Reflected XSS on https://███/████via hidden parameter "█████████"
👉 https://hackerone.com/reports/1029243
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #supr4s
🔹 State: 🟢 Resolved
🔹 Disclosed: January 19, 2022, 7:31pm (UTC)
👉 https://hackerone.com/reports/1029243
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #supr4s
🔹 State: 🟢 Resolved
🔹 Disclosed: January 19, 2022, 7:31pm (UTC)
██████████ running a vulnerable log4j
👉 https://hackerone.com/reports/1423496
🔹 Severity: Critical
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #alex_gaynor
🔹 State: 🟢 Resolved
🔹 Disclosed: January 19, 2022, 7:33pm (UTC)
👉 https://hackerone.com/reports/1423496
🔹 Severity: Critical
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #alex_gaynor
🔹 State: 🟢 Resolved
🔹 Disclosed: January 19, 2022, 7:33pm (UTC)
███ ████████ running a vulnerable log4j
👉 https://hackerone.com/reports/1438393
🔹 Severity: Critical
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #alex_gaynor
🔹 State: 🟢 Resolved
🔹 Disclosed: January 19, 2022, 7:35pm (UTC)
👉 https://hackerone.com/reports/1438393
🔹 Severity: Critical
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #alex_gaynor
🔹 State: 🟢 Resolved
🔹 Disclosed: January 19, 2022, 7:35pm (UTC)
[Java] CWE-552: Query to detect unsafe request dispatcher usage
👉 https://hackerone.com/reports/1454582
🔹 Severity: Medium
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #not_specified
🔹 State: 🟢 Resolved
🔹 Disclosed: January 19, 2022, 10:10pm (UTC)
👉 https://hackerone.com/reports/1454582
🔹 Severity: Medium
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #not_specified
🔹 State: 🟢 Resolved
🔹 Disclosed: January 19, 2022, 10:10pm (UTC)
[Java] CWE-089: MyBatis Mapper XML SQL Injection
👉 https://hackerone.com/reports/1442954
🔹 Severity: High | 💰 4,500 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #jessforfun
🔹 State: 🟢 Resolved
🔹 Disclosed: January 19, 2022, 10:11pm (UTC)
👉 https://hackerone.com/reports/1442954
🔹 Severity: High | 💰 4,500 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #jessforfun
🔹 State: 🟢 Resolved
🔹 Disclosed: January 19, 2022, 10:11pm (UTC)
👍1
[Javanoscript]: [Clipboard-based XSS]
👉 https://hackerone.com/reports/1448236
🔹 Severity: Medium
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #not_specified
🔹 State: 🟢 Resolved
🔹 Disclosed: January 19, 2022, 10:11pm (UTC)
👉 https://hackerone.com/reports/1448236
🔹 Severity: Medium
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #not_specified
🔹 State: 🟢 Resolved
🔹 Disclosed: January 19, 2022, 10:11pm (UTC)
Java: Regex injection
👉 https://hackerone.com/reports/1443028
🔹 Severity: Medium | 💰 1,000 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #edvraa
🔹 State: 🟢 Resolved
🔹 Disclosed: January 19, 2022, 10:12pm (UTC)
👉 https://hackerone.com/reports/1443028
🔹 Severity: Medium | 💰 1,000 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #edvraa
🔹 State: 🟢 Resolved
🔹 Disclosed: January 19, 2022, 10:12pm (UTC)
[Java] CWE-400: Query to detect uncontrolled thread resource consumption
👉 https://hackerone.com/reports/1413542
🔹 Severity: Medium | 💰 1,800 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #luchua
🔹 State: 🟢 Resolved
🔹 Disclosed: January 19, 2022, 10:12pm (UTC)
👉 https://hackerone.com/reports/1413542
🔹 Severity: Medium | 💰 1,800 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #luchua
🔹 State: 🟢 Resolved
🔹 Disclosed: January 19, 2022, 10:12pm (UTC)
[porcupiney.hairs]: [Python] Add Flask Path injection sinks
👉 https://hackerone.com/reports/1413541
🔹 Severity: Medium | 💰 1,800 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #porcupineyhairs
🔹 State: 🟢 Resolved
🔹 Disclosed: January 19, 2022, 10:12pm (UTC)
👉 https://hackerone.com/reports/1413541
🔹 Severity: Medium | 💰 1,800 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #porcupineyhairs
🔹 State: 🟢 Resolved
🔹 Disclosed: January 19, 2022, 10:12pm (UTC)
ihsinme: CPP Add query for CWE-675 Duplicate Operations on Resource
👉 https://hackerone.com/reports/1413540
🔹 Severity: Low | 💰 1,000 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #ihsinme
🔹 State: 🟢 Resolved
🔹 Disclosed: January 19, 2022, 10:13pm (UTC)
👉 https://hackerone.com/reports/1413540
🔹 Severity: Low | 💰 1,000 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #ihsinme
🔹 State: 🟢 Resolved
🔹 Disclosed: January 19, 2022, 10:13pm (UTC)
[Python]: JWT security-related queries
👉 https://hackerone.com/reports/1403263
🔹 Severity: Medium | 💰 1,800 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #jorgectf
🔹 State: 🟢 Resolved
🔹 Disclosed: January 19, 2022, 10:13pm (UTC)
👉 https://hackerone.com/reports/1403263
🔹 Severity: Medium | 💰 1,800 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #jorgectf
🔹 State: 🟢 Resolved
🔹 Disclosed: January 19, 2022, 10:13pm (UTC)
[Python]: CWE-079: HTTP Header injection
👉 https://hackerone.com/reports/1401159
🔹 Severity: Medium | 💰 1,800 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #jorgectf
🔹 State: 🟢 Resolved
🔹 Disclosed: January 19, 2022, 10:13pm (UTC)
👉 https://hackerone.com/reports/1401159
🔹 Severity: Medium | 💰 1,800 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #jorgectf
🔹 State: 🟢 Resolved
🔹 Disclosed: January 19, 2022, 10:13pm (UTC)
[GO]: [CWE-090: LDAP Injection All For One]
👉 https://hackerone.com/reports/1397942
🔹 Severity: Medium | 💰 1,800 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #pupiles
🔹 State: 🟢 Resolved
🔹 Disclosed: January 19, 2022, 10:13pm (UTC)
👉 https://hackerone.com/reports/1397942
🔹 Severity: Medium | 💰 1,800 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #pupiles
🔹 State: 🟢 Resolved
🔹 Disclosed: January 19, 2022, 10:13pm (UTC)
Yet another SSRF query for Go
👉 https://hackerone.com/reports/1391772
🔹 Severity: Medium | 💰 450 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #avada
🔹 State: 🟢 Resolved
🔹 Disclosed: January 19, 2022, 10:14pm (UTC)
👉 https://hackerone.com/reports/1391772
🔹 Severity: Medium | 💰 450 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #avada
🔹 State: 🟢 Resolved
🔹 Disclosed: January 19, 2022, 10:14pm (UTC)
Yet another SSRF query for Go
👉 https://hackerone.com/reports/1391771
🔹 Severity: Medium | 💰 450 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #ciohianz
🔹 State: 🟢 Resolved
🔹 Disclosed: January 19, 2022, 10:14pm (UTC)
👉 https://hackerone.com/reports/1391771
🔹 Severity: Medium | 💰 450 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #ciohianz
🔹 State: 🟢 Resolved
🔹 Disclosed: January 19, 2022, 10:14pm (UTC)
Yet another SSRF query for Go
👉 https://hackerone.com/reports/1391729
🔹 Severity: Medium | 💰 450 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #luuliiromee
🔹 State: 🟢 Resolved
🔹 Disclosed: January 19, 2022, 10:14pm (UTC)
👉 https://hackerone.com/reports/1391729
🔹 Severity: Medium | 💰 450 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #luuliiromee
🔹 State: 🟢 Resolved
🔹 Disclosed: January 19, 2022, 10:14pm (UTC)
Yet another SSRF query for Javanoscript
👉 https://hackerone.com/reports/1391728
🔹 Severity: Low | 💰 250 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #avada
🔹 State: 🟢 Resolved
🔹 Disclosed: January 19, 2022, 10:15pm (UTC)
👉 https://hackerone.com/reports/1391728
🔹 Severity: Low | 💰 250 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #avada
🔹 State: 🟢 Resolved
🔹 Disclosed: January 19, 2022, 10:15pm (UTC)
Yet another SSRF query for Javanoscript
👉 https://hackerone.com/reports/1391727
🔹 Severity: Low | 💰 250 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #ciohianz
🔹 State: 🟢 Resolved
🔹 Disclosed: January 19, 2022, 10:15pm (UTC)
👉 https://hackerone.com/reports/1391727
🔹 Severity: Low | 💰 250 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #ciohianz
🔹 State: 🟢 Resolved
🔹 Disclosed: January 19, 2022, 10:15pm (UTC)
Yet another SSRF query for Javanoscript
👉 https://hackerone.com/reports/1391726
🔹 Severity: Low | 💰 250 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #luuliiromee
🔹 State: 🟢 Resolved
🔹 Disclosed: January 19, 2022, 10:15pm (UTC)
👉 https://hackerone.com/reports/1391726
🔹 Severity: Low | 💰 250 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #luuliiromee
🔹 State: 🟢 Resolved
🔹 Disclosed: January 19, 2022, 10:15pm (UTC)
Yet another SSRF query for Go
👉 https://hackerone.com/reports/1391725
🔹 Severity: Medium | 💰 450 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #npesaresi
🔹 State: 🟢 Resolved
🔹 Disclosed: January 19, 2022, 10:15pm (UTC)
👉 https://hackerone.com/reports/1391725
🔹 Severity: Medium | 💰 450 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #npesaresi
🔹 State: 🟢 Resolved
🔹 Disclosed: January 19, 2022, 10:15pm (UTC)
Yet another SSRF query for Javanoscript
👉 https://hackerone.com/reports/1391724
🔹 Severity: Low | 💰 250 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #npesaresi
🔹 State: 🟢 Resolved
🔹 Disclosed: January 19, 2022, 10:16pm (UTC)
👉 https://hackerone.com/reports/1391724
🔹 Severity: Low | 💰 250 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #npesaresi
🔹 State: 🟢 Resolved
🔹 Disclosed: January 19, 2022, 10:16pm (UTC)