admin password disclosure via log file
👉 https://hackerone.com/reports/1121972
🔹 Severity: Medium | 💰 100 USD
🔹 Reported To: Acronis
🔹 Reported By: #darkdream
🔹 State: 🟢 Resolved
🔹 Disclosed: December 21, 2021, 9:31am (UTC)
👉 https://hackerone.com/reports/1121972
🔹 Severity: Medium | 💰 100 USD
🔹 Reported To: Acronis
🔹 Reported By: #darkdream
🔹 State: 🟢 Resolved
🔹 Disclosed: December 21, 2021, 9:31am (UTC)
Rxss on █████████ via logout?service=javanoscript:alert(1)
👉 https://hackerone.com/reports/1406598
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #xko2x
🔹 State: 🟢 Resolved
🔹 Disclosed: December 22, 2021, 4:21pm (UTC)
👉 https://hackerone.com/reports/1406598
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #xko2x
🔹 State: 🟢 Resolved
🔹 Disclosed: December 22, 2021, 4:21pm (UTC)
Угон домена photo-test.gb.ru (возможно)
👉 https://hackerone.com/reports/1257091
🔹 Severity: Low
🔹 Reported To: Mail.ru
🔹 Reported By: #rivalsec
🔹 State: 🟢 Resolved
🔹 Disclosed: December 22, 2021, 9:51pm (UTC)
👉 https://hackerone.com/reports/1257091
🔹 Severity: Low
🔹 Reported To: Mail.ru
🔹 Reported By: #rivalsec
🔹 State: 🟢 Resolved
🔹 Disclosed: December 22, 2021, 9:51pm (UTC)
Cache Poisoning DoS on updates.rockstargames.com
👉 https://hackerone.com/reports/1219038
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Rockstar Games
🔹 Reported By: #youstin
🔹 State: 🟢 Resolved
🔹 Disclosed: December 22, 2021, 11:36pm (UTC)
👉 https://hackerone.com/reports/1219038
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Rockstar Games
🔹 Reported By: #youstin
🔹 State: 🟢 Resolved
🔹 Disclosed: December 22, 2021, 11:36pm (UTC)
Cache poisoning Denial of Service affecting assets.gitlab-static.net
👉 https://hackerone.com/reports/1160407
🔹 Severity: High | 💰 4,850 USD
🔹 Reported To: GitLab
🔹 Reported By: #youstin
🔹 State: 🟢 Resolved
🔹 Disclosed: December 22, 2021, 11:36pm (UTC)
👉 https://hackerone.com/reports/1160407
🔹 Severity: High | 💰 4,850 USD
🔹 Reported To: GitLab
🔹 Reported By: #youstin
🔹 State: 🟢 Resolved
🔹 Disclosed: December 22, 2021, 11:36pm (UTC)
Static files on HackerOne.com can be made inaccessible through Cache Poisoning attack
👉 https://hackerone.com/reports/1181946
🔹 Severity: Medium | 💰 2,500 USD
🔹 Reported To: HackerOne
🔹 Reported By: #youstin
🔹 State: 🟢 Resolved
🔹 Disclosed: December 22, 2021, 11:36pm (UTC)
👉 https://hackerone.com/reports/1181946
🔹 Severity: Medium | 💰 2,500 USD
🔹 Reported To: HackerOne
🔹 Reported By: #youstin
🔹 State: 🟢 Resolved
🔹 Disclosed: December 22, 2021, 11:36pm (UTC)
Cache Poisoning DoS on downloads.exodus.com
👉 https://hackerone.com/reports/1173153
🔹 Severity: High | 💰 2,500 USD
🔹 Reported To: Exodus
🔹 Reported By: #youstin
🔹 State: 🟢 Resolved
🔹 Disclosed: December 22, 2021, 11:36pm (UTC)
👉 https://hackerone.com/reports/1173153
🔹 Severity: High | 💰 2,500 USD
🔹 Reported To: Exodus
🔹 Reported By: #youstin
🔹 State: 🟢 Resolved
🔹 Disclosed: December 22, 2021, 11:36pm (UTC)
Reflected XSS at dailydeals.mtn.co.za
👉 https://hackerone.com/reports/1210921
🔹 Severity: Medium
🔹 Reported To: MTN Group
🔹 Reported By: #musab_alharany
🔹 State: 🟢 Resolved
🔹 Disclosed: December 24, 2021, 8:49am (UTC)
👉 https://hackerone.com/reports/1210921
🔹 Severity: Medium
🔹 Reported To: MTN Group
🔹 Reported By: #musab_alharany
🔹 State: 🟢 Resolved
🔹 Disclosed: December 24, 2021, 8:49am (UTC)
Reflected XSS on dailydeals.mtn.co.za
👉 https://hackerone.com/reports/1212235
🔹 Severity: Medium
🔹 Reported To: MTN Group
🔹 Reported By: #musab_alharany
🔹 State: 🟢 Resolved
🔹 Disclosed: December 24, 2021, 8:49am (UTC)
👉 https://hackerone.com/reports/1212235
🔹 Severity: Medium
🔹 Reported To: MTN Group
🔹 Reported By: #musab_alharany
🔹 State: 🟢 Resolved
🔹 Disclosed: December 24, 2021, 8:49am (UTC)
Xss At Shopify Email App
👉 https://hackerone.com/reports/1339356
🔹 Severity: Low | 💰 500 USD
🔹 Reported To: Shopify
🔹 Reported By: #shaktiranjan867
🔹 State: 🟢 Resolved
🔹 Disclosed: December 24, 2021, 9:33am (UTC)
👉 https://hackerone.com/reports/1339356
🔹 Severity: Low | 💰 500 USD
🔹 Reported To: Shopify
🔹 Reported By: #shaktiranjan867
🔹 State: 🟢 Resolved
🔹 Disclosed: December 24, 2021, 9:33am (UTC)
Full Path Disclosure in Wordpress Rest API Response
👉 https://hackerone.com/reports/1358888
🔹 Severity: Medium | 💰 50 USD
🔹 Reported To: Showmax
🔹 Reported By: #fariqfgi
🔹 State: 🟢 Resolved
🔹 Disclosed: December 24, 2021, 3:22pm (UTC)
👉 https://hackerone.com/reports/1358888
🔹 Severity: Medium | 💰 50 USD
🔹 Reported To: Showmax
🔹 Reported By: #fariqfgi
🔹 State: 🟢 Resolved
🔹 Disclosed: December 24, 2021, 3:22pm (UTC)
LINE Profile ID leaks in OpenChat
👉 https://hackerone.com/reports/927338
🔹 Severity: High | 💰 3,000 USD
🔹 Reported To: LINE
🔹 Reported By: #66ed3gs
🔹 State: 🟢 Resolved
🔹 Disclosed: December 27, 2021, 1:39am (UTC)
👉 https://hackerone.com/reports/927338
🔹 Severity: High | 💰 3,000 USD
🔹 Reported To: LINE
🔹 Reported By: #66ed3gs
🔹 State: 🟢 Resolved
🔹 Disclosed: December 27, 2021, 1:39am (UTC)
Password reset by malicious input on air.line.me
👉 https://hackerone.com/reports/968742
🔹 Severity: No Rating | 💰 500 USD
🔹 Reported To: LINE
🔹 Reported By: #tosun
🔹 State: 🟢 Resolved
🔹 Disclosed: December 27, 2021, 1:40am (UTC)
👉 https://hackerone.com/reports/968742
🔹 Severity: No Rating | 💰 500 USD
🔹 Reported To: LINE
🔹 Reported By: #tosun
🔹 State: 🟢 Resolved
🔹 Disclosed: December 27, 2021, 1:40am (UTC)
Developer uploaded files missing authentication on LINE GAME Developers site(gdc.game.line.me)
👉 https://hackerone.com/reports/969605
🔹 Severity: High | 💰 1,000 USD
🔹 Reported To: LINE
🔹 Reported By: #tosun
🔹 State: 🟢 Resolved
🔹 Disclosed: December 27, 2021, 1:41am (UTC)
👉 https://hackerone.com/reports/969605
🔹 Severity: High | 💰 1,000 USD
🔹 Reported To: LINE
🔹 Reported By: #tosun
🔹 State: 🟢 Resolved
🔹 Disclosed: December 27, 2021, 1:41am (UTC)
Missing ownership check in 2FA for secondary client login
👉 https://hackerone.com/reports/1250474
🔹 Severity: Critical | 💰 7,500 USD
🔹 Reported To: LINE
🔹 Reported By: #shi0n
🔹 State: 🟢 Resolved
🔹 Disclosed: December 27, 2021, 1:45am (UTC)
👉 https://hackerone.com/reports/1250474
🔹 Severity: Critical | 💰 7,500 USD
🔹 Reported To: LINE
🔹 Reported By: #shi0n
🔹 State: 🟢 Resolved
🔹 Disclosed: December 27, 2021, 1:45am (UTC)
See drafts and post articles if the account owner hasn't set password (livedoor CMS plugin)
👉 https://hackerone.com/reports/1278881
🔹 Severity: Critical | 💰 1,300 USD
🔹 Reported To: LINE
🔹 Reported By: #akichia
🔹 State: 🟢 Resolved
🔹 Disclosed: December 27, 2021, 1:47am (UTC)
👉 https://hackerone.com/reports/1278881
🔹 Severity: Critical | 💰 1,300 USD
🔹 Reported To: LINE
🔹 Reported By: #akichia
🔹 State: 🟢 Resolved
🔹 Disclosed: December 27, 2021, 1:47am (UTC)
Missing authentication in buddy group API of LINE TIMELINE
👉 https://hackerone.com/reports/1283938
🔹 Severity: Medium | 💰 3,000 USD
🔹 Reported To: LINE
🔹 Reported By: #e26174222
🔹 State: 🟢 Resolved
🔹 Disclosed: December 27, 2021, 1:47am (UTC)
👉 https://hackerone.com/reports/1283938
🔹 Severity: Medium | 💰 3,000 USD
🔹 Reported To: LINE
🔹 Reported By: #e26174222
🔹 State: 🟢 Resolved
🔹 Disclosed: December 27, 2021, 1:47am (UTC)
Access to images and videos in drafts on LINE BLOG
👉 https://hackerone.com/reports/1290170
🔹 Severity: Medium | 💰 780 USD
🔹 Reported To: LINE
🔹 Reported By: #akichia
🔹 State: 🟢 Resolved
🔹 Disclosed: December 27, 2021, 1:50am (UTC)
👉 https://hackerone.com/reports/1290170
🔹 Severity: Medium | 💰 780 USD
🔹 Reported To: LINE
🔹 Reported By: #akichia
🔹 State: 🟢 Resolved
🔹 Disclosed: December 27, 2021, 1:50am (UTC)
Bot setting information leakage in OpenChat room
👉 https://hackerone.com/reports/1305432
🔹 Severity: Low | 💰 200 USD
🔹 Reported To: LINE
🔹 Reported By: #akichia
🔹 State: 🟢 Resolved
🔹 Disclosed: December 27, 2021, 1:51am (UTC)
👉 https://hackerone.com/reports/1305432
🔹 Severity: Low | 💰 200 USD
🔹 Reported To: LINE
🔹 Reported By: #akichia
🔹 State: 🟢 Resolved
🔹 Disclosed: December 27, 2021, 1:51am (UTC)
Баг с оплатой подписки
👉 https://hackerone.com/reports/1300583
🔹 Severity: Medium | 💰 300 USD
🔹 Reported To: VK.com
🔹 Reported By: #azimoff
🔹 State: 🟢 Resolved
🔹 Disclosed: December 27, 2021, 6:15am (UTC)
👉 https://hackerone.com/reports/1300583
🔹 Severity: Medium | 💰 300 USD
🔹 Reported To: VK.com
🔹 Reported By: #azimoff
🔹 State: 🟢 Resolved
🔹 Disclosed: December 27, 2021, 6:15am (UTC)
SQL Injection leads to retrieve the contents of an entire database.
👉 https://hackerone.com/reports/1002641
🔹 Severity: Critical
🔹 Reported To: BlockDev Sp. Z o.o
🔹 Reported By: #u-itachi
🔹 State: 🟤 Duplicate
🔹 Disclosed: December 29, 2021, 2:28pm (UTC)
👉 https://hackerone.com/reports/1002641
🔹 Severity: Critical
🔹 Reported To: BlockDev Sp. Z o.o
🔹 Reported By: #u-itachi
🔹 State: 🟤 Duplicate
🔹 Disclosed: December 29, 2021, 2:28pm (UTC)