phpinfo() disclosure info
👉 https://hackerone.com/reports/804809
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #0xelkomy
🔹 State: 🟢 Resolved
🔹 Disclosed: October 18, 2021, 7:29pm (UTC)
👉 https://hackerone.com/reports/804809
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #0xelkomy
🔹 State: 🟢 Resolved
🔹 Disclosed: October 18, 2021, 7:29pm (UTC)
Unauthorized Kubernetes to RCE (root) and found TEAMTNT Crypto Miner on it
👉 https://hackerone.com/reports/1317236
🔹 Severity: Critical
🔹 Reported To: IBM
🔹 Reported By: #un_kn0wn
🔹 State: 🟢 Resolved
🔹 Disclosed: October 18, 2021, 7:30pm (UTC)
👉 https://hackerone.com/reports/1317236
🔹 Severity: Critical
🔹 Reported To: IBM
🔹 Reported By: #un_kn0wn
🔹 State: 🟢 Resolved
🔹 Disclosed: October 18, 2021, 7:30pm (UTC)
SQL Injection in IBM access control panel & Broken access in admin panel
👉 https://hackerone.com/reports/1355817
🔹 Severity: Critical
🔹 Reported To: IBM
🔹 Reported By: #thecyberguy0
🔹 State: 🟢 Resolved
🔹 Disclosed: October 18, 2021, 7:50pm (UTC)
👉 https://hackerone.com/reports/1355817
🔹 Severity: Critical
🔹 Reported To: IBM
🔹 Reported By: #thecyberguy0
🔹 State: 🟢 Resolved
🔹 Disclosed: October 18, 2021, 7:50pm (UTC)
CSRF leads to account deactivation of users
👉 https://hackerone.com/reports/1121990
🔹 Severity: Medium | 💰 300 USD
🔹 Reported To: Evernote
🔹 Reported By: #sampritdas
🔹 State: 🟢 Resolved
🔹 Disclosed: October 19, 2021, 7:05pm (UTC)
👉 https://hackerone.com/reports/1121990
🔹 Severity: Medium | 💰 300 USD
🔹 Reported To: Evernote
🔹 Reported By: #sampritdas
🔹 State: 🟢 Resolved
🔹 Disclosed: October 19, 2021, 7:05pm (UTC)
Незащищённый экземпляр Zeppelin
👉 https://hackerone.com/reports/992564
🔹 Severity: Critical | 💰 35,000 USD
🔹 Reported To: Mail.ru
🔹 Reported By: #k3ypt0
🔹 State: 🟢 Resolved
🔹 Disclosed: October 20, 2021, 8:36am (UTC)
👉 https://hackerone.com/reports/992564
🔹 Severity: Critical | 💰 35,000 USD
🔹 Reported To: Mail.ru
🔹 Reported By: #k3ypt0
🔹 State: 🟢 Resolved
🔹 Disclosed: October 20, 2021, 8:36am (UTC)
HTTP Request Smuggling due to accepting space before colon
👉 https://hackerone.com/reports/1238709
🔹 Severity: Medium | 💰 250 USD
🔹 Reported To: Node.js
🔹 Reported By: #mkg
🔹 State: 🟢 Resolved
🔹 Disclosed: October 20, 2021, 2:58pm (UTC)
👉 https://hackerone.com/reports/1238709
🔹 Severity: Medium | 💰 250 USD
🔹 Reported To: Node.js
🔹 Reported By: #mkg
🔹 State: 🟢 Resolved
🔹 Disclosed: October 20, 2021, 2:58pm (UTC)
RCE on 17 different Docker containers on your network
👉 https://hackerone.com/reports/1332433
🔹 Severity: Critical
🔹 Reported To: Nextcloud
🔹 Reported By: #0x0luke
🔹 State: 🟢 Resolved
🔹 Disclosed: October 20, 2021, 3:07pm (UTC)
👉 https://hackerone.com/reports/1332433
🔹 Severity: Critical
🔹 Reported To: Nextcloud
🔹 Reported By: #0x0luke
🔹 State: 🟢 Resolved
🔹 Disclosed: October 20, 2021, 3:07pm (UTC)
Arbitrary File delete via PHAR deserialization
👉 https://hackerone.com/reports/921288
🔹 Severity: High
🔹 Reported To: Concrete CMS
🔹 Reported By: #reset
🔹 State: 🟢 Resolved
🔹 Disclosed: October 20, 2021, 4:24pm (UTC)
👉 https://hackerone.com/reports/921288
🔹 Severity: High
🔹 Reported To: Concrete CMS
🔹 Reported By: #reset
🔹 State: 🟢 Resolved
🔹 Disclosed: October 20, 2021, 4:24pm (UTC)
"urllib" will result to deny of service
👉 https://hackerone.com/reports/1188128
🔹 Severity: Low | 💰 240 USD
🔹 Reported To: Internet Bug Bounty
🔹 Reported By: #4nim4l
🔹 State: 🟢 Resolved
🔹 Disclosed: October 21, 2021, 4:39pm (UTC)
👉 https://hackerone.com/reports/1188128
🔹 Severity: Low | 💰 240 USD
🔹 Reported To: Internet Bug Bounty
🔹 Reported By: #4nim4l
🔹 State: 🟢 Resolved
🔹 Disclosed: October 21, 2021, 4:39pm (UTC)
Hash-Collision Denial-of-Service Vulnerability in Markdown Parser
👉 https://hackerone.com/reports/1341957
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Reddit
🔹 Reported By: #nicolaas
🔹 State: 🟢 Resolved
🔹 Disclosed: October 21, 2021, 5:03pm (UTC)
👉 https://hackerone.com/reports/1341957
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Reddit
🔹 Reported By: #nicolaas
🔹 State: 🟢 Resolved
🔹 Disclosed: October 21, 2021, 5:03pm (UTC)
Domain Takeover at 3hopify.media
👉 https://hackerone.com/reports/1344982
🔹 Severity: No Rating
🔹 Reported To: Shopify
🔹 Reported By: #m7mdharoun
🔹 State: 🟢 Resolved
🔹 Disclosed: October 21, 2021, 6:14pm (UTC)
👉 https://hackerone.com/reports/1344982
🔹 Severity: No Rating
🔹 Reported To: Shopify
🔹 Reported By: #m7mdharoun
🔹 State: 🟢 Resolved
🔹 Disclosed: October 21, 2021, 6:14pm (UTC)
Store Deletion or Sell without authentication
👉 https://hackerone.com/reports/1087382
🔹 Severity: Low | 💰 900 USD
🔹 Reported To: Shopify
🔹 Reported By: #fr4via
🔹 State: 🟢 Resolved
🔹 Disclosed: October 21, 2021, 6:57pm (UTC)
👉 https://hackerone.com/reports/1087382
🔹 Severity: Low | 💰 900 USD
🔹 Reported To: Shopify
🔹 Reported By: #fr4via
🔹 State: 🟢 Resolved
🔹 Disclosed: October 21, 2021, 6:57pm (UTC)
Shopify.com Web Cache Deception vulnerability leads to personal information and CSRF tokens leakage
👉 https://hackerone.com/reports/1271944
🔹 Severity: Low | 💰 800 USD
🔹 Reported To: Shopify
🔹 Reported By: #golim
🔹 State: 🟢 Resolved
🔹 Disclosed: October 21, 2021, 7:12pm (UTC)
👉 https://hackerone.com/reports/1271944
🔹 Severity: Low | 💰 800 USD
🔹 Reported To: Shopify
🔹 Reported By: #golim
🔹 State: 🟢 Resolved
🔹 Disclosed: October 21, 2021, 7:12pm (UTC)
hardcoded api secret & api key in com.reddit.frontpage
👉 https://hackerone.com/reports/1241116
🔹 Severity: Critical
🔹 Reported To: Reddit
🔹 Reported By: #falcon_319
🔹 State: ⚪️ Informative
🔹 Disclosed: October 21, 2021, 7:47pm (UTC)
👉 https://hackerone.com/reports/1241116
🔹 Severity: Critical
🔹 Reported To: Reddit
🔹 Reported By: #falcon_319
🔹 State: ⚪️ Informative
🔹 Disclosed: October 21, 2021, 7:47pm (UTC)
s3 bucket takeover presented in https://github.com/reddit/rpan-studio/blob/e1782332c75ecb2f774343258ff509788feab7ce/CI/full-build-macos.sh
👉 https://hackerone.com/reports/1285598
🔹 Severity: High | 💰 5,000 USD
🔹 Reported To: Reddit
🔹 Reported By: #bhatiagaurav1211
🔹 State: 🟢 Resolved
🔹 Disclosed: October 21, 2021, 7:48pm (UTC)
👉 https://hackerone.com/reports/1285598
🔹 Severity: High | 💰 5,000 USD
🔹 Reported To: Reddit
🔹 Reported By: #bhatiagaurav1211
🔹 State: 🟢 Resolved
🔹 Disclosed: October 21, 2021, 7:48pm (UTC)
Content Spoofing
👉 https://hackerone.com/reports/1165919
🔹 Severity: Low
🔹 Reported To: Reddit
🔹 Reported By: #abdallah1911
🔹 State: 🔴 N/A
🔹 Disclosed: October 21, 2021, 7:49pm (UTC)
👉 https://hackerone.com/reports/1165919
🔹 Severity: Low
🔹 Reported To: Reddit
🔹 Reported By: #abdallah1911
🔹 State: 🔴 N/A
🔹 Disclosed: October 21, 2021, 7:49pm (UTC)
[dubmash] Lack of authorization checks - Update Sound Titles
👉 https://hackerone.com/reports/1102365
🔹 Severity: High | 💰 3,000 USD
🔹 Reported To: Reddit
🔹 Reported By: #sandeep_rj49
🔹 State: 🟢 Resolved
🔹 Disclosed: October 21, 2021, 7:49pm (UTC)
👉 https://hackerone.com/reports/1102365
🔹 Severity: High | 💰 3,000 USD
🔹 Reported To: Reddit
🔹 Reported By: #sandeep_rj49
🔹 State: 🟢 Resolved
🔹 Disclosed: October 21, 2021, 7:49pm (UTC)
IDOR to pay less for coin purchases on oauth.reddit.com via /api/v2/gold/paypal/create_coin_purchase_order in `order_id` parameter
👉 https://hackerone.com/reports/1213765
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Reddit
🔹 Reported By: #yanouhd
🔹 State: 🟢 Resolved
🔹 Disclosed: October 21, 2021, 7:50pm (UTC)
👉 https://hackerone.com/reports/1213765
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Reddit
🔹 Reported By: #yanouhd
🔹 State: 🟢 Resolved
🔹 Disclosed: October 21, 2021, 7:50pm (UTC)
Deleting all DMs on RedditGifts.com
👉 https://hackerone.com/reports/1213237
🔹 Severity: High | 💰 5,000 USD
🔹 Reported To: Reddit
🔹 Reported By: #parasimpaticki
🔹 State: 🟢 Resolved
🔹 Disclosed: October 21, 2021, 7:51pm (UTC)
👉 https://hackerone.com/reports/1213237
🔹 Severity: High | 💰 5,000 USD
🔹 Reported To: Reddit
🔹 Reported By: #parasimpaticki
🔹 State: 🟢 Resolved
🔹 Disclosed: October 21, 2021, 7:51pm (UTC)
No Password Length Restriction leads to Denial of Service
👉 https://hackerone.com/reports/1243009
🔹 Severity: No Rating
🔹 Reported To: Reddit
🔹 Reported By: #c_j_27
🔹 State: 🟤 Duplicate
🔹 Disclosed: October 21, 2021, 7:51pm (UTC)
👉 https://hackerone.com/reports/1243009
🔹 Severity: No Rating
🔹 Reported To: Reddit
🔹 Reported By: #c_j_27
🔹 State: 🟤 Duplicate
🔹 Disclosed: October 21, 2021, 7:51pm (UTC)
Email Verification Bypass And Get access to user's private invitation.
👉 https://hackerone.com/reports/1350401
🔹 Severity: Medium
🔹 Reported To: Reddit
🔹 Reported By: #manish_prajapat
🔹 State: 🔴 N/A
🔹 Disclosed: October 21, 2021, 7:51pm (UTC)
👉 https://hackerone.com/reports/1350401
🔹 Severity: Medium
🔹 Reported To: Reddit
🔹 Reported By: #manish_prajapat
🔹 State: 🔴 N/A
🔹 Disclosed: October 21, 2021, 7:51pm (UTC)