Bugpoint – Telegram
Bugpoint
@bugpoint
1.06K subscribers
3.73K photos
3.73K links
Latest updates about disclosure bug bounty reports: tech details, impacts, bounties 📣

Rate👇
https://cutt.ly/bugpoint_rate
Feedback👇
https://cutt.ly/bugpoint_feedback

#️⃣ bug bounty disclosed reports
#️⃣ bug bounty write-ups
#️⃣ bug bounty teleg
Download Telegram
About
Blog
Apps
Platform
Join
Bugpoint
1.06K subscribers
Bugpoint
OPEN REDIRECT

👉 https://hackerone.com/reports/1369806

🔹 Severity: Low
🔹 Reported To: Nutanix
🔹 Reported By: #kauenavarro
🔹 State: 🟢 Resolved
🔹 Disclosed: January 4, 2022, 4:14pm (UTC)
389 views
Bugpoint
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

👉 https://hackerone.com/reports/1440161

🔹 Severity: Low
🔹 Reported To: 8x8
🔹 Reported By: #n1had
🔹 State: 🟢 Resolved
🔹 Disclosed: January 5, 2022, 2:44am (UTC)
406 views
Bugpoint
ABLE TO TRICK THE VICTIM INTO USING A CRAFTED EMAIL ADDRESS FOR A PARTICULAR SESSION AND THEN LATER TAKE BACK THE ACCOUNT

👉 https://hackerone.com/reports/1357013

🔹 Severity: Low | 💰 150 USD
🔹 Reported To: Mattermost
🔹 Reported By: #at11zt00
🔹 State: 🟢 Resolved
🔹 Disclosed: January 5, 2022, 5:15am (UTC)
458 views
Bugpoint
Subdomain takeover of images.crossinstall.com

👉 https://hackerone.com/reports/1406335

🔹 Severity: High
🔹 Reported To: Twitter
🔹 Reported By: #ian
🔹 State: 🟢 Resolved
🔹 Disclosed: January 5, 2022, 7:58pm (UTC)
474 views
Bugpoint
Grafana LFI on https://grafana.mariadb.org

👉 https://hackerone.com/reports/1419213

🔹 Severity: Medium
🔹 Reported To: MariaDB
🔹 Reported By: #realtess
🔹 State: 🟢 Resolved
🔹 Disclosed: January 6, 2022, 5:57pm (UTC)
529 views
Bugpoint
blog/wp-json/wp/v2/users FILE is enable it will used for bruteforce attack the admin panel at blog/wp-login.php

👉 https://hackerone.com/reports/1403302

🔹 Severity: Medium
🔹 Reported To: Mail.ru
🔹 Reported By: #kassem_s94
🔹 State: 🟢 Resolved
🔹 Disclosed: January 9, 2022, 6:28pm (UTC)
429 views
Bugpoint
Prototype pollution via console.table properties

👉 https://hackerone.com/reports/1431042

🔹 Severity: Low
🔹 Reported To: Node.js
🔹 Reported By: #rugvip
🔹 State: 🟢 Resolved
🔹 Disclosed: January 11, 2022, 5:23pm (UTC)
376 views
Bugpoint
Clickjacking to change email address

👉 https://hackerone.com/reports/783191

🔹 Severity: High
🔹 Reported To: Gener8
🔹 Reported By: #paramdham
🔹 State: 🟢 Resolved
🔹 Disclosed: January 12, 2022, 8:33am (UTC)
342 views
Bugpoint
CSRF to change password

👉 https://hackerone.com/reports/204703

🔹 Severity: Critical | 💰 300 USD
🔹 Reported To: Nord Security
🔹 Reported By: #paramdham
🔹 State: 🟢 Resolved
🔹 Disclosed: January 12, 2022, 8:33am (UTC)
340 views
Bugpoint
Account Takeover via SMS Authentication Flow

👉 https://hackerone.com/reports/1245762

🔹 Severity: High | 💰 1,750 USD
🔹 Reported To: Zenly
🔹 Reported By: #yetanotherhacker
🔹 State: 🟢 Resolved
🔹 Disclosed: January 12, 2022, 10:08am (UTC)
🎉1
338 views
Bugpoint
Friend Request Flow Exposes User Data

👉 https://hackerone.com/reports/1245741

🔹 Severity: Medium | 💰 750 USD
🔹 Reported To: Zenly
🔹 Reported By: #yetanotherhacker
🔹 State: 🟢 Resolved
🔹 Disclosed: January 12, 2022, 10:25am (UTC)
326 views
Bugpoint
[IDOR] Modify other team's reminders via reminderId parameter

👉 https://hackerone.com/reports/946323

🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Lark Technologies
🔹 Reported By: #imran_nisar
🔹 State: 🟢 Resolved
🔹 Disclosed: January 13, 2022, 12:21am (UTC)
334 views
Bugpoint
Reflected xss and open redirect on larksuite.com using /?back_uri= parameter.

👉 https://hackerone.com/reports/955606

🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Lark Technologies
🔹 Reported By: #imran_nisar
🔹 State: 🟢 Resolved
🔹 Disclosed: January 13, 2022, 12:24am (UTC)
👍2🎉2🤮1
352 views
Bugpoint
Disclosure of github access token in config file via nignx off-by-slash

👉 https://hackerone.com/reports/1386547

🔹 Severity: Critical
🔹 Reported To: Adobe
🔹 Reported By: #letm3through
🔹 State: 🟢 Resolved
🔹 Disclosed: January 13, 2022, 6:16pm (UTC)
346 views
Bugpoint
AEM forms XXE Vulnerability

👉 https://hackerone.com/reports/1321070

🔹 Severity: Critical
🔹 Reported To: Adobe
🔹 Reported By: #ismailmuh
🔹 State: 🟢 Resolved
🔹 Disclosed: January 13, 2022, 6:38pm (UTC)
362 views
Bugpoint
Bug Report : [ No Valid SPF Records ]

👉 https://hackerone.com/reports/1301696

🔹 Severity: High
🔹 Reported To: Ruby
🔹 Reported By: #sohaib619
🔹 State: ⚪️ Informative
🔹 Disclosed: January 13, 2022, 10:39pm (UTC)
😱3
359 views
Bugpoint
Deserialization of potentially malicious data to RCE

👉 https://hackerone.com/reports/1415436

🔹 Severity: High
🔹 Reported To: Django
🔹 Reported By: #scaramouche31
🔹 State: ⚪️ Informative
🔹 Disclosed: January 14, 2022, 4:34pm (UTC)
359 views
Bugpoint
SQL Injection and plaintext passwords via User Search

👉 https://hackerone.com/reports/703819

🔹 Severity: High
🔹 Reported To: IBM
🔹 Reported By: #xyantix
🔹 State: 🟢 Resolved
🔹 Disclosed: January 14, 2022, 6:42pm (UTC)
346 views
Bugpoint
Stored xss on helpdesk using user's city

👉 https://hackerone.com/reports/971857

🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Lark Technologies
🔹 Reported By: #imran_nisar
🔹 State: 🟢 Resolved
🔹 Disclosed: January 14, 2022, 8:36pm (UTC)
👍2
354 views
Bugpoint
In orginization stored xss using location (Larksuite survey app)

👉 https://hackerone.com/reports/998138

🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Lark Technologies
🔹 Reported By: #imran_nisar
🔹 State: 🟢 Resolved
🔹 Disclosed: January 14, 2022, 8:41pm (UTC)
👍2
386 views
Bugpoint
Lack of URL normalization renders Blocked-Previews feature ineffectual

👉 https://hackerone.com/reports/1102764

🔹 Severity: Medium | 💰 1,000 USD
🔹 Reported To: Slack
🔹 Reported By: #jub0bs
🔹 State: 🟢 Resolved
🔹 Disclosed: January 16, 2022, 7:48am (UTC)
🎉1
372 views