AWS subdomain takeover of www.███████
👉 https://hackerone.com/reports/1329792
🔹 Severity: High
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #al-madjus
🔹 State: 🟢 Resolved
🔹 Disclosed: October 28, 2021, 8:18pm (UTC)
👉 https://hackerone.com/reports/1329792
🔹 Severity: High
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #al-madjus
🔹 State: 🟢 Resolved
🔹 Disclosed: October 28, 2021, 8:18pm (UTC)
Bypassing the Grammarly plagiarism checker by simply replacing characters in the source text
👉 https://hackerone.com/reports/1282282
🔹 Severity: No Rating
🔹 Reported To: Grammarly
🔹 Reported By: #evilksandr
🔹 State: ⚪️ Informative
🔹 Disclosed: October 28, 2021, 9:24pm (UTC)
👉 https://hackerone.com/reports/1282282
🔹 Severity: No Rating
🔹 Reported To: Grammarly
🔹 Reported By: #evilksandr
🔹 State: ⚪️ Informative
🔹 Disclosed: October 28, 2021, 9:24pm (UTC)
HTML Injection on tiktoktutorials via firstName parameter
👉 https://hackerone.com/reports/1343492
🔹 Severity: Low
🔹 Reported To: TikTok
🔹 Reported By: #siratsami
🔹 State: 🟢 Resolved
🔹 Disclosed: October 30, 2021, 2:08am (UTC)
👉 https://hackerone.com/reports/1343492
🔹 Severity: Low
🔹 Reported To: TikTok
🔹 Reported By: #siratsami
🔹 State: 🟢 Resolved
🔹 Disclosed: October 30, 2021, 2:08am (UTC)
[play.skillbox.ru] CRLF Injection
👉 https://hackerone.com/reports/1271276
🔹 Severity: Medium
🔹 Reported To: Mail.ru
🔹 Reported By: #s_kustm
🔹 State: 🟢 Resolved
🔹 Disclosed: October 30, 2021, 3:19pm (UTC)
👉 https://hackerone.com/reports/1271276
🔹 Severity: Medium
🔹 Reported To: Mail.ru
🔹 Reported By: #s_kustm
🔹 State: 🟢 Resolved
🔹 Disclosed: October 30, 2021, 3:19pm (UTC)
critical server misconfiguration lead to access to any user sensitive data which include user email and password
👉 https://hackerone.com/reports/1365738
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Flickr
🔹 Reported By: #mr_robert
🔹 State: 🟢 Resolved
🔹 Disclosed: November 2, 2021, 3:50pm (UTC)
👉 https://hackerone.com/reports/1365738
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Flickr
🔹 Reported By: #mr_robert
🔹 State: 🟢 Resolved
🔹 Disclosed: November 2, 2021, 3:50pm (UTC)
C# : Add query to detect Server Side Request Forgery
👉 https://hackerone.com/reports/1389905
🔹 Severity: Medium
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #not_specified
🔹 State: 🟢 Resolved
🔹 Disclosed: November 2, 2021, 6:23pm (UTC)
👉 https://hackerone.com/reports/1389905
🔹 Severity: Medium
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #not_specified
🔹 State: 🟢 Resolved
🔹 Disclosed: November 2, 2021, 6:23pm (UTC)
HTTP Request Smuggling due to ignoring chunk extensions
👉 https://hackerone.com/reports/1238099
🔹 Severity: Medium | 💰 250 USD
🔹 Reported To: Node.js
🔹 Reported By: #mkg
🔹 State: 🟢 Resolved
🔹 Disclosed: November 2, 2021, 9:07pm (UTC)
👉 https://hackerone.com/reports/1238099
🔹 Severity: Medium | 💰 250 USD
🔹 Reported To: Node.js
🔹 Reported By: #mkg
🔹 State: 🟢 Resolved
🔹 Disclosed: November 2, 2021, 9:07pm (UTC)
[samokat.ru] PHP modules path disclosure due to lack of error handling
👉 https://hackerone.com/reports/1353244
🔹 Severity: No Rating
🔹 Reported To: Mail.ru
🔹 Reported By: #andridev_
🔹 State: 🟢 Resolved
🔹 Disclosed: November 3, 2021, 3:34pm (UTC)
👉 https://hackerone.com/reports/1353244
🔹 Severity: No Rating
🔹 Reported To: Mail.ru
🔹 Reported By: #andridev_
🔹 State: 🟢 Resolved
🔹 Disclosed: November 3, 2021, 3:34pm (UTC)
Attacker is able to join any tenant on larksuite and view personal files/chats.
👉 https://hackerone.com/reports/1363185
🔹 Severity: Critical | 💰 7,500 USD
🔹 Reported To: Lark Technologies
🔹 Reported By: #imran_nisar
🔹 State: 🟢 Resolved
🔹 Disclosed: November 3, 2021, 9:32pm (UTC)
👉 https://hackerone.com/reports/1363185
🔹 Severity: Critical | 💰 7,500 USD
🔹 Reported To: Lark Technologies
🔹 Reported By: #imran_nisar
🔹 State: 🟢 Resolved
🔹 Disclosed: November 3, 2021, 9:32pm (UTC)
Subdomain Takeover - pmp.oneweb.net
👉 https://hackerone.com/reports/1390093
🔹 Severity: High
🔹 Reported To: OneWeb
🔹 Reported By: #melbadry9
🔹 State: 🟢 Resolved
🔹 Disclosed: November 4, 2021, 9:10am (UTC)
👉 https://hackerone.com/reports/1390093
🔹 Severity: High
🔹 Reported To: OneWeb
🔹 Reported By: #melbadry9
🔹 State: 🟢 Resolved
🔹 Disclosed: November 4, 2021, 9:10am (UTC)
Authentication Bypass & ApacheTomcat Misconfiguration in [██]
👉 https://hackerone.com/reports/1364022
🔹 Severity: Medium
🔹 Reported To: 8x8
🔹 Reported By: #thecyberguy0
🔹 State: 🟢 Resolved
🔹 Disclosed: November 4, 2021, 9:12am (UTC)
👉 https://hackerone.com/reports/1364022
🔹 Severity: Medium
🔹 Reported To: 8x8
🔹 Reported By: #thecyberguy0
🔹 State: 🟢 Resolved
🔹 Disclosed: November 4, 2021, 9:12am (UTC)
Remote Code Execution at https://169.38.86.185/ (edst.ibm.com)
👉 https://hackerone.com/reports/1379130
🔹 Severity: Critical
🔹 Reported To: IBM
🔹 Reported By: #haxor31337
🔹 State: 🟢 Resolved
🔹 Disclosed: November 4, 2021, 12:01pm (UTC)
👉 https://hackerone.com/reports/1379130
🔹 Severity: Critical
🔹 Reported To: IBM
🔹 Reported By: #haxor31337
🔹 State: 🟢 Resolved
🔹 Disclosed: November 4, 2021, 12:01pm (UTC)
private keys exposed on the GitHub repository
👉 https://hackerone.com/reports/1255869
🔹 Severity: Medium
🔹 Reported To: MCUboot
🔹 Reported By: #rofes
🔹 State: 🟤 Duplicate
🔹 Disclosed: November 4, 2021, 3:15pm (UTC)
👉 https://hackerone.com/reports/1255869
🔹 Severity: Medium
🔹 Reported To: MCUboot
🔹 Reported By: #rofes
🔹 State: 🟤 Duplicate
🔹 Disclosed: November 4, 2021, 3:15pm (UTC)
Steal any users `access_token` via open redirect in https://streamlabs.com/global/identity?popup=1&r=
👉 https://hackerone.com/reports/1327742
🔹 Severity: Medium | 💰 200 USD
🔹 Reported To: Logitech
🔹 Reported By: #sudi
🔹 State: 🟢 Resolved
🔹 Disclosed: November 4, 2021, 3:55pm (UTC)
👉 https://hackerone.com/reports/1327742
🔹 Severity: Medium | 💰 200 USD
🔹 Reported To: Logitech
🔹 Reported By: #sudi
🔹 State: 🟢 Resolved
🔹 Disclosed: November 4, 2021, 3:55pm (UTC)
Request line injection via HTTP/2 in Apache mod_proxy
👉 https://hackerone.com/reports/1391549
🔹 Severity: Medium | 💰 1,200 USD
🔹 Reported To: Internet Bug Bounty
🔹 Reported By: #albinowax
🔹 State: 🟢 Resolved
🔹 Disclosed: November 4, 2021, 4:11pm (UTC)
👉 https://hackerone.com/reports/1391549
🔹 Severity: Medium | 💰 1,200 USD
🔹 Reported To: Internet Bug Bounty
🔹 Reported By: #albinowax
🔹 State: 🟢 Resolved
🔹 Disclosed: November 4, 2021, 4:11pm (UTC)
Man in the middle using LoadBalancer or ExternalIPs services
👉 https://hackerone.com/reports/764986
🔹 Severity: Medium | 💰 1,000 USD
🔹 Reported To: Kubernetes
🔹 Reported By: #champtar
🔹 State: 🟢 Resolved
🔹 Disclosed: November 4, 2021, 6:09pm (UTC)
👉 https://hackerone.com/reports/764986
🔹 Severity: Medium | 💰 1,000 USD
🔹 Reported To: Kubernetes
🔹 Reported By: #champtar
🔹 State: 🟢 Resolved
🔹 Disclosed: November 4, 2021, 6:09pm (UTC)
Tokenless GUI Authentication
👉 https://hackerone.com/reports/1350755
🔹 Severity: Medium
🔹 Reported To: Kubernetes
🔹 Reported By: #seanland
🔹 State: 🟢 Resolved
🔹 Disclosed: November 4, 2021, 8:09pm (UTC)
👉 https://hackerone.com/reports/1350755
🔹 Severity: Medium
🔹 Reported To: Kubernetes
🔹 Reported By: #seanland
🔹 State: 🟢 Resolved
🔹 Disclosed: November 4, 2021, 8:09pm (UTC)
Stored XSS в m.vk.com/video
👉 https://hackerone.com/reports/730963
🔹 Severity: High | 💰 500 USD
🔹 Reported To: VK.com
🔹 Reported By: #executor
🔹 State: 🟢 Resolved
🔹 Disclosed: November 5, 2021, 3:36pm (UTC)
👉 https://hackerone.com/reports/730963
🔹 Severity: High | 💰 500 USD
🔹 Reported To: VK.com
🔹 Reported By: #executor
🔹 State: 🟢 Resolved
🔹 Disclosed: November 5, 2021, 3:36pm (UTC)
Stored XSS вирус в al_video.php?act=a_choose_video_box
👉 https://hackerone.com/reports/670509
🔹 Severity: High | 💰 500 USD
🔹 Reported To: VK.com
🔹 Reported By: #executor
🔹 State: 🟢 Resolved
🔹 Disclosed: November 5, 2021, 3:37pm (UTC)
👉 https://hackerone.com/reports/670509
🔹 Severity: High | 💰 500 USD
🔹 Reported To: VK.com
🔹 Reported By: #executor
🔹 State: 🟢 Resolved
🔹 Disclosed: November 5, 2021, 3:37pm (UTC)
Просмотр удаленного сообщения из лс группы + возможность его переслать.
👉 https://hackerone.com/reports/507972
🔹 Severity: Medium | 💰 100 USD
🔹 Reported To: VK.com
🔹 Reported By: #executor
🔹 State: 🟢 Resolved
🔹 Disclosed: November 5, 2021, 3:40pm (UTC)
👉 https://hackerone.com/reports/507972
🔹 Severity: Medium | 💰 100 USD
🔹 Reported To: VK.com
🔹 Reported By: #executor
🔹 State: 🟢 Resolved
🔹 Disclosed: November 5, 2021, 3:40pm (UTC)
Делаем плейлист от любого(почти) пользователя/группы/артиста.
👉 https://hackerone.com/reports/504162
🔹 Severity: Low | 💰 100 USD
🔹 Reported To: VK.com
🔹 Reported By: #executor
🔹 State: 🟢 Resolved
🔹 Disclosed: November 5, 2021, 3:52pm (UTC)
👉 https://hackerone.com/reports/504162
🔹 Severity: Low | 💰 100 USD
🔹 Reported To: VK.com
🔹 Reported By: #executor
🔹 State: 🟢 Resolved
🔹 Disclosed: November 5, 2021, 3:52pm (UTC)