Reflected Cross-Site Scripting/HTML Injection
👉 https://hackerone.com/reports/1379158
🔹 Severity: Low
🔹 Reported To: Informatica
🔹 Reported By: #jak0_
🔹 State: 🟢 Resolved
🔹 Disclosed: December 17, 2021, 4:54pm (UTC)
👉 https://hackerone.com/reports/1379158
🔹 Severity: Low
🔹 Reported To: Informatica
🔹 Reported By: #jak0_
🔹 State: 🟢 Resolved
🔹 Disclosed: December 17, 2021, 4:54pm (UTC)
html injection at judge.me
👉 https://hackerone.com/reports/1036995
🔹 Severity: No Rating
🔹 Reported To: Judge.me
🔹 Reported By: #0xteles
🔹 State: ⚪️ Informative
🔹 Disclosed: December 17, 2021, 5:44pm (UTC)
👉 https://hackerone.com/reports/1036995
🔹 Severity: No Rating
🔹 Reported To: Judge.me
🔹 Reported By: #0xteles
🔹 State: ⚪️ Informative
🔹 Disclosed: December 17, 2021, 5:44pm (UTC)
Flickr Account Takeover using AWS Cognito API
👉 https://hackerone.com/reports/1342088
🔹 Severity: Critical | 💰 7,550 USD
🔹 Reported To: Flickr
🔹 Reported By: #lauritz
🔹 State: 🟢 Resolved
🔹 Disclosed: December 18, 2021, 12:35am (UTC)
👉 https://hackerone.com/reports/1342088
🔹 Severity: Critical | 💰 7,550 USD
🔹 Reported To: Flickr
🔹 Reported By: #lauritz
🔹 State: 🟢 Resolved
🔹 Disclosed: December 18, 2021, 12:35am (UTC)
HTML injection in email content during registration via FirstName/LastName parameter
👉 https://hackerone.com/reports/1256496
🔹 Severity: Medium
🔹 Reported To: MTN Group
🔹 Reported By: #ibrahimatix_
🔹 State: 🟢 Resolved
🔹 Disclosed: December 18, 2021, 9:42am (UTC)
👉 https://hackerone.com/reports/1256496
🔹 Severity: Medium
🔹 Reported To: MTN Group
🔹 Reported By: #ibrahimatix_
🔹 State: 🟢 Resolved
🔹 Disclosed: December 18, 2021, 9:42am (UTC)
Stored XSS on 1.4.0
👉 https://hackerone.com/reports/1331281
🔹 Severity: Medium
🔹 Reported To: ImpressCMS
🔹 Reported By: #tehwinsam
🔹 State: 🟢 Resolved
🔹 Disclosed: December 18, 2021, 2:32pm (UTC)
👉 https://hackerone.com/reports/1331281
🔹 Severity: Medium
🔹 Reported To: ImpressCMS
🔹 Reported By: #tehwinsam
🔹 State: 🟢 Resolved
🔹 Disclosed: December 18, 2021, 2:32pm (UTC)
Dependency repository hijacking aka Repo Jacking from GitHub repo rubygems/bundler-site & rubygems/bundler.github.io + bundler.io docs
👉 https://hackerone.com/reports/1430405
🔹 Severity: Medium
🔹 Reported To: RubyGems
🔹 Reported By: #akincibor
🔹 State: ⚪️ Informative
🔹 Disclosed: December 19, 2021, 11:12am (UTC)
👉 https://hackerone.com/reports/1430405
🔹 Severity: Medium
🔹 Reported To: RubyGems
🔹 Reported By: #akincibor
🔹 State: ⚪️ Informative
🔹 Disclosed: December 19, 2021, 11:12am (UTC)
Open redirect (DOM-based) on av.ru via "return_url" parameter (Login form)
👉 https://hackerone.com/reports/958864
🔹 Severity: Medium | 💰 100 USD
🔹 Reported To: Azbuka Vkusa
🔹 Reported By: #zophi
🔹 State: 🟢 Resolved
🔹 Disclosed: December 19, 2021, 1:43pm (UTC)
👉 https://hackerone.com/reports/958864
🔹 Severity: Medium | 💰 100 USD
🔹 Reported To: Azbuka Vkusa
🔹 Reported By: #zophi
🔹 State: 🟢 Resolved
🔹 Disclosed: December 19, 2021, 1:43pm (UTC)
Unauthorized access to choice.av.ru control panel
👉 https://hackerone.com/reports/963161
🔹 Severity: Medium | 💰 100 USD
🔹 Reported To: Azbuka Vkusa
🔹 Reported By: #wocat
🔹 State: 🟢 Resolved
🔹 Disclosed: December 19, 2021, 1:52pm (UTC)
👉 https://hackerone.com/reports/963161
🔹 Severity: Medium | 💰 100 USD
🔹 Reported To: Azbuka Vkusa
🔹 Reported By: #wocat
🔹 State: 🟢 Resolved
🔹 Disclosed: December 19, 2021, 1:52pm (UTC)
Log4j RCE on https://judge.me/reviews
👉 https://hackerone.com/reports/1427589
🔹 Severity: No Rating | 💰 50 USD
🔹 Reported To: Judge.me
🔹 Reported By: #bhishma14
🔹 State: 🟢 Resolved
🔹 Disclosed: December 21, 2021, 8:57am (UTC)
👉 https://hackerone.com/reports/1427589
🔹 Severity: No Rating | 💰 50 USD
🔹 Reported To: Judge.me
🔹 Reported By: #bhishma14
🔹 State: 🟢 Resolved
🔹 Disclosed: December 21, 2021, 8:57am (UTC)
admin password disclosure via log file
👉 https://hackerone.com/reports/1121972
🔹 Severity: Medium | 💰 100 USD
🔹 Reported To: Acronis
🔹 Reported By: #darkdream
🔹 State: 🟢 Resolved
🔹 Disclosed: December 21, 2021, 9:31am (UTC)
👉 https://hackerone.com/reports/1121972
🔹 Severity: Medium | 💰 100 USD
🔹 Reported To: Acronis
🔹 Reported By: #darkdream
🔹 State: 🟢 Resolved
🔹 Disclosed: December 21, 2021, 9:31am (UTC)
Rxss on █████████ via logout?service=javanoscript:alert(1)
👉 https://hackerone.com/reports/1406598
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #xko2x
🔹 State: 🟢 Resolved
🔹 Disclosed: December 22, 2021, 4:21pm (UTC)
👉 https://hackerone.com/reports/1406598
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #xko2x
🔹 State: 🟢 Resolved
🔹 Disclosed: December 22, 2021, 4:21pm (UTC)
Угон домена photo-test.gb.ru (возможно)
👉 https://hackerone.com/reports/1257091
🔹 Severity: Low
🔹 Reported To: Mail.ru
🔹 Reported By: #rivalsec
🔹 State: 🟢 Resolved
🔹 Disclosed: December 22, 2021, 9:51pm (UTC)
👉 https://hackerone.com/reports/1257091
🔹 Severity: Low
🔹 Reported To: Mail.ru
🔹 Reported By: #rivalsec
🔹 State: 🟢 Resolved
🔹 Disclosed: December 22, 2021, 9:51pm (UTC)
Cache Poisoning DoS on updates.rockstargames.com
👉 https://hackerone.com/reports/1219038
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Rockstar Games
🔹 Reported By: #youstin
🔹 State: 🟢 Resolved
🔹 Disclosed: December 22, 2021, 11:36pm (UTC)
👉 https://hackerone.com/reports/1219038
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Rockstar Games
🔹 Reported By: #youstin
🔹 State: 🟢 Resolved
🔹 Disclosed: December 22, 2021, 11:36pm (UTC)
Cache poisoning Denial of Service affecting assets.gitlab-static.net
👉 https://hackerone.com/reports/1160407
🔹 Severity: High | 💰 4,850 USD
🔹 Reported To: GitLab
🔹 Reported By: #youstin
🔹 State: 🟢 Resolved
🔹 Disclosed: December 22, 2021, 11:36pm (UTC)
👉 https://hackerone.com/reports/1160407
🔹 Severity: High | 💰 4,850 USD
🔹 Reported To: GitLab
🔹 Reported By: #youstin
🔹 State: 🟢 Resolved
🔹 Disclosed: December 22, 2021, 11:36pm (UTC)
Static files on HackerOne.com can be made inaccessible through Cache Poisoning attack
👉 https://hackerone.com/reports/1181946
🔹 Severity: Medium | 💰 2,500 USD
🔹 Reported To: HackerOne
🔹 Reported By: #youstin
🔹 State: 🟢 Resolved
🔹 Disclosed: December 22, 2021, 11:36pm (UTC)
👉 https://hackerone.com/reports/1181946
🔹 Severity: Medium | 💰 2,500 USD
🔹 Reported To: HackerOne
🔹 Reported By: #youstin
🔹 State: 🟢 Resolved
🔹 Disclosed: December 22, 2021, 11:36pm (UTC)
Cache Poisoning DoS on downloads.exodus.com
👉 https://hackerone.com/reports/1173153
🔹 Severity: High | 💰 2,500 USD
🔹 Reported To: Exodus
🔹 Reported By: #youstin
🔹 State: 🟢 Resolved
🔹 Disclosed: December 22, 2021, 11:36pm (UTC)
👉 https://hackerone.com/reports/1173153
🔹 Severity: High | 💰 2,500 USD
🔹 Reported To: Exodus
🔹 Reported By: #youstin
🔹 State: 🟢 Resolved
🔹 Disclosed: December 22, 2021, 11:36pm (UTC)
Reflected XSS at dailydeals.mtn.co.za
👉 https://hackerone.com/reports/1210921
🔹 Severity: Medium
🔹 Reported To: MTN Group
🔹 Reported By: #musab_alharany
🔹 State: 🟢 Resolved
🔹 Disclosed: December 24, 2021, 8:49am (UTC)
👉 https://hackerone.com/reports/1210921
🔹 Severity: Medium
🔹 Reported To: MTN Group
🔹 Reported By: #musab_alharany
🔹 State: 🟢 Resolved
🔹 Disclosed: December 24, 2021, 8:49am (UTC)
Reflected XSS on dailydeals.mtn.co.za
👉 https://hackerone.com/reports/1212235
🔹 Severity: Medium
🔹 Reported To: MTN Group
🔹 Reported By: #musab_alharany
🔹 State: 🟢 Resolved
🔹 Disclosed: December 24, 2021, 8:49am (UTC)
👉 https://hackerone.com/reports/1212235
🔹 Severity: Medium
🔹 Reported To: MTN Group
🔹 Reported By: #musab_alharany
🔹 State: 🟢 Resolved
🔹 Disclosed: December 24, 2021, 8:49am (UTC)
Xss At Shopify Email App
👉 https://hackerone.com/reports/1339356
🔹 Severity: Low | 💰 500 USD
🔹 Reported To: Shopify
🔹 Reported By: #shaktiranjan867
🔹 State: 🟢 Resolved
🔹 Disclosed: December 24, 2021, 9:33am (UTC)
👉 https://hackerone.com/reports/1339356
🔹 Severity: Low | 💰 500 USD
🔹 Reported To: Shopify
🔹 Reported By: #shaktiranjan867
🔹 State: 🟢 Resolved
🔹 Disclosed: December 24, 2021, 9:33am (UTC)
Full Path Disclosure in Wordpress Rest API Response
👉 https://hackerone.com/reports/1358888
🔹 Severity: Medium | 💰 50 USD
🔹 Reported To: Showmax
🔹 Reported By: #fariqfgi
🔹 State: 🟢 Resolved
🔹 Disclosed: December 24, 2021, 3:22pm (UTC)
👉 https://hackerone.com/reports/1358888
🔹 Severity: Medium | 💰 50 USD
🔹 Reported To: Showmax
🔹 Reported By: #fariqfgi
🔹 State: 🟢 Resolved
🔹 Disclosed: December 24, 2021, 3:22pm (UTC)
LINE Profile ID leaks in OpenChat
👉 https://hackerone.com/reports/927338
🔹 Severity: High | 💰 3,000 USD
🔹 Reported To: LINE
🔹 Reported By: #66ed3gs
🔹 State: 🟢 Resolved
🔹 Disclosed: December 27, 2021, 1:39am (UTC)
👉 https://hackerone.com/reports/927338
🔹 Severity: High | 💰 3,000 USD
🔹 Reported To: LINE
🔹 Reported By: #66ed3gs
🔹 State: 🟢 Resolved
🔹 Disclosed: December 27, 2021, 1:39am (UTC)