Просмотр аттачей удаленного сообщения.....
👉 https://hackerone.com/reports/505336
🔹 Severity: Low | 💰 200 USD
🔹 Reported To: VK.com
🔹 Reported By: #executor
🔹 State: 🟢 Resolved
🔹 Disclosed: December 1, 2021, 6:15am (UTC)
👉 https://hackerone.com/reports/505336
🔹 Severity: Low | 💰 200 USD
🔹 Reported To: VK.com
🔹 Reported By: #executor
🔹 State: 🟢 Resolved
🔹 Disclosed: December 1, 2021, 6:15am (UTC)
Reflected XSS in photogallery component on [https://market.av.ru]
👉 https://hackerone.com/reports/988271
🔹 Severity: Medium | 💰 100 USD
🔹 Reported To: Azbuka Vkusa
🔹 Reported By: #haxta4ok00
🔹 State: 🟢 Resolved
🔹 Disclosed: December 1, 2021, 8:14am (UTC)
👉 https://hackerone.com/reports/988271
🔹 Severity: Medium | 💰 100 USD
🔹 Reported To: Azbuka Vkusa
🔹 Reported By: #haxta4ok00
🔹 State: 🟢 Resolved
🔹 Disclosed: December 1, 2021, 8:14am (UTC)
Stored XSS on https://community.my.games/ (Add Post)
👉 https://hackerone.com/reports/755322
🔹 Severity: Medium
🔹 Reported To: Mail.ru
🔹 Reported By: #c1kada
🔹 State: 🟢 Resolved
🔹 Disclosed: December 1, 2021, 9:07am (UTC)
👉 https://hackerone.com/reports/755322
🔹 Severity: Medium
🔹 Reported To: Mail.ru
🔹 Reported By: #c1kada
🔹 State: 🟢 Resolved
🔹 Disclosed: December 1, 2021, 9:07am (UTC)
Privilege Escalation leads to trash other users comment without having admin rights.
👉 https://hackerone.com/reports/1307943
🔹 Severity: Low | 💰 200 USD
🔹 Reported To: Basecamp
🔹 Reported By: #fuzzsqlb0f
🔹 State: 🟢 Resolved
🔹 Disclosed: December 1, 2021, 11:24am (UTC)
👉 https://hackerone.com/reports/1307943
🔹 Severity: Low | 💰 200 USD
🔹 Reported To: Basecamp
🔹 Reported By: #fuzzsqlb0f
🔹 State: 🟢 Resolved
🔹 Disclosed: December 1, 2021, 11:24am (UTC)
account takeover through password reset in url https://reklama.tochka.com/
👉 https://hackerone.com/reports/1379842
🔹 Severity: High | 💰 500 USD
🔹 Reported To: QIWI
🔹 Reported By: #anonymouus
🔹 State: 🟢 Resolved
🔹 Disclosed: December 2, 2021, 12:58pm (UTC)
👉 https://hackerone.com/reports/1379842
🔹 Severity: High | 💰 500 USD
🔹 Reported To: QIWI
🔹 Reported By: #anonymouus
🔹 State: 🟢 Resolved
🔹 Disclosed: December 2, 2021, 12:58pm (UTC)
CSS injection via link tag whitelisted-domain bypass - https://www.glassdoor.com
👉 https://hackerone.com/reports/1250730
🔹 Severity: Low | 💰 100 USD
🔹 Reported To: Glassdoor
🔹 Reported By: #zonduu
🔹 State: 🟢 Resolved
🔹 Disclosed: December 2, 2021, 5:17pm (UTC)
👉 https://hackerone.com/reports/1250730
🔹 Severity: Low | 💰 100 USD
🔹 Reported To: Glassdoor
🔹 Reported By: #zonduu
🔹 State: 🟢 Resolved
🔹 Disclosed: December 2, 2021, 5:17pm (UTC)
Bypassing HTML filter in "Packing Slip Template" Lead to SSRF to Internal Kubernetes Endpoints
👉 https://hackerone.com/reports/1115139
🔹 Severity: Low | 💰 500 USD
🔹 Reported To: Shopify
🔹 Reported By: #cthulhufhtagn
🔹 State: 🟢 Resolved
🔹 Disclosed: December 2, 2021, 8:38pm (UTC)
👉 https://hackerone.com/reports/1115139
🔹 Severity: Low | 💰 500 USD
🔹 Reported To: Shopify
🔹 Reported By: #cthulhufhtagn
🔹 State: 🟢 Resolved
🔹 Disclosed: December 2, 2021, 8:38pm (UTC)
Stored XSS in files.slack.com
👉 https://hackerone.com/reports/827606
🔹 Severity: Medium | 💰 1,000 USD
🔹 Reported To: Slack
🔹 Reported By: #oskarsv
🔹 State: 🟢 Resolved
🔹 Disclosed: December 2, 2021, 10:39pm (UTC)
👉 https://hackerone.com/reports/827606
🔹 Severity: Medium | 💰 1,000 USD
🔹 Reported To: Slack
🔹 Reported By: #oskarsv
🔹 State: 🟢 Resolved
🔹 Disclosed: December 2, 2021, 10:39pm (UTC)
Unathorised access to admin endpoint on plus-website-staging5.shopifycloud.com
👉 https://hackerone.com/reports/1394982
🔹 Severity: Medium | 💰 2,900 USD
🔹 Reported To: Shopify
🔹 Reported By: #j0j0
🔹 State: 🟢 Resolved
🔹 Disclosed: December 3, 2021, 12:50pm (UTC)
👉 https://hackerone.com/reports/1394982
🔹 Severity: Medium | 💰 2,900 USD
🔹 Reported To: Shopify
🔹 Reported By: #j0j0
🔹 State: 🟢 Resolved
🔹 Disclosed: December 3, 2021, 12:50pm (UTC)
Ability to add address without being an admin or staff in the store via wholesale store
👉 https://hackerone.com/reports/1279322
🔹 Severity: Low | 💰 500 USD
🔹 Reported To: Shopify
🔹 Reported By: #hydraxanon82
🔹 State: 🟢 Resolved
🔹 Disclosed: December 3, 2021, 1:02pm (UTC)
👉 https://hackerone.com/reports/1279322
🔹 Severity: Low | 💰 500 USD
🔹 Reported To: Shopify
🔹 Reported By: #hydraxanon82
🔹 State: 🟢 Resolved
🔹 Disclosed: December 3, 2021, 1:02pm (UTC)
File System Monitoring Queue Overflow
👉 https://hackerone.com/reports/881891
🔹 Severity: Low
🔹 Reported To: ownCloud
🔹 Reported By: #ihsinme
🔹 State: ⚪️ Informative
🔹 Disclosed: December 3, 2021, 2:01pm (UTC)
👉 https://hackerone.com/reports/881891
🔹 Severity: Low
🔹 Reported To: ownCloud
🔹 Reported By: #ihsinme
🔹 State: ⚪️ Informative
🔹 Disclosed: December 3, 2021, 2:01pm (UTC)
access to stack memory beyond array boundaries
👉 https://hackerone.com/reports/796555
🔹 Severity: Medium | 💰 400 USD
🔹 Reported To: Open-Xchange
🔹 Reported By: #ihsinme
🔹 State: 🟢 Resolved
🔹 Disclosed: December 3, 2021, 2:05pm (UTC)
👉 https://hackerone.com/reports/796555
🔹 Severity: Medium | 💰 400 USD
🔹 Reported To: Open-Xchange
🔹 Reported By: #ihsinme
🔹 State: 🟢 Resolved
🔹 Disclosed: December 3, 2021, 2:05pm (UTC)
[h1-2102] [Yaworski's Broskis] Suspected overcharge and chargebacks in PoS
👉 https://hackerone.com/reports/1089978
🔹 Severity: Low | 💰 500 USD
🔹 Reported To: Shopify
🔹 Reported By: #c0rv4x
🔹 State: 🟢 Resolved
🔹 Disclosed: December 3, 2021, 2:51pm (UTC)
👉 https://hackerone.com/reports/1089978
🔹 Severity: Low | 💰 500 USD
🔹 Reported To: Shopify
🔹 Reported By: #c0rv4x
🔹 State: 🟢 Resolved
🔹 Disclosed: December 3, 2021, 2:51pm (UTC)
IDOR the ability to view support tickets of any user on seller platform
👉 https://hackerone.com/reports/1392630
🔹 Severity: Medium | 💰 2,500 USD
🔹 Reported To: TikTok
🔹 Reported By: #lewaperbb
🔹 State: 🟢 Resolved
🔹 Disclosed: December 3, 2021, 11:35pm (UTC)
👉 https://hackerone.com/reports/1392630
🔹 Severity: Medium | 💰 2,500 USD
🔹 Reported To: TikTok
🔹 Reported By: #lewaperbb
🔹 State: 🟢 Resolved
🔹 Disclosed: December 3, 2021, 11:35pm (UTC)
reflected xss on the path m.tiktok.com
👉 https://hackerone.com/reports/1394440
🔹 Severity: Medium | 💰 1,000 USD
🔹 Reported To: TikTok
🔹 Reported By: #semsem123
🔹 State: 🟢 Resolved
🔹 Disclosed: December 3, 2021, 11:38pm (UTC)
👉 https://hackerone.com/reports/1394440
🔹 Severity: Medium | 💰 1,000 USD
🔹 Reported To: TikTok
🔹 Reported By: #semsem123
🔹 State: 🟢 Resolved
🔹 Disclosed: December 3, 2021, 11:38pm (UTC)
Staff can use BULK_OPERATIONS_FINISH webhook topic using Graphql without permissions all
👉 https://hackerone.com/reports/1350095
🔹 Severity: Medium | 💰 600 USD
🔹 Reported To: Shopify
🔹 Reported By: #yinvi777
🔹 State: 🟢 Resolved
🔹 Disclosed: December 4, 2021, 1:04am (UTC)
👉 https://hackerone.com/reports/1350095
🔹 Severity: Medium | 💰 600 USD
🔹 Reported To: Shopify
🔹 Reported By: #yinvi777
🔹 State: 🟢 Resolved
🔹 Disclosed: December 4, 2021, 1:04am (UTC)
Authenticated kubernetes principal with restricted permissions can retrieve ingress-nginx serviceaccount token and secrets across all namespaces
👉 https://hackerone.com/reports/1249583
🔹 Severity: High | 💰 2,500 USD
🔹 Reported To: Kubernetes
🔹 Reported By: #libio
🔹 State: 🟢 Resolved
🔹 Disclosed: December 4, 2021, 10:16am (UTC)
👉 https://hackerone.com/reports/1249583
🔹 Severity: High | 💰 2,500 USD
🔹 Reported To: Kubernetes
🔹 Reported By: #libio
🔹 State: 🟢 Resolved
🔹 Disclosed: December 4, 2021, 10:16am (UTC)
Recaptcha Secret key Leaked
👉 https://hackerone.com/reports/1416665
🔹 Severity: High
🔹 Reported To: Paragon Initiative Enterprises
🔹 Reported By: #kashifinfo90
🔹 State: ⚪️ Informative
🔹 Disclosed: December 4, 2021, 6:07pm (UTC)
👉 https://hackerone.com/reports/1416665
🔹 Severity: High
🔹 Reported To: Paragon Initiative Enterprises
🔹 Reported By: #kashifinfo90
🔹 State: ⚪️ Informative
🔹 Disclosed: December 4, 2021, 6:07pm (UTC)
[h1-2102] Wholesale - CSRF to Generate Invitation Token for a Customer and Move Customer to Invited Status
👉 https://hackerone.com/reports/1091209
🔹 Severity: Low | 💰 500 USD
🔹 Reported To: Shopify
🔹 Reported By: #rhynorater
🔹 State: 🟢 Resolved
🔹 Disclosed: December 6, 2021, 1:26am (UTC)
👉 https://hackerone.com/reports/1091209
🔹 Severity: Low | 💰 500 USD
🔹 Reported To: Shopify
🔹 Reported By: #rhynorater
🔹 State: 🟢 Resolved
🔹 Disclosed: December 6, 2021, 1:26am (UTC)
xss is triggered on your web
👉 https://hackerone.com/reports/1121900
🔹 Severity: Medium | 💰 2,900 USD
🔹 Reported To: Shopify
🔹 Reported By: #jaka_tingkir
🔹 State: 🟢 Resolved
🔹 Disclosed: December 6, 2021, 5:34am (UTC)
👉 https://hackerone.com/reports/1121900
🔹 Severity: Medium | 💰 2,900 USD
🔹 Reported To: Shopify
🔹 Reported By: #jaka_tingkir
🔹 State: 🟢 Resolved
🔹 Disclosed: December 6, 2021, 5:34am (UTC)
IDOR to view order information of users and personal information
👉 https://hackerone.com/reports/1323406
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Affirm
🔹 Reported By: #xfiltrer
🔹 State: 🟢 Resolved
🔹 Disclosed: December 6, 2021, 6:39pm (UTC)
👉 https://hackerone.com/reports/1323406
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Affirm
🔹 Reported By: #xfiltrer
🔹 State: 🟢 Resolved
🔹 Disclosed: December 6, 2021, 6:39pm (UTC)