[Java] CWE-089: MyBatis Mapper XML SQL Injection
👉 https://hackerone.com/reports/1442954
🔹 Severity: High | 💰 4,500 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #jessforfun
🔹 State: 🟢 Resolved
🔹 Disclosed: January 19, 2022, 10:11pm (UTC)
👉 https://hackerone.com/reports/1442954
🔹 Severity: High | 💰 4,500 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #jessforfun
🔹 State: 🟢 Resolved
🔹 Disclosed: January 19, 2022, 10:11pm (UTC)
👍1
[Javanoscript]: [Clipboard-based XSS]
👉 https://hackerone.com/reports/1448236
🔹 Severity: Medium
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #not_specified
🔹 State: 🟢 Resolved
🔹 Disclosed: January 19, 2022, 10:11pm (UTC)
👉 https://hackerone.com/reports/1448236
🔹 Severity: Medium
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #not_specified
🔹 State: 🟢 Resolved
🔹 Disclosed: January 19, 2022, 10:11pm (UTC)
Java: Regex injection
👉 https://hackerone.com/reports/1443028
🔹 Severity: Medium | 💰 1,000 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #edvraa
🔹 State: 🟢 Resolved
🔹 Disclosed: January 19, 2022, 10:12pm (UTC)
👉 https://hackerone.com/reports/1443028
🔹 Severity: Medium | 💰 1,000 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #edvraa
🔹 State: 🟢 Resolved
🔹 Disclosed: January 19, 2022, 10:12pm (UTC)
[Java] CWE-400: Query to detect uncontrolled thread resource consumption
👉 https://hackerone.com/reports/1413542
🔹 Severity: Medium | 💰 1,800 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #luchua
🔹 State: 🟢 Resolved
🔹 Disclosed: January 19, 2022, 10:12pm (UTC)
👉 https://hackerone.com/reports/1413542
🔹 Severity: Medium | 💰 1,800 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #luchua
🔹 State: 🟢 Resolved
🔹 Disclosed: January 19, 2022, 10:12pm (UTC)
[porcupiney.hairs]: [Python] Add Flask Path injection sinks
👉 https://hackerone.com/reports/1413541
🔹 Severity: Medium | 💰 1,800 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #porcupineyhairs
🔹 State: 🟢 Resolved
🔹 Disclosed: January 19, 2022, 10:12pm (UTC)
👉 https://hackerone.com/reports/1413541
🔹 Severity: Medium | 💰 1,800 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #porcupineyhairs
🔹 State: 🟢 Resolved
🔹 Disclosed: January 19, 2022, 10:12pm (UTC)
ihsinme: CPP Add query for CWE-675 Duplicate Operations on Resource
👉 https://hackerone.com/reports/1413540
🔹 Severity: Low | 💰 1,000 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #ihsinme
🔹 State: 🟢 Resolved
🔹 Disclosed: January 19, 2022, 10:13pm (UTC)
👉 https://hackerone.com/reports/1413540
🔹 Severity: Low | 💰 1,000 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #ihsinme
🔹 State: 🟢 Resolved
🔹 Disclosed: January 19, 2022, 10:13pm (UTC)
[Python]: JWT security-related queries
👉 https://hackerone.com/reports/1403263
🔹 Severity: Medium | 💰 1,800 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #jorgectf
🔹 State: 🟢 Resolved
🔹 Disclosed: January 19, 2022, 10:13pm (UTC)
👉 https://hackerone.com/reports/1403263
🔹 Severity: Medium | 💰 1,800 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #jorgectf
🔹 State: 🟢 Resolved
🔹 Disclosed: January 19, 2022, 10:13pm (UTC)
[Python]: CWE-079: HTTP Header injection
👉 https://hackerone.com/reports/1401159
🔹 Severity: Medium | 💰 1,800 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #jorgectf
🔹 State: 🟢 Resolved
🔹 Disclosed: January 19, 2022, 10:13pm (UTC)
👉 https://hackerone.com/reports/1401159
🔹 Severity: Medium | 💰 1,800 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #jorgectf
🔹 State: 🟢 Resolved
🔹 Disclosed: January 19, 2022, 10:13pm (UTC)
[GO]: [CWE-090: LDAP Injection All For One]
👉 https://hackerone.com/reports/1397942
🔹 Severity: Medium | 💰 1,800 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #pupiles
🔹 State: 🟢 Resolved
🔹 Disclosed: January 19, 2022, 10:13pm (UTC)
👉 https://hackerone.com/reports/1397942
🔹 Severity: Medium | 💰 1,800 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #pupiles
🔹 State: 🟢 Resolved
🔹 Disclosed: January 19, 2022, 10:13pm (UTC)
Yet another SSRF query for Go
👉 https://hackerone.com/reports/1391772
🔹 Severity: Medium | 💰 450 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #avada
🔹 State: 🟢 Resolved
🔹 Disclosed: January 19, 2022, 10:14pm (UTC)
👉 https://hackerone.com/reports/1391772
🔹 Severity: Medium | 💰 450 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #avada
🔹 State: 🟢 Resolved
🔹 Disclosed: January 19, 2022, 10:14pm (UTC)
Yet another SSRF query for Go
👉 https://hackerone.com/reports/1391771
🔹 Severity: Medium | 💰 450 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #ciohianz
🔹 State: 🟢 Resolved
🔹 Disclosed: January 19, 2022, 10:14pm (UTC)
👉 https://hackerone.com/reports/1391771
🔹 Severity: Medium | 💰 450 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #ciohianz
🔹 State: 🟢 Resolved
🔹 Disclosed: January 19, 2022, 10:14pm (UTC)
Yet another SSRF query for Go
👉 https://hackerone.com/reports/1391729
🔹 Severity: Medium | 💰 450 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #luuliiromee
🔹 State: 🟢 Resolved
🔹 Disclosed: January 19, 2022, 10:14pm (UTC)
👉 https://hackerone.com/reports/1391729
🔹 Severity: Medium | 💰 450 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #luuliiromee
🔹 State: 🟢 Resolved
🔹 Disclosed: January 19, 2022, 10:14pm (UTC)
Yet another SSRF query for Javanoscript
👉 https://hackerone.com/reports/1391728
🔹 Severity: Low | 💰 250 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #avada
🔹 State: 🟢 Resolved
🔹 Disclosed: January 19, 2022, 10:15pm (UTC)
👉 https://hackerone.com/reports/1391728
🔹 Severity: Low | 💰 250 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #avada
🔹 State: 🟢 Resolved
🔹 Disclosed: January 19, 2022, 10:15pm (UTC)
Yet another SSRF query for Javanoscript
👉 https://hackerone.com/reports/1391727
🔹 Severity: Low | 💰 250 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #ciohianz
🔹 State: 🟢 Resolved
🔹 Disclosed: January 19, 2022, 10:15pm (UTC)
👉 https://hackerone.com/reports/1391727
🔹 Severity: Low | 💰 250 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #ciohianz
🔹 State: 🟢 Resolved
🔹 Disclosed: January 19, 2022, 10:15pm (UTC)
Yet another SSRF query for Javanoscript
👉 https://hackerone.com/reports/1391726
🔹 Severity: Low | 💰 250 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #luuliiromee
🔹 State: 🟢 Resolved
🔹 Disclosed: January 19, 2022, 10:15pm (UTC)
👉 https://hackerone.com/reports/1391726
🔹 Severity: Low | 💰 250 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #luuliiromee
🔹 State: 🟢 Resolved
🔹 Disclosed: January 19, 2022, 10:15pm (UTC)
Yet another SSRF query for Go
👉 https://hackerone.com/reports/1391725
🔹 Severity: Medium | 💰 450 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #npesaresi
🔹 State: 🟢 Resolved
🔹 Disclosed: January 19, 2022, 10:15pm (UTC)
👉 https://hackerone.com/reports/1391725
🔹 Severity: Medium | 💰 450 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #npesaresi
🔹 State: 🟢 Resolved
🔹 Disclosed: January 19, 2022, 10:15pm (UTC)
Yet another SSRF query for Javanoscript
👉 https://hackerone.com/reports/1391724
🔹 Severity: Low | 💰 250 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #npesaresi
🔹 State: 🟢 Resolved
🔹 Disclosed: January 19, 2022, 10:16pm (UTC)
👉 https://hackerone.com/reports/1391724
🔹 Severity: Low | 💰 250 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #npesaresi
🔹 State: 🟢 Resolved
🔹 Disclosed: January 19, 2022, 10:16pm (UTC)
Cross-site Scripting (XSS) - Stored on ads.tiktok.com in Text field
👉 https://hackerone.com/reports/1376961
🔹 Severity: Medium | 💰 999 USD
🔹 Reported To: TikTok
🔹 Reported By: #lu3ky-13
🔹 State: 🟢 Resolved
🔹 Disclosed: January 20, 2022, 12:31am (UTC)
👉 https://hackerone.com/reports/1376961
🔹 Severity: Medium | 💰 999 USD
🔹 Reported To: TikTok
🔹 Reported By: #lu3ky-13
🔹 State: 🟢 Resolved
🔹 Disclosed: January 20, 2022, 12:31am (UTC)
Stored XSS at https://linkpop.com
👉 https://hackerone.com/reports/1441988
🔹 Severity: Medium | 💰 1,600 USD
🔹 Reported To: Shopify
🔹 Reported By: #nagli
🔹 State: 🟢 Resolved
🔹 Disclosed: January 20, 2022, 7:08pm (UTC)
👉 https://hackerone.com/reports/1441988
🔹 Severity: Medium | 💰 1,600 USD
🔹 Reported To: Shopify
🔹 Reported By: #nagli
🔹 State: 🟢 Resolved
🔹 Disclosed: January 20, 2022, 7:08pm (UTC)
🎉2
Direct Access To admin Dashboard
👉 https://hackerone.com/reports/1421804
🔹 Severity: No Rating | 💰 500 USD
🔹 Reported To: Shopify
🔹 Reported By: #mester_x
🔹 State: 🟢 Resolved
🔹 Disclosed: January 20, 2022, 7:15pm (UTC)
👉 https://hackerone.com/reports/1421804
🔹 Severity: No Rating | 💰 500 USD
🔹 Reported To: Shopify
🔹 Reported By: #mester_x
🔹 State: 🟢 Resolved
🔹 Disclosed: January 20, 2022, 7:15pm (UTC)
Reflected XSS online-store-git.shopifycloud.com
👉 https://hackerone.com/reports/1410459
🔹 Severity: Medium | 💰 3,500 USD
🔹 Reported To: Shopify
🔹 Reported By: #bepresent
🔹 State: 🟢 Resolved
🔹 Disclosed: January 20, 2022, 7:45pm (UTC)
👉 https://hackerone.com/reports/1410459
🔹 Severity: Medium | 💰 3,500 USD
🔹 Reported To: Shopify
🔹 Reported By: #bepresent
🔹 State: 🟢 Resolved
🔹 Disclosed: January 20, 2022, 7:45pm (UTC)
🔥1