Steal any users `access_token` via open redirect in https://streamlabs.com/global/identity?popup=1&r=
👉 https://hackerone.com/reports/1327742
🔹 Severity: Medium | 💰 200 USD
🔹 Reported To: Logitech
🔹 Reported By: #sudi
🔹 State: 🟢 Resolved
🔹 Disclosed: November 4, 2021, 3:55pm (UTC)
👉 https://hackerone.com/reports/1327742
🔹 Severity: Medium | 💰 200 USD
🔹 Reported To: Logitech
🔹 Reported By: #sudi
🔹 State: 🟢 Resolved
🔹 Disclosed: November 4, 2021, 3:55pm (UTC)
Request line injection via HTTP/2 in Apache mod_proxy
👉 https://hackerone.com/reports/1391549
🔹 Severity: Medium | 💰 1,200 USD
🔹 Reported To: Internet Bug Bounty
🔹 Reported By: #albinowax
🔹 State: 🟢 Resolved
🔹 Disclosed: November 4, 2021, 4:11pm (UTC)
👉 https://hackerone.com/reports/1391549
🔹 Severity: Medium | 💰 1,200 USD
🔹 Reported To: Internet Bug Bounty
🔹 Reported By: #albinowax
🔹 State: 🟢 Resolved
🔹 Disclosed: November 4, 2021, 4:11pm (UTC)
Man in the middle using LoadBalancer or ExternalIPs services
👉 https://hackerone.com/reports/764986
🔹 Severity: Medium | 💰 1,000 USD
🔹 Reported To: Kubernetes
🔹 Reported By: #champtar
🔹 State: 🟢 Resolved
🔹 Disclosed: November 4, 2021, 6:09pm (UTC)
👉 https://hackerone.com/reports/764986
🔹 Severity: Medium | 💰 1,000 USD
🔹 Reported To: Kubernetes
🔹 Reported By: #champtar
🔹 State: 🟢 Resolved
🔹 Disclosed: November 4, 2021, 6:09pm (UTC)
Tokenless GUI Authentication
👉 https://hackerone.com/reports/1350755
🔹 Severity: Medium
🔹 Reported To: Kubernetes
🔹 Reported By: #seanland
🔹 State: 🟢 Resolved
🔹 Disclosed: November 4, 2021, 8:09pm (UTC)
👉 https://hackerone.com/reports/1350755
🔹 Severity: Medium
🔹 Reported To: Kubernetes
🔹 Reported By: #seanland
🔹 State: 🟢 Resolved
🔹 Disclosed: November 4, 2021, 8:09pm (UTC)
Stored XSS в m.vk.com/video
👉 https://hackerone.com/reports/730963
🔹 Severity: High | 💰 500 USD
🔹 Reported To: VK.com
🔹 Reported By: #executor
🔹 State: 🟢 Resolved
🔹 Disclosed: November 5, 2021, 3:36pm (UTC)
👉 https://hackerone.com/reports/730963
🔹 Severity: High | 💰 500 USD
🔹 Reported To: VK.com
🔹 Reported By: #executor
🔹 State: 🟢 Resolved
🔹 Disclosed: November 5, 2021, 3:36pm (UTC)
Stored XSS вирус в al_video.php?act=a_choose_video_box
👉 https://hackerone.com/reports/670509
🔹 Severity: High | 💰 500 USD
🔹 Reported To: VK.com
🔹 Reported By: #executor
🔹 State: 🟢 Resolved
🔹 Disclosed: November 5, 2021, 3:37pm (UTC)
👉 https://hackerone.com/reports/670509
🔹 Severity: High | 💰 500 USD
🔹 Reported To: VK.com
🔹 Reported By: #executor
🔹 State: 🟢 Resolved
🔹 Disclosed: November 5, 2021, 3:37pm (UTC)
Просмотр удаленного сообщения из лс группы + возможность его переслать.
👉 https://hackerone.com/reports/507972
🔹 Severity: Medium | 💰 100 USD
🔹 Reported To: VK.com
🔹 Reported By: #executor
🔹 State: 🟢 Resolved
🔹 Disclosed: November 5, 2021, 3:40pm (UTC)
👉 https://hackerone.com/reports/507972
🔹 Severity: Medium | 💰 100 USD
🔹 Reported To: VK.com
🔹 Reported By: #executor
🔹 State: 🟢 Resolved
🔹 Disclosed: November 5, 2021, 3:40pm (UTC)
Делаем плейлист от любого(почти) пользователя/группы/артиста.
👉 https://hackerone.com/reports/504162
🔹 Severity: Low | 💰 100 USD
🔹 Reported To: VK.com
🔹 Reported By: #executor
🔹 State: 🟢 Resolved
🔹 Disclosed: November 5, 2021, 3:52pm (UTC)
👉 https://hackerone.com/reports/504162
🔹 Severity: Low | 💰 100 USD
🔹 Reported To: VK.com
🔹 Reported By: #executor
🔹 State: 🟢 Resolved
🔹 Disclosed: November 5, 2021, 3:52pm (UTC)
Обход фильтра на ссылки в загрузке историй..
👉 https://hackerone.com/reports/522214
🔹 Severity: Low | 💰 100 USD
🔹 Reported To: VK.com
🔹 Reported By: #executor
🔹 State: 🟢 Resolved
🔹 Disclosed: November 5, 2021, 3:54pm (UTC)
👉 https://hackerone.com/reports/522214
🔹 Severity: Low | 💰 100 USD
🔹 Reported To: VK.com
🔹 Reported By: #executor
🔹 State: 🟢 Resolved
🔹 Disclosed: November 5, 2021, 3:54pm (UTC)
CSRF в m.vk.com
👉 https://hackerone.com/reports/300999
🔹 Severity: Medium | 💰 100 USD
🔹 Reported To: VK.com
🔹 Reported By: #executor
🔹 State: 🟢 Resolved
🔹 Disclosed: November 5, 2021, 3:59pm (UTC)
👉 https://hackerone.com/reports/300999
🔹 Severity: Medium | 💰 100 USD
🔹 Reported To: VK.com
🔹 Reported By: #executor
🔹 State: 🟢 Resolved
🔹 Disclosed: November 5, 2021, 3:59pm (UTC)
Reflected XSS в m.vk.com
👉 https://hackerone.com/reports/311913
🔹 Severity: High | 💰 500 USD
🔹 Reported To: VK.com
🔹 Reported By: #executor
🔹 State: 🟢 Resolved
🔹 Disclosed: November 5, 2021, 4:06pm (UTC)
👉 https://hackerone.com/reports/311913
🔹 Severity: High | 💰 500 USD
🔹 Reported To: VK.com
🔹 Reported By: #executor
🔹 State: 🟢 Resolved
🔹 Disclosed: November 5, 2021, 4:06pm (UTC)
Reflected xss в m.vk.com/chatjoin
👉 https://hackerone.com/reports/316475
🔹 Severity: High | 💰 500 USD
🔹 Reported To: VK.com
🔹 Reported By: #executor
🔹 State: 🟢 Resolved
🔹 Disclosed: November 5, 2021, 4:07pm (UTC)
👉 https://hackerone.com/reports/316475
🔹 Severity: High | 💰 500 USD
🔹 Reported To: VK.com
🔹 Reported By: #executor
🔹 State: 🟢 Resolved
🔹 Disclosed: November 5, 2021, 4:07pm (UTC)
CSRF на загрузку аудиозаписей
👉 https://hackerone.com/reports/329345
🔹 Severity: Medium | 💰 100 USD
🔹 Reported To: VK.com
🔹 Reported By: #executor
🔹 State: 🟢 Resolved
🔹 Disclosed: November 5, 2021, 4:10pm (UTC)
👉 https://hackerone.com/reports/329345
🔹 Severity: Medium | 💰 100 USD
🔹 Reported To: VK.com
🔹 Reported By: #executor
🔹 State: 🟢 Resolved
🔹 Disclosed: November 5, 2021, 4:10pm (UTC)
Злом (virus).. Смотрим кто голосовал в анонимном опросе!!
👉 https://hackerone.com/reports/388143
🔹 Severity: Medium | 💰 200 USD
🔹 Reported To: VK.com
🔹 Reported By: #executor
🔹 State: 🟢 Resolved
🔹 Disclosed: November 5, 2021, 4:12pm (UTC)
👉 https://hackerone.com/reports/388143
🔹 Severity: Medium | 💰 200 USD
🔹 Reported To: VK.com
🔹 Reported By: #executor
🔹 State: 🟢 Resolved
🔹 Disclosed: November 5, 2021, 4:12pm (UTC)
Open redirect на мобильной версии в контакте (m.vk.com
👉 https://hackerone.com/reports/456963
🔹 Severity: Medium | 💰 300 USD
🔹 Reported To: VK.com
🔹 Reported By: #executor
🔹 State: 🟢 Resolved
🔹 Disclosed: November 5, 2021, 4:14pm (UTC)
👉 https://hackerone.com/reports/456963
🔹 Severity: Medium | 💰 300 USD
🔹 Reported To: VK.com
🔹 Reported By: #executor
🔹 State: 🟢 Resolved
🔹 Disclosed: November 5, 2021, 4:14pm (UTC)
Просмотр новых фотографии со стены частной/закрытой группы или закрытого профиля.
👉 https://hackerone.com/reports/463902
🔹 Severity: Medium | 💰 300 USD
🔹 Reported To: VK.com
🔹 Reported By: #executor
🔹 State: 🟢 Resolved
🔹 Disclosed: November 5, 2021, 4:15pm (UTC)
👉 https://hackerone.com/reports/463902
🔹 Severity: Medium | 💰 300 USD
🔹 Reported To: VK.com
🔹 Reported By: #executor
🔹 State: 🟢 Resolved
🔹 Disclosed: November 5, 2021, 4:15pm (UTC)
Загружаем видеозаписи в основной альбом любой открытой группе/паблику.
👉 https://hackerone.com/reports/508506
🔹 Severity: High | 💰 300 USD
🔹 Reported To: VK.com
🔹 Reported By: #executor
🔹 State: 🟢 Resolved
🔹 Disclosed: November 5, 2021, 4:17pm (UTC)
👉 https://hackerone.com/reports/508506
🔹 Severity: High | 💰 300 USD
🔹 Reported To: VK.com
🔹 Reported By: #executor
🔹 State: 🟢 Resolved
🔹 Disclosed: November 5, 2021, 4:17pm (UTC)
Reflected xss в m.vk.com/chatjoin
👉 https://hackerone.com/reports/1370240
🔹 Severity: Medium
🔹 Reported To: VK.com
🔹 Reported By: #executor
🔹 State: 🟢 Resolved
🔹 Disclosed: November 5, 2021, 4:22pm (UTC)
👉 https://hackerone.com/reports/1370240
🔹 Severity: Medium
🔹 Reported To: VK.com
🔹 Reported By: #executor
🔹 State: 🟢 Resolved
🔹 Disclosed: November 5, 2021, 4:22pm (UTC)
CSRF в виджетах
👉 https://hackerone.com/reports/1091296
🔹 Severity: No Rating | 💰 100 USD
🔹 Reported To: VK.com
🔹 Reported By: #circuit
🔹 State: 🟢 Resolved
🔹 Disclosed: November 5, 2021, 4:30pm (UTC)
👉 https://hackerone.com/reports/1091296
🔹 Severity: No Rating | 💰 100 USD
🔹 Reported To: VK.com
🔹 Reported By: #circuit
🔹 State: 🟢 Resolved
🔹 Disclosed: November 5, 2021, 4:30pm (UTC)
Path Traversal CVE-2021-26086 CVE-2021-26085
👉 https://hackerone.com/reports/1369288
🔹 Severity: Medium
🔹 Reported To: MariaDB
🔹 Reported By: #kljunowsky
🔹 State: 🟤 Duplicate
🔹 Disclosed: November 5, 2021, 5:33pm (UTC)
👉 https://hackerone.com/reports/1369288
🔹 Severity: Medium
🔹 Reported To: MariaDB
🔹 Reported By: #kljunowsky
🔹 State: 🟤 Duplicate
🔹 Disclosed: November 5, 2021, 5:33pm (UTC)
clickjacking on deleting user's clips [https://crossclip.com/clips]
👉 https://hackerone.com/reports/1294767
🔹 Severity: Low
🔹 Reported To: Logitech
🔹 Reported By: #hacking_fox
🔹 State: 🟢 Resolved
🔹 Disclosed: November 5, 2021, 8:39pm (UTC)
👉 https://hackerone.com/reports/1294767
🔹 Severity: Low
🔹 Reported To: Logitech
🔹 Reported By: #hacking_fox
🔹 State: 🟢 Resolved
🔹 Disclosed: November 5, 2021, 8:39pm (UTC)