No Rate Limit on redditgifts gift when Adding Comment
👉 https://hackerone.com/reports/1202408
🔹 Severity: Low | 💰 100 USD
🔹 Reported To: Reddit
🔹 Reported By: #bhatiagaurav1211
🔹 State: 🟢 Resolved
🔹 Disclosed: October 21, 2021, 7:52pm (UTC)
👉 https://hackerone.com/reports/1202408
🔹 Severity: Low | 💰 100 USD
🔹 Reported To: Reddit
🔹 Reported By: #bhatiagaurav1211
🔹 State: 🟢 Resolved
🔹 Disclosed: October 21, 2021, 7:52pm (UTC)
Domain Takeover of Reddit.ru via DNS Hijacking
👉 https://hackerone.com/reports/1226891
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Reddit
🔹 Reported By: #faberge
🔹 State: 🟢 Resolved
🔹 Disclosed: October 21, 2021, 7:52pm (UTC)
👉 https://hackerone.com/reports/1226891
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Reddit
🔹 Reported By: #faberge
🔹 State: 🟢 Resolved
🔹 Disclosed: October 21, 2021, 7:52pm (UTC)
Oauth Misconfiguration Lead To Account Takeover
👉 https://hackerone.com/reports/1212374
🔹 Severity: Medium
🔹 Reported To: Reddit
🔹 Reported By: #shylo
🔹 State: 🟤 Duplicate
🔹 Disclosed: October 21, 2021, 7:53pm (UTC)
👉 https://hackerone.com/reports/1212374
🔹 Severity: Medium
🔹 Reported To: Reddit
🔹 Reported By: #shylo
🔹 State: 🟤 Duplicate
🔹 Disclosed: October 21, 2021, 7:53pm (UTC)
XSS
👉 https://hackerone.com/reports/1209098
🔹 Severity: No Rating
🔹 Reported To: Reddit
🔹 Reported By: #shylo
🔹 State: 🔴 N/A
🔹 Disclosed: October 21, 2021, 7:53pm (UTC)
👉 https://hackerone.com/reports/1209098
🔹 Severity: No Rating
🔹 Reported To: Reddit
🔹 Reported By: #shylo
🔹 State: 🔴 N/A
🔹 Disclosed: October 21, 2021, 7:53pm (UTC)
critical file found etc/passwd on www.reddit.com
👉 https://hackerone.com/reports/1187003
🔹 Severity: High
🔹 Reported To: Reddit
🔹 Reported By: #himan253
🔹 State: 🔴 N/A
🔹 Disclosed: October 21, 2021, 7:54pm (UTC)
👉 https://hackerone.com/reports/1187003
🔹 Severity: High
🔹 Reported To: Reddit
🔹 Reported By: #himan253
🔹 State: 🔴 N/A
🔹 Disclosed: October 21, 2021, 7:54pm (UTC)
User Account has been taken out
👉 https://hackerone.com/reports/1195340
🔹 Severity: Critical
🔹 Reported To: Reddit
🔹 Reported By: #ravitejag
🔹 State: 🟤 Duplicate
🔹 Disclosed: October 21, 2021, 7:55pm (UTC)
👉 https://hackerone.com/reports/1195340
🔹 Severity: Critical
🔹 Reported To: Reddit
🔹 Reported By: #ravitejag
🔹 State: 🟤 Duplicate
🔹 Disclosed: October 21, 2021, 7:55pm (UTC)
Vulnerability Name: URL Redirection / Unvalidate Open Redirect
👉 https://hackerone.com/reports/1182824
🔹 Severity: No Rating
🔹 Reported To: Reddit
🔹 Reported By: #hasnain_123
🔹 State: 🔴 N/A
🔹 Disclosed: October 21, 2021, 7:55pm (UTC)
👉 https://hackerone.com/reports/1182824
🔹 Severity: No Rating
🔹 Reported To: Reddit
🔹 Reported By: #hasnain_123
🔹 State: 🔴 N/A
🔹 Disclosed: October 21, 2021, 7:55pm (UTC)
Broken Authendication And Session Management
👉 https://hackerone.com/reports/1167029
🔹 Severity: No Rating
🔹 Reported To: Reddit
🔹 Reported By: #kedibeauty
🔹 State: 🔴 N/A
🔹 Disclosed: October 21, 2021, 7:56pm (UTC)
👉 https://hackerone.com/reports/1167029
🔹 Severity: No Rating
🔹 Reported To: Reddit
🔹 Reported By: #kedibeauty
🔹 State: 🔴 N/A
🔹 Disclosed: October 21, 2021, 7:56pm (UTC)
GPS metadata preserved when converting HEIF to PNG
👉 https://hackerone.com/reports/1069039
🔹 Severity: High | 💰 5,000 USD
🔹 Reported To: Reddit
🔹 Reported By: #ianonavy
🔹 State: 🟢 Resolved
🔹 Disclosed: October 21, 2021, 7:57pm (UTC)
👉 https://hackerone.com/reports/1069039
🔹 Severity: High | 💰 5,000 USD
🔹 Reported To: Reddit
🔹 Reported By: #ianonavy
🔹 State: 🟢 Resolved
🔹 Disclosed: October 21, 2021, 7:57pm (UTC)
S3 bucket Upload on studio.redditinc.com (s3-r-w.ap-east-1.amazonaws.com)
👉 https://hackerone.com/reports/1276733
🔹 Severity: Low
🔹 Reported To: Reddit
🔹 Reported By: #dinesh07
🔹 State: ⚪️ Informative
🔹 Disclosed: October 21, 2021, 8:00pm (UTC)
👉 https://hackerone.com/reports/1276733
🔹 Severity: Low
🔹 Reported To: Reddit
🔹 Reported By: #dinesh07
🔹 State: ⚪️ Informative
🔹 Disclosed: October 21, 2021, 8:00pm (UTC)
Misuse of groups feature allows workspace members to join private channels without being invited
👉 https://hackerone.com/reports/1248852
🔹 Severity: High | 💰 3,500 USD
🔹 Reported To: Slack
🔹 Reported By: #kmap
🔹 State: 🟢 Resolved
🔹 Disclosed: October 21, 2021, 8:08pm (UTC)
👉 https://hackerone.com/reports/1248852
🔹 Severity: High | 💰 3,500 USD
🔹 Reported To: Slack
🔹 Reported By: #kmap
🔹 State: 🟢 Resolved
🔹 Disclosed: October 21, 2021, 8:08pm (UTC)
Reflected XSS in TikTok endpoints
👉 https://hackerone.com/reports/1350887
🔹 Severity: Medium | 💰 4,500 USD
🔹 Reported To: TikTok
🔹 Reported By: #sh1yo
🔹 State: 🟢 Resolved
🔹 Disclosed: October 22, 2021, 1:44am (UTC)
👉 https://hackerone.com/reports/1350887
🔹 Severity: Medium | 💰 4,500 USD
🔹 Reported To: TikTok
🔹 Reported By: #sh1yo
🔹 State: 🟢 Resolved
🔹 Disclosed: October 22, 2021, 1:44am (UTC)
Broken link profile in the website leads to identity theft.
👉 https://hackerone.com/reports/1343733
🔹 Severity: Medium
🔹 Reported To: Lacework
🔹 Reported By: #spyata
🔹 State: 🟢 Resolved
🔹 Disclosed: October 22, 2021, 5:35pm (UTC)
👉 https://hackerone.com/reports/1343733
🔹 Severity: Medium
🔹 Reported To: Lacework
🔹 Reported By: #spyata
🔹 State: 🟢 Resolved
🔹 Disclosed: October 22, 2021, 5:35pm (UTC)
[Java] CWE-502: Unsafe deserialization with three JSON frameworks
👉 https://hackerone.com/reports/1368720
🔹 Severity: Medium | 💰 1,800 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #luchua
🔹 State: 🟢 Resolved
🔹 Disclosed: October 22, 2021, 10:21pm (UTC)
👉 https://hackerone.com/reports/1368720
🔹 Severity: Medium | 💰 1,800 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #luchua
🔹 State: 🟢 Resolved
🔹 Disclosed: October 22, 2021, 10:21pm (UTC)
[Python]: CWE-117 Log Injection
👉 https://hackerone.com/reports/1368721
🔹 Severity: Medium | 💰 1,800 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #jessforfun
🔹 State: 🟢 Resolved
🔹 Disclosed: October 22, 2021, 10:21pm (UTC)
👉 https://hackerone.com/reports/1368721
🔹 Severity: Medium | 💰 1,800 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #jessforfun
🔹 State: 🟢 Resolved
🔹 Disclosed: October 22, 2021, 10:21pm (UTC)
[cpp] CWE-787: query to detect unsigned integer to signed integer conversions used in pointer arithmetics
👉 https://hackerone.com/reports/1378946
🔹 Severity: High
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #not_specified
🔹 State: 🟢 Resolved
🔹 Disclosed: October 22, 2021, 10:21pm (UTC)
👉 https://hackerone.com/reports/1378946
🔹 Severity: High
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #not_specified
🔹 State: 🟢 Resolved
🔹 Disclosed: October 22, 2021, 10:21pm (UTC)
[Java] CWE-552: Unsafe url forward
👉 https://hackerone.com/reports/1378947
🔹 Severity: Medium
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #not_specified
🔹 State: 🟢 Resolved
🔹 Disclosed: October 22, 2021, 10:22pm (UTC)
👉 https://hackerone.com/reports/1378947
🔹 Severity: Medium
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #not_specified
🔹 State: 🟢 Resolved
🔹 Disclosed: October 22, 2021, 10:22pm (UTC)
XSS on tiktok.com
👉 https://hackerone.com/reports/1322104
🔹 Severity: Medium | 💰 2,000 USD
🔹 Reported To: TikTok
🔹 Reported By: #arifmkhls
🔹 State: 🟢 Resolved
🔹 Disclosed: October 23, 2021, 12:36am (UTC)
👉 https://hackerone.com/reports/1322104
🔹 Severity: Medium | 💰 2,000 USD
🔹 Reported To: TikTok
🔹 Reported By: #arifmkhls
🔹 State: 🟢 Resolved
🔹 Disclosed: October 23, 2021, 12:36am (UTC)
Script breaking tag (Forces website to render blank) (Informative)
👉 https://hackerone.com/reports/1355537
🔹 Severity: Low | 💰 150 USD
🔹 Reported To: XVIDEOS
🔹 Reported By: #ch1ck3n42
🔹 State: 🟢 Resolved
🔹 Disclosed: October 23, 2021, 2:50pm (UTC)
👉 https://hackerone.com/reports/1355537
🔹 Severity: Low | 💰 150 USD
🔹 Reported To: XVIDEOS
🔹 Reported By: #ch1ck3n42
🔹 State: 🟢 Resolved
🔹 Disclosed: October 23, 2021, 2:50pm (UTC)
Image queue default key of 'None' and GraphQL unhandled type exception
👉 https://hackerone.com/reports/996041
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Reddit
🔹 Reported By: #moblig
🔹 State: 🟢 Resolved
🔹 Disclosed: October 27, 2021, 2:04pm (UTC)
👉 https://hackerone.com/reports/996041
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Reddit
🔹 Reported By: #moblig
🔹 State: 🟢 Resolved
🔹 Disclosed: October 27, 2021, 2:04pm (UTC)
Outsider can affect Upvote Percentage of private subreddit post by calling /api/vote API
👉 https://hackerone.com/reports/1298902
🔹 Severity: Low | 💰 100 USD
🔹 Reported To: Reddit
🔹 Reported By: #trieulieuf9
🔹 State: 🟢 Resolved
🔹 Disclosed: October 27, 2021, 2:05pm (UTC)
👉 https://hackerone.com/reports/1298902
🔹 Severity: Low | 💰 100 USD
🔹 Reported To: Reddit
🔹 Reported By: #trieulieuf9
🔹 State: 🟢 Resolved
🔹 Disclosed: October 27, 2021, 2:05pm (UTC)