"urllib" will result to deny of service
👉 https://hackerone.com/reports/1188128
🔹 Severity: Low | 💰 240 USD
🔹 Reported To: Internet Bug Bounty
🔹 Reported By: #4nim4l
🔹 State: 🟢 Resolved
🔹 Disclosed: October 21, 2021, 4:39pm (UTC)
👉 https://hackerone.com/reports/1188128
🔹 Severity: Low | 💰 240 USD
🔹 Reported To: Internet Bug Bounty
🔹 Reported By: #4nim4l
🔹 State: 🟢 Resolved
🔹 Disclosed: October 21, 2021, 4:39pm (UTC)
Hash-Collision Denial-of-Service Vulnerability in Markdown Parser
👉 https://hackerone.com/reports/1341957
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Reddit
🔹 Reported By: #nicolaas
🔹 State: 🟢 Resolved
🔹 Disclosed: October 21, 2021, 5:03pm (UTC)
👉 https://hackerone.com/reports/1341957
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Reddit
🔹 Reported By: #nicolaas
🔹 State: 🟢 Resolved
🔹 Disclosed: October 21, 2021, 5:03pm (UTC)
Domain Takeover at 3hopify.media
👉 https://hackerone.com/reports/1344982
🔹 Severity: No Rating
🔹 Reported To: Shopify
🔹 Reported By: #m7mdharoun
🔹 State: 🟢 Resolved
🔹 Disclosed: October 21, 2021, 6:14pm (UTC)
👉 https://hackerone.com/reports/1344982
🔹 Severity: No Rating
🔹 Reported To: Shopify
🔹 Reported By: #m7mdharoun
🔹 State: 🟢 Resolved
🔹 Disclosed: October 21, 2021, 6:14pm (UTC)
Store Deletion or Sell without authentication
👉 https://hackerone.com/reports/1087382
🔹 Severity: Low | 💰 900 USD
🔹 Reported To: Shopify
🔹 Reported By: #fr4via
🔹 State: 🟢 Resolved
🔹 Disclosed: October 21, 2021, 6:57pm (UTC)
👉 https://hackerone.com/reports/1087382
🔹 Severity: Low | 💰 900 USD
🔹 Reported To: Shopify
🔹 Reported By: #fr4via
🔹 State: 🟢 Resolved
🔹 Disclosed: October 21, 2021, 6:57pm (UTC)
Shopify.com Web Cache Deception vulnerability leads to personal information and CSRF tokens leakage
👉 https://hackerone.com/reports/1271944
🔹 Severity: Low | 💰 800 USD
🔹 Reported To: Shopify
🔹 Reported By: #golim
🔹 State: 🟢 Resolved
🔹 Disclosed: October 21, 2021, 7:12pm (UTC)
👉 https://hackerone.com/reports/1271944
🔹 Severity: Low | 💰 800 USD
🔹 Reported To: Shopify
🔹 Reported By: #golim
🔹 State: 🟢 Resolved
🔹 Disclosed: October 21, 2021, 7:12pm (UTC)
hardcoded api secret & api key in com.reddit.frontpage
👉 https://hackerone.com/reports/1241116
🔹 Severity: Critical
🔹 Reported To: Reddit
🔹 Reported By: #falcon_319
🔹 State: ⚪️ Informative
🔹 Disclosed: October 21, 2021, 7:47pm (UTC)
👉 https://hackerone.com/reports/1241116
🔹 Severity: Critical
🔹 Reported To: Reddit
🔹 Reported By: #falcon_319
🔹 State: ⚪️ Informative
🔹 Disclosed: October 21, 2021, 7:47pm (UTC)
s3 bucket takeover presented in https://github.com/reddit/rpan-studio/blob/e1782332c75ecb2f774343258ff509788feab7ce/CI/full-build-macos.sh
👉 https://hackerone.com/reports/1285598
🔹 Severity: High | 💰 5,000 USD
🔹 Reported To: Reddit
🔹 Reported By: #bhatiagaurav1211
🔹 State: 🟢 Resolved
🔹 Disclosed: October 21, 2021, 7:48pm (UTC)
👉 https://hackerone.com/reports/1285598
🔹 Severity: High | 💰 5,000 USD
🔹 Reported To: Reddit
🔹 Reported By: #bhatiagaurav1211
🔹 State: 🟢 Resolved
🔹 Disclosed: October 21, 2021, 7:48pm (UTC)
Content Spoofing
👉 https://hackerone.com/reports/1165919
🔹 Severity: Low
🔹 Reported To: Reddit
🔹 Reported By: #abdallah1911
🔹 State: 🔴 N/A
🔹 Disclosed: October 21, 2021, 7:49pm (UTC)
👉 https://hackerone.com/reports/1165919
🔹 Severity: Low
🔹 Reported To: Reddit
🔹 Reported By: #abdallah1911
🔹 State: 🔴 N/A
🔹 Disclosed: October 21, 2021, 7:49pm (UTC)
[dubmash] Lack of authorization checks - Update Sound Titles
👉 https://hackerone.com/reports/1102365
🔹 Severity: High | 💰 3,000 USD
🔹 Reported To: Reddit
🔹 Reported By: #sandeep_rj49
🔹 State: 🟢 Resolved
🔹 Disclosed: October 21, 2021, 7:49pm (UTC)
👉 https://hackerone.com/reports/1102365
🔹 Severity: High | 💰 3,000 USD
🔹 Reported To: Reddit
🔹 Reported By: #sandeep_rj49
🔹 State: 🟢 Resolved
🔹 Disclosed: October 21, 2021, 7:49pm (UTC)
IDOR to pay less for coin purchases on oauth.reddit.com via /api/v2/gold/paypal/create_coin_purchase_order in `order_id` parameter
👉 https://hackerone.com/reports/1213765
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Reddit
🔹 Reported By: #yanouhd
🔹 State: 🟢 Resolved
🔹 Disclosed: October 21, 2021, 7:50pm (UTC)
👉 https://hackerone.com/reports/1213765
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Reddit
🔹 Reported By: #yanouhd
🔹 State: 🟢 Resolved
🔹 Disclosed: October 21, 2021, 7:50pm (UTC)
Deleting all DMs on RedditGifts.com
👉 https://hackerone.com/reports/1213237
🔹 Severity: High | 💰 5,000 USD
🔹 Reported To: Reddit
🔹 Reported By: #parasimpaticki
🔹 State: 🟢 Resolved
🔹 Disclosed: October 21, 2021, 7:51pm (UTC)
👉 https://hackerone.com/reports/1213237
🔹 Severity: High | 💰 5,000 USD
🔹 Reported To: Reddit
🔹 Reported By: #parasimpaticki
🔹 State: 🟢 Resolved
🔹 Disclosed: October 21, 2021, 7:51pm (UTC)
No Password Length Restriction leads to Denial of Service
👉 https://hackerone.com/reports/1243009
🔹 Severity: No Rating
🔹 Reported To: Reddit
🔹 Reported By: #c_j_27
🔹 State: 🟤 Duplicate
🔹 Disclosed: October 21, 2021, 7:51pm (UTC)
👉 https://hackerone.com/reports/1243009
🔹 Severity: No Rating
🔹 Reported To: Reddit
🔹 Reported By: #c_j_27
🔹 State: 🟤 Duplicate
🔹 Disclosed: October 21, 2021, 7:51pm (UTC)
Email Verification Bypass And Get access to user's private invitation.
👉 https://hackerone.com/reports/1350401
🔹 Severity: Medium
🔹 Reported To: Reddit
🔹 Reported By: #manish_prajapat
🔹 State: 🔴 N/A
🔹 Disclosed: October 21, 2021, 7:51pm (UTC)
👉 https://hackerone.com/reports/1350401
🔹 Severity: Medium
🔹 Reported To: Reddit
🔹 Reported By: #manish_prajapat
🔹 State: 🔴 N/A
🔹 Disclosed: October 21, 2021, 7:51pm (UTC)
No Rate Limit on redditgifts gift when Adding Comment
👉 https://hackerone.com/reports/1202408
🔹 Severity: Low | 💰 100 USD
🔹 Reported To: Reddit
🔹 Reported By: #bhatiagaurav1211
🔹 State: 🟢 Resolved
🔹 Disclosed: October 21, 2021, 7:52pm (UTC)
👉 https://hackerone.com/reports/1202408
🔹 Severity: Low | 💰 100 USD
🔹 Reported To: Reddit
🔹 Reported By: #bhatiagaurav1211
🔹 State: 🟢 Resolved
🔹 Disclosed: October 21, 2021, 7:52pm (UTC)
Domain Takeover of Reddit.ru via DNS Hijacking
👉 https://hackerone.com/reports/1226891
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Reddit
🔹 Reported By: #faberge
🔹 State: 🟢 Resolved
🔹 Disclosed: October 21, 2021, 7:52pm (UTC)
👉 https://hackerone.com/reports/1226891
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Reddit
🔹 Reported By: #faberge
🔹 State: 🟢 Resolved
🔹 Disclosed: October 21, 2021, 7:52pm (UTC)
Oauth Misconfiguration Lead To Account Takeover
👉 https://hackerone.com/reports/1212374
🔹 Severity: Medium
🔹 Reported To: Reddit
🔹 Reported By: #shylo
🔹 State: 🟤 Duplicate
🔹 Disclosed: October 21, 2021, 7:53pm (UTC)
👉 https://hackerone.com/reports/1212374
🔹 Severity: Medium
🔹 Reported To: Reddit
🔹 Reported By: #shylo
🔹 State: 🟤 Duplicate
🔹 Disclosed: October 21, 2021, 7:53pm (UTC)
XSS
👉 https://hackerone.com/reports/1209098
🔹 Severity: No Rating
🔹 Reported To: Reddit
🔹 Reported By: #shylo
🔹 State: 🔴 N/A
🔹 Disclosed: October 21, 2021, 7:53pm (UTC)
👉 https://hackerone.com/reports/1209098
🔹 Severity: No Rating
🔹 Reported To: Reddit
🔹 Reported By: #shylo
🔹 State: 🔴 N/A
🔹 Disclosed: October 21, 2021, 7:53pm (UTC)
critical file found etc/passwd on www.reddit.com
👉 https://hackerone.com/reports/1187003
🔹 Severity: High
🔹 Reported To: Reddit
🔹 Reported By: #himan253
🔹 State: 🔴 N/A
🔹 Disclosed: October 21, 2021, 7:54pm (UTC)
👉 https://hackerone.com/reports/1187003
🔹 Severity: High
🔹 Reported To: Reddit
🔹 Reported By: #himan253
🔹 State: 🔴 N/A
🔹 Disclosed: October 21, 2021, 7:54pm (UTC)
User Account has been taken out
👉 https://hackerone.com/reports/1195340
🔹 Severity: Critical
🔹 Reported To: Reddit
🔹 Reported By: #ravitejag
🔹 State: 🟤 Duplicate
🔹 Disclosed: October 21, 2021, 7:55pm (UTC)
👉 https://hackerone.com/reports/1195340
🔹 Severity: Critical
🔹 Reported To: Reddit
🔹 Reported By: #ravitejag
🔹 State: 🟤 Duplicate
🔹 Disclosed: October 21, 2021, 7:55pm (UTC)
Vulnerability Name: URL Redirection / Unvalidate Open Redirect
👉 https://hackerone.com/reports/1182824
🔹 Severity: No Rating
🔹 Reported To: Reddit
🔹 Reported By: #hasnain_123
🔹 State: 🔴 N/A
🔹 Disclosed: October 21, 2021, 7:55pm (UTC)
👉 https://hackerone.com/reports/1182824
🔹 Severity: No Rating
🔹 Reported To: Reddit
🔹 Reported By: #hasnain_123
🔹 State: 🔴 N/A
🔹 Disclosed: October 21, 2021, 7:55pm (UTC)
Broken Authendication And Session Management
👉 https://hackerone.com/reports/1167029
🔹 Severity: No Rating
🔹 Reported To: Reddit
🔹 Reported By: #kedibeauty
🔹 State: 🔴 N/A
🔹 Disclosed: October 21, 2021, 7:56pm (UTC)
👉 https://hackerone.com/reports/1167029
🔹 Severity: No Rating
🔹 Reported To: Reddit
🔹 Reported By: #kedibeauty
🔹 State: 🔴 N/A
🔹 Disclosed: October 21, 2021, 7:56pm (UTC)