Critical
🔹 Reported To: Twitter Algorithmic Bias
🔹 Reported By: #cyberqueenmeg
🔹 State: 🟢 Resolved
🔹 Disclosed: September 8, 2021, 10:50pm (UTC)
👉 https://hackerone.com/reports/1294062
🔹 Severity: Critical
🔹 Reported To: Twitter Algorithmic Bias
🔹 Reported By: #cyberqueenmeg
🔹 State: 🟢 Resolved
🔹 Disclosed: September 8, 2021, 10:50pm (UTC)
Underrepresentation Bias through Twitter's Cropping Algorithm #2: Favoring Animals over Black People
👉 https://hackerone.com/reports/1294242
🔹 Severity: Critical
🔹 Reported To: Twitter Algorithmic Bias
🔹 Reported By: #cyberqueenmeg
🔹 State: 🟢 Resolved
🔹 Disclosed: September 8, 2021, 10:50pm (UTC)
👉 https://hackerone.com/reports/1294242
🔹 Severity: Critical
🔹 Reported To: Twitter Algorithmic Bias
🔹 Reported By: #cyberqueenmeg
🔹 State: 🟢 Resolved
🔹 Disclosed: September 8, 2021, 10:50pm (UTC)
Economic Harm through Twitter's Cropping Algorithm
👉 https://hackerone.com/reports/1290872
🔹 Severity: Critical
🔹 Reported To: Twitter Algorithmic Bias
🔹 Reported By: #cyberqueenmeg
🔹 State: 🟢 Resolved
🔹 Disclosed: September 8, 2021, 10:50pm (UTC)
👉 https://hackerone.com/reports/1290872
🔹 Severity: Critical
🔹 Reported To: Twitter Algorithmic Bias
🔹 Reported By: #cyberqueenmeg
🔹 State: 🟢 Resolved
🔹 Disclosed: September 8, 2021, 10:50pm (UTC)
RCE Apache Struts2 remote command execution (S2-045) on [wifi-partner.mtn.com.gh]
👉 https://hackerone.com/reports/1070532
🔹 Severity: High
🔹 Reported To: MTN Group
🔹 Reported By: #pisarenko
🔹 State: 🟢 Resolved
🔹 Disclosed: September 9, 2021, 11:34am (UTC)
👉 https://hackerone.com/reports/1070532
🔹 Severity: High
🔹 Reported To: MTN Group
🔹 Reported By: #pisarenko
🔹 State: 🟢 Resolved
🔹 Disclosed: September 9, 2021, 11:34am (UTC)
blind sql on [selfcare.mtn.com.af]
👉 https://hackerone.com/reports/925007
🔹 Severity: Medium
🔹 Reported To: MTN Group
🔹 Reported By: #pisarenko
🔹 State: 🟢 Resolved
🔹 Disclosed: September 9, 2021, 11:39am (UTC)
👉 https://hackerone.com/reports/925007
🔹 Severity: Medium
🔹 Reported To: MTN Group
🔹 Reported By: #pisarenko
🔹 State: 🟢 Resolved
🔹 Disclosed: September 9, 2021, 11:39am (UTC)
SQL injection [futexpert.mtngbissau.com]
👉 https://hackerone.com/reports/924855
🔹 Severity: High
🔹 Reported To: MTN Group
🔹 Reported By: #pisarenko
🔹 State: 🟢 Resolved
🔹 Disclosed: September 9, 2021, 11:40am (UTC)
👉 https://hackerone.com/reports/924855
🔹 Severity: High
🔹 Reported To: MTN Group
🔹 Reported By: #pisarenko
🔹 State: 🟢 Resolved
🔹 Disclosed: September 9, 2021, 11:40am (UTC)
link.avito.ru - Bypass of restrictions on external links.
👉 https://hackerone.com/reports/956449
🔹 Severity: Medium
🔹 Reported To: Avito
🔹 Reported By: #hen51
🔹 State: 🟢 Resolved
🔹 Disclosed: September 9, 2021, 5:25pm (UTC)
👉 https://hackerone.com/reports/956449
🔹 Severity: Medium
🔹 Reported To: Avito
🔹 Reported By: #hen51
🔹 State: 🟢 Resolved
🔹 Disclosed: September 9, 2021, 5:25pm (UTC)
Subdomain takeover of ███
👉 https://hackerone.com/reports/892667
🔹 Severity: Critical
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #simplyrishabh
🔹 State: 🟢 Resolved
🔹 Disclosed: September 9, 2021, 7:55pm (UTC)
👉 https://hackerone.com/reports/892667
🔹 Severity: Critical
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #simplyrishabh
🔹 State: 🟢 Resolved
🔹 Disclosed: September 9, 2021, 7:55pm (UTC)
XSS due to CVE-2020-3580 [██████]
👉 https://hackerone.com/reports/1277392
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #fdeleite
🔹 State: 🟢 Resolved
🔹 Disclosed: September 9, 2021, 7:56pm (UTC)
👉 https://hackerone.com/reports/1277392
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #fdeleite
🔹 State: 🟢 Resolved
🔹 Disclosed: September 9, 2021, 7:56pm (UTC)
XSS due to CVE-2020-3580 [███]
👉 https://hackerone.com/reports/1277389
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #fdeleite
🔹 State: 🟢 Resolved
🔹 Disclosed: September 9, 2021, 7:57pm (UTC)
👉 https://hackerone.com/reports/1277389
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #fdeleite
🔹 State: 🟢 Resolved
🔹 Disclosed: September 9, 2021, 7:57pm (UTC)
Sensitive data exposure via https://███████/jira//secure/QueryComponent!Default.jspa - CVE-2020-14179
👉 https://hackerone.com/reports/1153817
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #lu3ky-13
🔹 State: 🟢 Resolved
🔹 Disclosed: September 9, 2021, 7:58pm (UTC)
👉 https://hackerone.com/reports/1153817
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #lu3ky-13
🔹 State: 🟢 Resolved
🔹 Disclosed: September 9, 2021, 7:58pm (UTC)
System Error Reveals SQL Information
👉 https://hackerone.com/reports/1272095
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #miguel_santareno
🔹 State: 🟢 Resolved
🔹 Disclosed: September 9, 2021, 7:59pm (UTC)
👉 https://hackerone.com/reports/1272095
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #miguel_santareno
🔹 State: 🟢 Resolved
🔹 Disclosed: September 9, 2021, 7:59pm (UTC)
SQL injection located in `███` in POST param `████████`
👉 https://hackerone.com/reports/1262757
🔹 Severity: High
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #brumens
🔹 State: 🟢 Resolved
🔹 Disclosed: September 9, 2021, 8:00pm (UTC)
👉 https://hackerone.com/reports/1262757
🔹 Severity: High
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #brumens
🔹 State: 🟢 Resolved
🔹 Disclosed: September 9, 2021, 8:00pm (UTC)
Stored XSS on top.mail.ru
👉 https://hackerone.com/reports/1241107
🔹 Severity: Medium
🔹 Reported To: Mail.ru
🔹 Reported By: #savproga
🔹 State: 🟢 Resolved
🔹 Disclosed: September 10, 2021, 7:18am (UTC)
👉 https://hackerone.com/reports/1241107
🔹 Severity: Medium
🔹 Reported To: Mail.ru
🔹 Reported By: #savproga
🔹 State: 🟢 Resolved
🔹 Disclosed: September 10, 2021, 7:18am (UTC)
[play.mtn.co.za] Application level DoS via xmlrpc.php
👉 https://hackerone.com/reports/925519
🔹 Severity: Medium
🔹 Reported To: MTN Group
🔹 Reported By: #devhug
🔹 State: 🟢 Resolved
🔹 Disclosed: September 10, 2021, 4:21pm (UTC)
👉 https://hackerone.com/reports/925519
🔹 Severity: Medium
🔹 Reported To: MTN Group
🔹 Reported By: #devhug
🔹 State: 🟢 Resolved
🔹 Disclosed: September 10, 2021, 4:21pm (UTC)
Improper handling of untypical characters in domain names
👉 https://hackerone.com/reports/1178337
🔹 Severity: High
🔹 Reported To: Node.js
🔹 Reported By: #philippjeitner
🔹 State: 🟢 Resolved
🔹 Disclosed: September 10, 2021, 5:51pm (UTC)
👉 https://hackerone.com/reports/1178337
🔹 Severity: High
🔹 Reported To: Node.js
🔹 Reported By: #philippjeitner
🔹 State: 🟢 Resolved
🔹 Disclosed: September 10, 2021, 5:51pm (UTC)
Built-in TLS module unexpectedly treats "rejectUnauthorized: undefined" as "rejectUnauthorized: false", disabling all certificate validation
👉 https://hackerone.com/reports/1278254
🔹 Severity: Low
🔹 Reported To: Node.js
🔹 Reported By: #pimterry
🔹 State: 🟢 Resolved
🔹 Disclosed: September 10, 2021, 5:53pm (UTC)
👉 https://hackerone.com/reports/1278254
🔹 Severity: Low
🔹 Reported To: Node.js
🔹 Reported By: #pimterry
🔹 State: 🟢 Resolved
🔹 Disclosed: September 10, 2021, 5:53pm (UTC)
Create free Shopify application credits.
👉 https://hackerone.com/reports/1257428
🔹 Severity: Medium | 💰 2,900 USD
🔹 Reported To: Shopify
🔹 Reported By: #jmp_35p
🔹 State: 🟢 Resolved
🔹 Disclosed: September 10, 2021, 9:53pm (UTC)
👉 https://hackerone.com/reports/1257428
🔹 Severity: Medium | 💰 2,900 USD
🔹 Reported To: Shopify
🔹 Reported By: #jmp_35p
🔹 State: 🟢 Resolved
🔹 Disclosed: September 10, 2021, 9:53pm (UTC)