Yet another SSRF query for Javanoscript
👉 https://hackerone.com/reports/1391728
🔹 Severity: Low | 💰 250 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #avada
🔹 State: 🟢 Resolved
🔹 Disclosed: January 19, 2022, 10:15pm (UTC)
👉 https://hackerone.com/reports/1391728
🔹 Severity: Low | 💰 250 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #avada
🔹 State: 🟢 Resolved
🔹 Disclosed: January 19, 2022, 10:15pm (UTC)
Yet another SSRF query for Javanoscript
👉 https://hackerone.com/reports/1391727
🔹 Severity: Low | 💰 250 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #ciohianz
🔹 State: 🟢 Resolved
🔹 Disclosed: January 19, 2022, 10:15pm (UTC)
👉 https://hackerone.com/reports/1391727
🔹 Severity: Low | 💰 250 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #ciohianz
🔹 State: 🟢 Resolved
🔹 Disclosed: January 19, 2022, 10:15pm (UTC)
Yet another SSRF query for Javanoscript
👉 https://hackerone.com/reports/1391726
🔹 Severity: Low | 💰 250 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #luuliiromee
🔹 State: 🟢 Resolved
🔹 Disclosed: January 19, 2022, 10:15pm (UTC)
👉 https://hackerone.com/reports/1391726
🔹 Severity: Low | 💰 250 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #luuliiromee
🔹 State: 🟢 Resolved
🔹 Disclosed: January 19, 2022, 10:15pm (UTC)
Yet another SSRF query for Go
👉 https://hackerone.com/reports/1391725
🔹 Severity: Medium | 💰 450 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #npesaresi
🔹 State: 🟢 Resolved
🔹 Disclosed: January 19, 2022, 10:15pm (UTC)
👉 https://hackerone.com/reports/1391725
🔹 Severity: Medium | 💰 450 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #npesaresi
🔹 State: 🟢 Resolved
🔹 Disclosed: January 19, 2022, 10:15pm (UTC)
Yet another SSRF query for Javanoscript
👉 https://hackerone.com/reports/1391724
🔹 Severity: Low | 💰 250 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #npesaresi
🔹 State: 🟢 Resolved
🔹 Disclosed: January 19, 2022, 10:16pm (UTC)
👉 https://hackerone.com/reports/1391724
🔹 Severity: Low | 💰 250 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #npesaresi
🔹 State: 🟢 Resolved
🔹 Disclosed: January 19, 2022, 10:16pm (UTC)
Cross-site Scripting (XSS) - Stored on ads.tiktok.com in Text field
👉 https://hackerone.com/reports/1376961
🔹 Severity: Medium | 💰 999 USD
🔹 Reported To: TikTok
🔹 Reported By: #lu3ky-13
🔹 State: 🟢 Resolved
🔹 Disclosed: January 20, 2022, 12:31am (UTC)
👉 https://hackerone.com/reports/1376961
🔹 Severity: Medium | 💰 999 USD
🔹 Reported To: TikTok
🔹 Reported By: #lu3ky-13
🔹 State: 🟢 Resolved
🔹 Disclosed: January 20, 2022, 12:31am (UTC)
Stored XSS at https://linkpop.com
👉 https://hackerone.com/reports/1441988
🔹 Severity: Medium | 💰 1,600 USD
🔹 Reported To: Shopify
🔹 Reported By: #nagli
🔹 State: 🟢 Resolved
🔹 Disclosed: January 20, 2022, 7:08pm (UTC)
👉 https://hackerone.com/reports/1441988
🔹 Severity: Medium | 💰 1,600 USD
🔹 Reported To: Shopify
🔹 Reported By: #nagli
🔹 State: 🟢 Resolved
🔹 Disclosed: January 20, 2022, 7:08pm (UTC)
🎉2
Direct Access To admin Dashboard
👉 https://hackerone.com/reports/1421804
🔹 Severity: No Rating | 💰 500 USD
🔹 Reported To: Shopify
🔹 Reported By: #mester_x
🔹 State: 🟢 Resolved
🔹 Disclosed: January 20, 2022, 7:15pm (UTC)
👉 https://hackerone.com/reports/1421804
🔹 Severity: No Rating | 💰 500 USD
🔹 Reported To: Shopify
🔹 Reported By: #mester_x
🔹 State: 🟢 Resolved
🔹 Disclosed: January 20, 2022, 7:15pm (UTC)
Reflected XSS online-store-git.shopifycloud.com
👉 https://hackerone.com/reports/1410459
🔹 Severity: Medium | 💰 3,500 USD
🔹 Reported To: Shopify
🔹 Reported By: #bepresent
🔹 State: 🟢 Resolved
🔹 Disclosed: January 20, 2022, 7:45pm (UTC)
👉 https://hackerone.com/reports/1410459
🔹 Severity: Medium | 💰 3,500 USD
🔹 Reported To: Shopify
🔹 Reported By: #bepresent
🔹 State: 🟢 Resolved
🔹 Disclosed: January 20, 2022, 7:45pm (UTC)
🔥1
Invalid handling of X509_verify_cert() internal errors in libssl (CVE-2021-4044)
👉 https://hackerone.com/reports/1455411
🔹 Severity: Medium | 💰 1,200 USD
🔹 Reported To: Internet Bug Bounty
🔹 Reported By: #tniessen
🔹 State: 🟢 Resolved
🔹 Disclosed: January 20, 2022, 11:40pm (UTC)
👉 https://hackerone.com/reports/1455411
🔹 Severity: Medium | 💰 1,200 USD
🔹 Reported To: Internet Bug Bounty
🔹 Reported By: #tniessen
🔹 State: 🟢 Resolved
🔹 Disclosed: January 20, 2022, 11:40pm (UTC)
👍1
disclosing clients' secret keys https://stage-uapi.tochka.com:2000/
👉 https://hackerone.com/reports/1419205
🔹 Severity: Low | 💰 150 USD
🔹 Reported To: QIWI
🔹 Reported By: #rivalsec
🔹 State: 🟢 Resolved
🔹 Disclosed: January 21, 2022, 11:19am (UTC)
👉 https://hackerone.com/reports/1419205
🔹 Severity: Low | 💰 150 USD
🔹 Reported To: QIWI
🔹 Reported By: #rivalsec
🔹 State: 🟢 Resolved
🔹 Disclosed: January 21, 2022, 11:19am (UTC)
[https://app.recordedfuture.com] - Reflected XSS via username parameter
👉 https://hackerone.com/reports/1201134
🔹 Severity: Medium | 💰 300 USD
🔹 Reported To: Recorded Future
🔹 Reported By: #bombon
🔹 State: 🟢 Resolved
🔹 Disclosed: January 21, 2022, 1:51pm (UTC)
👉 https://hackerone.com/reports/1201134
🔹 Severity: Medium | 💰 300 USD
🔹 Reported To: Recorded Future
🔹 Reported By: #bombon
🔹 State: 🟢 Resolved
🔹 Disclosed: January 21, 2022, 1:51pm (UTC)
Email change or personal data change on the account.
👉 https://hackerone.com/reports/1250037
🔹 Severity: Critical | 💰 3,000 USD
🔹 Reported To: Stripe
🔹 Reported By: #dk82hg
🔹 State: 🟢 Resolved
🔹 Disclosed: January 21, 2022, 2:13pm (UTC)
👉 https://hackerone.com/reports/1250037
🔹 Severity: Critical | 💰 3,000 USD
🔹 Reported To: Stripe
🔹 Reported By: #dk82hg
🔹 State: 🟢 Resolved
🔹 Disclosed: January 21, 2022, 2:13pm (UTC)
hosted.weblate.org display of unfiltered results
👉 https://hackerone.com/reports/1454552
🔹 Severity: No Rating
🔹 Reported To: Weblate
🔹 Reported By: #joshmcman08
🔹 State: ⚪️ Informative
🔹 Disclosed: January 21, 2022, 8:47pm (UTC)
👉 https://hackerone.com/reports/1454552
🔹 Severity: No Rating
🔹 Reported To: Weblate
🔹 Reported By: #joshmcman08
🔹 State: ⚪️ Informative
🔹 Disclosed: January 21, 2022, 8:47pm (UTC)
xss reflected on imgur.com
👉 https://hackerone.com/reports/1058427
🔹 Severity: No Rating | 💰 100 USD
🔹 Reported To: Imgur
🔹 Reported By: #whoami991
🔹 State: 🟢 Resolved
🔹 Disclosed: January 22, 2022, 5:09am (UTC)
👉 https://hackerone.com/reports/1058427
🔹 Severity: No Rating | 💰 100 USD
🔹 Reported To: Imgur
🔹 Reported By: #whoami991
🔹 State: 🟢 Resolved
🔹 Disclosed: January 22, 2022, 5:09am (UTC)
Buffer Overflow in optimized_escape_html method
👉 https://hackerone.com/reports/1455248
🔹 Severity: Medium | 💰 1,200 USD
🔹 Reported To: Internet Bug Bounty
🔹 Reported By: #chamal
🔹 State: 🟢 Resolved
🔹 Disclosed: January 22, 2022, 2:03pm (UTC)
👉 https://hackerone.com/reports/1455248
🔹 Severity: Medium | 💰 1,200 USD
🔹 Reported To: Internet Bug Bounty
🔹 Reported By: #chamal
🔹 State: 🟢 Resolved
🔹 Disclosed: January 22, 2022, 2:03pm (UTC)
👍1
No length on password
👉 https://hackerone.com/reports/1411363
🔹 Severity: Medium | 💰 250 USD
🔹 Reported To: Imgur
🔹 Reported By: #blackfly_
🔹 State: 🟢 Resolved
🔹 Disclosed: January 24, 2022, 4:50am (UTC)
👉 https://hackerone.com/reports/1411363
🔹 Severity: Medium | 💰 250 USD
🔹 Reported To: Imgur
🔹 Reported By: #blackfly_
🔹 State: 🟢 Resolved
🔹 Disclosed: January 24, 2022, 4:50am (UTC)
Cross site noscripting via file upload in subdomain ads.tiktok.com
👉 https://hackerone.com/reports/1433125
🔹 Severity: Low | 💰 500 USD
🔹 Reported To: TikTok
🔹 Reported By: #blubluuu
🔹 State: 🟢 Resolved
🔹 Disclosed: January 25, 2022, 2:49am (UTC)
👉 https://hackerone.com/reports/1433125
🔹 Severity: Low | 💰 500 USD
🔹 Reported To: TikTok
🔹 Reported By: #blubluuu
🔹 State: 🟢 Resolved
🔹 Disclosed: January 25, 2022, 2:49am (UTC)
Subdomain Takeover
👉 https://hackerone.com/reports/1348504
🔹 Severity: Medium
🔹 Reported To: Mail.ru
🔹 Reported By: #official_dhivish
🔹 State: 🟢 Resolved
🔹 Disclosed: January 25, 2022, 8:25am (UTC)
👉 https://hackerone.com/reports/1348504
🔹 Severity: Medium
🔹 Reported To: Mail.ru
🔹 Reported By: #official_dhivish
🔹 State: 🟢 Resolved
🔹 Disclosed: January 25, 2022, 8:25am (UTC)
Able to steal private files by manipulating response using Compose Email function of Lark
👉 https://hackerone.com/reports/1373784
🔹 Severity: High | 💰 2,000 USD
🔹 Reported To: Lark Technologies
🔹 Reported By: #imran_nisar
🔹 State: 🟢 Resolved
🔹 Disclosed: January 25, 2022, 9:53pm (UTC)
👉 https://hackerone.com/reports/1373784
🔹 Severity: High | 💰 2,000 USD
🔹 Reported To: Lark Technologies
🔹 Reported By: #imran_nisar
🔹 State: 🟢 Resolved
🔹 Disclosed: January 25, 2022, 9:53pm (UTC)
Able to steal private files by manipulating response using Auto Reply function of Lark
👉 https://hackerone.com/reports/1387320
🔹 Severity: High | 💰 2,000 USD
🔹 Reported To: Lark Technologies
🔹 Reported By: #imran_nisar
🔹 State: 🟢 Resolved
🔹 Disclosed: January 25, 2022, 9:54pm (UTC)
👉 https://hackerone.com/reports/1387320
🔹 Severity: High | 💰 2,000 USD
🔹 Reported To: Lark Technologies
🔹 Reported By: #imran_nisar
🔹 State: 🟢 Resolved
🔹 Disclosed: January 25, 2022, 9:54pm (UTC)