ihsinme: CPP Add query for CWE-675 Duplicate Operations on Resource
👉 https://hackerone.com/reports/1413540
🔹 Severity: Low | 💰 1,000 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #ihsinme
🔹 State: 🟢 Resolved
🔹 Disclosed: January 19, 2022, 10:13pm (UTC)
👉 https://hackerone.com/reports/1413540
🔹 Severity: Low | 💰 1,000 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #ihsinme
🔹 State: 🟢 Resolved
🔹 Disclosed: January 19, 2022, 10:13pm (UTC)
[Python]: JWT security-related queries
👉 https://hackerone.com/reports/1403263
🔹 Severity: Medium | 💰 1,800 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #jorgectf
🔹 State: 🟢 Resolved
🔹 Disclosed: January 19, 2022, 10:13pm (UTC)
👉 https://hackerone.com/reports/1403263
🔹 Severity: Medium | 💰 1,800 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #jorgectf
🔹 State: 🟢 Resolved
🔹 Disclosed: January 19, 2022, 10:13pm (UTC)
[Python]: CWE-079: HTTP Header injection
👉 https://hackerone.com/reports/1401159
🔹 Severity: Medium | 💰 1,800 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #jorgectf
🔹 State: 🟢 Resolved
🔹 Disclosed: January 19, 2022, 10:13pm (UTC)
👉 https://hackerone.com/reports/1401159
🔹 Severity: Medium | 💰 1,800 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #jorgectf
🔹 State: 🟢 Resolved
🔹 Disclosed: January 19, 2022, 10:13pm (UTC)
[GO]: [CWE-090: LDAP Injection All For One]
👉 https://hackerone.com/reports/1397942
🔹 Severity: Medium | 💰 1,800 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #pupiles
🔹 State: 🟢 Resolved
🔹 Disclosed: January 19, 2022, 10:13pm (UTC)
👉 https://hackerone.com/reports/1397942
🔹 Severity: Medium | 💰 1,800 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #pupiles
🔹 State: 🟢 Resolved
🔹 Disclosed: January 19, 2022, 10:13pm (UTC)
Yet another SSRF query for Go
👉 https://hackerone.com/reports/1391772
🔹 Severity: Medium | 💰 450 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #avada
🔹 State: 🟢 Resolved
🔹 Disclosed: January 19, 2022, 10:14pm (UTC)
👉 https://hackerone.com/reports/1391772
🔹 Severity: Medium | 💰 450 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #avada
🔹 State: 🟢 Resolved
🔹 Disclosed: January 19, 2022, 10:14pm (UTC)
Yet another SSRF query for Go
👉 https://hackerone.com/reports/1391771
🔹 Severity: Medium | 💰 450 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #ciohianz
🔹 State: 🟢 Resolved
🔹 Disclosed: January 19, 2022, 10:14pm (UTC)
👉 https://hackerone.com/reports/1391771
🔹 Severity: Medium | 💰 450 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #ciohianz
🔹 State: 🟢 Resolved
🔹 Disclosed: January 19, 2022, 10:14pm (UTC)
Yet another SSRF query for Go
👉 https://hackerone.com/reports/1391729
🔹 Severity: Medium | 💰 450 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #luuliiromee
🔹 State: 🟢 Resolved
🔹 Disclosed: January 19, 2022, 10:14pm (UTC)
👉 https://hackerone.com/reports/1391729
🔹 Severity: Medium | 💰 450 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #luuliiromee
🔹 State: 🟢 Resolved
🔹 Disclosed: January 19, 2022, 10:14pm (UTC)
Yet another SSRF query for Javanoscript
👉 https://hackerone.com/reports/1391728
🔹 Severity: Low | 💰 250 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #avada
🔹 State: 🟢 Resolved
🔹 Disclosed: January 19, 2022, 10:15pm (UTC)
👉 https://hackerone.com/reports/1391728
🔹 Severity: Low | 💰 250 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #avada
🔹 State: 🟢 Resolved
🔹 Disclosed: January 19, 2022, 10:15pm (UTC)
Yet another SSRF query for Javanoscript
👉 https://hackerone.com/reports/1391727
🔹 Severity: Low | 💰 250 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #ciohianz
🔹 State: 🟢 Resolved
🔹 Disclosed: January 19, 2022, 10:15pm (UTC)
👉 https://hackerone.com/reports/1391727
🔹 Severity: Low | 💰 250 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #ciohianz
🔹 State: 🟢 Resolved
🔹 Disclosed: January 19, 2022, 10:15pm (UTC)
Yet another SSRF query for Javanoscript
👉 https://hackerone.com/reports/1391726
🔹 Severity: Low | 💰 250 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #luuliiromee
🔹 State: 🟢 Resolved
🔹 Disclosed: January 19, 2022, 10:15pm (UTC)
👉 https://hackerone.com/reports/1391726
🔹 Severity: Low | 💰 250 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #luuliiromee
🔹 State: 🟢 Resolved
🔹 Disclosed: January 19, 2022, 10:15pm (UTC)
Yet another SSRF query for Go
👉 https://hackerone.com/reports/1391725
🔹 Severity: Medium | 💰 450 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #npesaresi
🔹 State: 🟢 Resolved
🔹 Disclosed: January 19, 2022, 10:15pm (UTC)
👉 https://hackerone.com/reports/1391725
🔹 Severity: Medium | 💰 450 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #npesaresi
🔹 State: 🟢 Resolved
🔹 Disclosed: January 19, 2022, 10:15pm (UTC)
Yet another SSRF query for Javanoscript
👉 https://hackerone.com/reports/1391724
🔹 Severity: Low | 💰 250 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #npesaresi
🔹 State: 🟢 Resolved
🔹 Disclosed: January 19, 2022, 10:16pm (UTC)
👉 https://hackerone.com/reports/1391724
🔹 Severity: Low | 💰 250 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #npesaresi
🔹 State: 🟢 Resolved
🔹 Disclosed: January 19, 2022, 10:16pm (UTC)
Cross-site Scripting (XSS) - Stored on ads.tiktok.com in Text field
👉 https://hackerone.com/reports/1376961
🔹 Severity: Medium | 💰 999 USD
🔹 Reported To: TikTok
🔹 Reported By: #lu3ky-13
🔹 State: 🟢 Resolved
🔹 Disclosed: January 20, 2022, 12:31am (UTC)
👉 https://hackerone.com/reports/1376961
🔹 Severity: Medium | 💰 999 USD
🔹 Reported To: TikTok
🔹 Reported By: #lu3ky-13
🔹 State: 🟢 Resolved
🔹 Disclosed: January 20, 2022, 12:31am (UTC)
Stored XSS at https://linkpop.com
👉 https://hackerone.com/reports/1441988
🔹 Severity: Medium | 💰 1,600 USD
🔹 Reported To: Shopify
🔹 Reported By: #nagli
🔹 State: 🟢 Resolved
🔹 Disclosed: January 20, 2022, 7:08pm (UTC)
👉 https://hackerone.com/reports/1441988
🔹 Severity: Medium | 💰 1,600 USD
🔹 Reported To: Shopify
🔹 Reported By: #nagli
🔹 State: 🟢 Resolved
🔹 Disclosed: January 20, 2022, 7:08pm (UTC)
🎉2
Direct Access To admin Dashboard
👉 https://hackerone.com/reports/1421804
🔹 Severity: No Rating | 💰 500 USD
🔹 Reported To: Shopify
🔹 Reported By: #mester_x
🔹 State: 🟢 Resolved
🔹 Disclosed: January 20, 2022, 7:15pm (UTC)
👉 https://hackerone.com/reports/1421804
🔹 Severity: No Rating | 💰 500 USD
🔹 Reported To: Shopify
🔹 Reported By: #mester_x
🔹 State: 🟢 Resolved
🔹 Disclosed: January 20, 2022, 7:15pm (UTC)
Reflected XSS online-store-git.shopifycloud.com
👉 https://hackerone.com/reports/1410459
🔹 Severity: Medium | 💰 3,500 USD
🔹 Reported To: Shopify
🔹 Reported By: #bepresent
🔹 State: 🟢 Resolved
🔹 Disclosed: January 20, 2022, 7:45pm (UTC)
👉 https://hackerone.com/reports/1410459
🔹 Severity: Medium | 💰 3,500 USD
🔹 Reported To: Shopify
🔹 Reported By: #bepresent
🔹 State: 🟢 Resolved
🔹 Disclosed: January 20, 2022, 7:45pm (UTC)
🔥1
Invalid handling of X509_verify_cert() internal errors in libssl (CVE-2021-4044)
👉 https://hackerone.com/reports/1455411
🔹 Severity: Medium | 💰 1,200 USD
🔹 Reported To: Internet Bug Bounty
🔹 Reported By: #tniessen
🔹 State: 🟢 Resolved
🔹 Disclosed: January 20, 2022, 11:40pm (UTC)
👉 https://hackerone.com/reports/1455411
🔹 Severity: Medium | 💰 1,200 USD
🔹 Reported To: Internet Bug Bounty
🔹 Reported By: #tniessen
🔹 State: 🟢 Resolved
🔹 Disclosed: January 20, 2022, 11:40pm (UTC)
👍1
disclosing clients' secret keys https://stage-uapi.tochka.com:2000/
👉 https://hackerone.com/reports/1419205
🔹 Severity: Low | 💰 150 USD
🔹 Reported To: QIWI
🔹 Reported By: #rivalsec
🔹 State: 🟢 Resolved
🔹 Disclosed: January 21, 2022, 11:19am (UTC)
👉 https://hackerone.com/reports/1419205
🔹 Severity: Low | 💰 150 USD
🔹 Reported To: QIWI
🔹 Reported By: #rivalsec
🔹 State: 🟢 Resolved
🔹 Disclosed: January 21, 2022, 11:19am (UTC)
[https://app.recordedfuture.com] - Reflected XSS via username parameter
👉 https://hackerone.com/reports/1201134
🔹 Severity: Medium | 💰 300 USD
🔹 Reported To: Recorded Future
🔹 Reported By: #bombon
🔹 State: 🟢 Resolved
🔹 Disclosed: January 21, 2022, 1:51pm (UTC)
👉 https://hackerone.com/reports/1201134
🔹 Severity: Medium | 💰 300 USD
🔹 Reported To: Recorded Future
🔹 Reported By: #bombon
🔹 State: 🟢 Resolved
🔹 Disclosed: January 21, 2022, 1:51pm (UTC)
Email change or personal data change on the account.
👉 https://hackerone.com/reports/1250037
🔹 Severity: Critical | 💰 3,000 USD
🔹 Reported To: Stripe
🔹 Reported By: #dk82hg
🔹 State: 🟢 Resolved
🔹 Disclosed: January 21, 2022, 2:13pm (UTC)
👉 https://hackerone.com/reports/1250037
🔹 Severity: Critical | 💰 3,000 USD
🔹 Reported To: Stripe
🔹 Reported By: #dk82hg
🔹 State: 🟢 Resolved
🔹 Disclosed: January 21, 2022, 2:13pm (UTC)
hosted.weblate.org display of unfiltered results
👉 https://hackerone.com/reports/1454552
🔹 Severity: No Rating
🔹 Reported To: Weblate
🔹 Reported By: #joshmcman08
🔹 State: ⚪️ Informative
🔹 Disclosed: January 21, 2022, 8:47pm (UTC)
👉 https://hackerone.com/reports/1454552
🔹 Severity: No Rating
🔹 Reported To: Weblate
🔹 Reported By: #joshmcman08
🔹 State: ⚪️ Informative
🔹 Disclosed: January 21, 2022, 8:47pm (UTC)