Bugpoint – Telegram
Bugpoint
@bugpoint
1.06K subscribers
3.73K photos
3.73K links
Latest updates about disclosure bug bounty reports: tech details, impacts, bounties 📣

Rate👇
https://cutt.ly/bugpoint_rate
Feedback👇
https://cutt.ly/bugpoint_feedback

#️⃣ bug bounty disclosed reports
#️⃣ bug bounty write-ups
#️⃣ bug bounty teleg
Download Telegram
About
Blog
Apps
Platform
Join
Bugpoint
1.06K subscribers
Bugpoint
SSRF & Blind XSS in Gravatar email

👉 https://hackerone.com/reports/1100096

🔹 Severity: High | 💰 750 USD
🔹 Reported To: Automattic
🔹 Reported By: #rockybandana
🔹 State: 🟢 Resolved
🔹 Disclosed: January 17, 2022, 8:44pm (UTC)
🔥4
336 views
Bugpoint
DOM XSS through ads

👉 https://hackerone.com/reports/889041

🔹 Severity: Medium
🔹 Reported To: Urban Dictionary
🔹 Reported By: #bemodtwz
🔹 State: 🟢 Resolved
🔹 Disclosed: January 18, 2022, 12:56am (UTC)
🤩1
351 views
Bugpoint
Exposed Golang debugger on tier3.riot.mail.ru:9090, 9080

👉 https://hackerone.com/reports/1247910

🔹 Severity: Medium
🔹 Reported To: Mail.ru
🔹 Reported By: #ian
🔹 State: 🟢 Resolved
🔹 Disclosed: January 19, 2022, 7:48am (UTC)
337 views
Bugpoint
Dom Xss vulnerability

👉 https://hackerone.com/reports/1448616

🔹 Severity: High
🔹 Reported To: Recorded Future
🔹 Reported By: #fornex
🔹 State: ⚪️ Informative
🔹 Disclosed: January 19, 2022, 11:00am (UTC)
328 views
Bugpoint
User can pay using archived price by manipulating the request sent to `POST /v1/payment_pages/for_plink`

👉 https://hackerone.com/reports/1328278

🔹 Severity: Medium | 💰 1,000 USD
🔹 Reported To: Stripe
🔹 Reported By: #gregxsunday
🔹 State: 🟢 Resolved
🔹 Disclosed: January 19, 2022, 3:19pm (UTC)
293 views
Bugpoint
Wrong settings in ADF Faces leads to information disclosure

👉 https://hackerone.com/reports/1422641

🔹 Severity: High
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #h3xr
🔹 State: 🟢 Resolved
🔹 Disclosed: January 19, 2022, 7:28pm (UTC)
274 views
Bugpoint
XSS Reflected - ██████████

👉 https://hackerone.com/reports/1223577

🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #drauschkolb
🔹 State: 🟢 Resolved
🔹 Disclosed: January 19, 2022, 7:29pm (UTC)
👍1
256 views
Bugpoint
Reflected XSS in https://███████ via hidden parameter "████████"

👉 https://hackerone.com/reports/1029238

🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #supr4s
🔹 State: 🟢 Resolved
🔹 Disclosed: January 19, 2022, 7:30pm (UTC)
224 views
Bugpoint
Reflected XSS on https://███/████via hidden parameter "█████████"

👉 https://hackerone.com/reports/1029243

🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #supr4s
🔹 State: 🟢 Resolved
🔹 Disclosed: January 19, 2022, 7:31pm (UTC)
225 views
Bugpoint
██████████ running a vulnerable log4j

👉 https://hackerone.com/reports/1423496

🔹 Severity: Critical
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #alex_gaynor
🔹 State: 🟢 Resolved
🔹 Disclosed: January 19, 2022, 7:33pm (UTC)
225 views
Bugpoint
███ ████████ running a vulnerable log4j

👉 https://hackerone.com/reports/1438393

🔹 Severity: Critical
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #alex_gaynor
🔹 State: 🟢 Resolved
🔹 Disclosed: January 19, 2022, 7:35pm (UTC)
226 views
Bugpoint
[Java] CWE-552: Query to detect unsafe request dispatcher usage

👉 https://hackerone.com/reports/1454582

🔹 Severity: Medium
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #not_specified
🔹 State: 🟢 Resolved
🔹 Disclosed: January 19, 2022, 10:10pm (UTC)
214 views
Bugpoint
[Java] CWE-089: MyBatis Mapper XML SQL Injection

👉 https://hackerone.com/reports/1442954

🔹 Severity: High | 💰 4,500 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #jessforfun
🔹 State: 🟢 Resolved
🔹 Disclosed: January 19, 2022, 10:11pm (UTC)
👍1
208 views
Bugpoint
[Javanoscript]: [Clipboard-based XSS]

👉 https://hackerone.com/reports/1448236

🔹 Severity: Medium
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #not_specified
🔹 State: 🟢 Resolved
🔹 Disclosed: January 19, 2022, 10:11pm (UTC)
197 views
Bugpoint
Java: Regex injection

👉 https://hackerone.com/reports/1443028

🔹 Severity: Medium | 💰 1,000 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #edvraa
🔹 State: 🟢 Resolved
🔹 Disclosed: January 19, 2022, 10:12pm (UTC)
187 views
Bugpoint
[Java] CWE-400: Query to detect uncontrolled thread resource consumption

👉 https://hackerone.com/reports/1413542

🔹 Severity: Medium | 💰 1,800 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #luchua
🔹 State: 🟢 Resolved
🔹 Disclosed: January 19, 2022, 10:12pm (UTC)
190 views
Bugpoint
[porcupiney.hairs]: [Python] Add Flask Path injection sinks

👉 https://hackerone.com/reports/1413541

🔹 Severity: Medium | 💰 1,800 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #porcupineyhairs
🔹 State: 🟢 Resolved
🔹 Disclosed: January 19, 2022, 10:12pm (UTC)
188 views
Bugpoint
ihsinme: CPP Add query for CWE-675 Duplicate Operations on Resource

👉 https://hackerone.com/reports/1413540

🔹 Severity: Low | 💰 1,000 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #ihsinme
🔹 State: 🟢 Resolved
🔹 Disclosed: January 19, 2022, 10:13pm (UTC)
183 views
Bugpoint
[Python]: JWT security-related queries

👉 https://hackerone.com/reports/1403263

🔹 Severity: Medium | 💰 1,800 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #jorgectf
🔹 State: 🟢 Resolved
🔹 Disclosed: January 19, 2022, 10:13pm (UTC)
182 views
Bugpoint
[Python]: CWE-079: HTTP Header injection

👉 https://hackerone.com/reports/1401159

🔹 Severity: Medium | 💰 1,800 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #jorgectf
🔹 State: 🟢 Resolved
🔹 Disclosed: January 19, 2022, 10:13pm (UTC)
179 views
Bugpoint
[GO]: [CWE-090: LDAP Injection All For One]

👉 https://hackerone.com/reports/1397942

🔹 Severity: Medium | 💰 1,800 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #pupiles
🔹 State: 🟢 Resolved
🔹 Disclosed: January 19, 2022, 10:13pm (UTC)
175 views