xss reflected on imgur.com
👉 https://hackerone.com/reports/1058427
🔹 Severity: No Rating | 💰 100 USD
🔹 Reported To: Imgur
🔹 Reported By: #whoami991
🔹 State: 🟢 Resolved
🔹 Disclosed: January 22, 2022, 5:09am (UTC)
👉 https://hackerone.com/reports/1058427
🔹 Severity: No Rating | 💰 100 USD
🔹 Reported To: Imgur
🔹 Reported By: #whoami991
🔹 State: 🟢 Resolved
🔹 Disclosed: January 22, 2022, 5:09am (UTC)
Buffer Overflow in optimized_escape_html method
👉 https://hackerone.com/reports/1455248
🔹 Severity: Medium | 💰 1,200 USD
🔹 Reported To: Internet Bug Bounty
🔹 Reported By: #chamal
🔹 State: 🟢 Resolved
🔹 Disclosed: January 22, 2022, 2:03pm (UTC)
👉 https://hackerone.com/reports/1455248
🔹 Severity: Medium | 💰 1,200 USD
🔹 Reported To: Internet Bug Bounty
🔹 Reported By: #chamal
🔹 State: 🟢 Resolved
🔹 Disclosed: January 22, 2022, 2:03pm (UTC)
👍1
No length on password
👉 https://hackerone.com/reports/1411363
🔹 Severity: Medium | 💰 250 USD
🔹 Reported To: Imgur
🔹 Reported By: #blackfly_
🔹 State: 🟢 Resolved
🔹 Disclosed: January 24, 2022, 4:50am (UTC)
👉 https://hackerone.com/reports/1411363
🔹 Severity: Medium | 💰 250 USD
🔹 Reported To: Imgur
🔹 Reported By: #blackfly_
🔹 State: 🟢 Resolved
🔹 Disclosed: January 24, 2022, 4:50am (UTC)
Cross site noscripting via file upload in subdomain ads.tiktok.com
👉 https://hackerone.com/reports/1433125
🔹 Severity: Low | 💰 500 USD
🔹 Reported To: TikTok
🔹 Reported By: #blubluuu
🔹 State: 🟢 Resolved
🔹 Disclosed: January 25, 2022, 2:49am (UTC)
👉 https://hackerone.com/reports/1433125
🔹 Severity: Low | 💰 500 USD
🔹 Reported To: TikTok
🔹 Reported By: #blubluuu
🔹 State: 🟢 Resolved
🔹 Disclosed: January 25, 2022, 2:49am (UTC)
Subdomain Takeover
👉 https://hackerone.com/reports/1348504
🔹 Severity: Medium
🔹 Reported To: Mail.ru
🔹 Reported By: #official_dhivish
🔹 State: 🟢 Resolved
🔹 Disclosed: January 25, 2022, 8:25am (UTC)
👉 https://hackerone.com/reports/1348504
🔹 Severity: Medium
🔹 Reported To: Mail.ru
🔹 Reported By: #official_dhivish
🔹 State: 🟢 Resolved
🔹 Disclosed: January 25, 2022, 8:25am (UTC)
Able to steal private files by manipulating response using Compose Email function of Lark
👉 https://hackerone.com/reports/1373784
🔹 Severity: High | 💰 2,000 USD
🔹 Reported To: Lark Technologies
🔹 Reported By: #imran_nisar
🔹 State: 🟢 Resolved
🔹 Disclosed: January 25, 2022, 9:53pm (UTC)
👉 https://hackerone.com/reports/1373784
🔹 Severity: High | 💰 2,000 USD
🔹 Reported To: Lark Technologies
🔹 Reported By: #imran_nisar
🔹 State: 🟢 Resolved
🔹 Disclosed: January 25, 2022, 9:53pm (UTC)
Able to steal private files by manipulating response using Auto Reply function of Lark
👉 https://hackerone.com/reports/1387320
🔹 Severity: High | 💰 2,000 USD
🔹 Reported To: Lark Technologies
🔹 Reported By: #imran_nisar
🔹 State: 🟢 Resolved
🔹 Disclosed: January 25, 2022, 9:54pm (UTC)
👉 https://hackerone.com/reports/1387320
🔹 Severity: High | 💰 2,000 USD
🔹 Reported To: Lark Technologies
🔹 Reported By: #imran_nisar
🔹 State: 🟢 Resolved
🔹 Disclosed: January 25, 2022, 9:54pm (UTC)
Specific Payload makes a Users Posts unavailable
👉 https://hackerone.com/reports/1176794
🔹 Severity: Medium | 💰 100 USD
🔹 Reported To: FetLife
🔹 Reported By: #castilho
🔹 State: 🟢 Resolved
🔹 Disclosed: January 26, 2022, 4:10am (UTC)
👉 https://hackerone.com/reports/1176794
🔹 Severity: Medium | 💰 100 USD
🔹 Reported To: FetLife
🔹 Reported By: #castilho
🔹 State: 🟢 Resolved
🔹 Disclosed: January 26, 2022, 4:10am (UTC)
subdomain takeover on fddkim.zomato.com
👉 https://hackerone.com/reports/1130376
🔹 Severity: Medium | 💰 350 USD
🔹 Reported To: Zomato
🔹 Reported By: #mosec9
🔹 State: 🟢 Resolved
🔹 Disclosed: January 27, 2022, 5:44am (UTC)
👉 https://hackerone.com/reports/1130376
🔹 Severity: Medium | 💰 350 USD
🔹 Reported To: Zomato
🔹 Reported By: #mosec9
🔹 State: 🟢 Resolved
🔹 Disclosed: January 27, 2022, 5:44am (UTC)
🤩2
Improper access control for users with expired password, giving the user full access through API and Git
👉 https://hackerone.com/reports/1285226
🔹 Severity: Medium | 💰 950 USD
🔹 Reported To: GitLab
🔹 Reported By: #joaxcar
🔹 State: 🟢 Resolved
🔹 Disclosed: January 27, 2022, 8:22am (UTC)
👉 https://hackerone.com/reports/1285226
🔹 Severity: Medium | 💰 950 USD
🔹 Reported To: GitLab
🔹 Reported By: #joaxcar
🔹 State: 🟢 Resolved
🔹 Disclosed: January 27, 2022, 8:22am (UTC)
🔥1😱1
Full read SSRF via Lark Docs `import as docs` feature
👉 https://hackerone.com/reports/1409727
🔹 Severity: Critical | 💰 5,000 USD
🔹 Reported To: Lark Technologies
🔹 Reported By: #sirleeroyjenkins
🔹 State: 🟢 Resolved
🔹 Disclosed: January 28, 2022, 1:51am (UTC)
👉 https://hackerone.com/reports/1409727
🔹 Severity: Critical | 💰 5,000 USD
🔹 Reported To: Lark Technologies
🔹 Reported By: #sirleeroyjenkins
🔹 State: 🟢 Resolved
🔹 Disclosed: January 28, 2022, 1:51am (UTC)
🎉5
XSS via X-Forwarded-Host header
👉 https://hackerone.com/reports/1392935
🔹 Severity: Medium | 💰 200 USD
🔹 Reported To: Omise
🔹 Reported By: #oblivionlight
🔹 State: 🟢 Resolved
🔹 Disclosed: January 29, 2022, 1:18pm (UTC)
👉 https://hackerone.com/reports/1392935
🔹 Severity: Medium | 💰 200 USD
🔹 Reported To: Omise
🔹 Reported By: #oblivionlight
🔹 State: 🟢 Resolved
🔹 Disclosed: January 29, 2022, 1:18pm (UTC)
Misconfiguration in build environment allows DLL preloading attack
👉 https://hackerone.com/reports/896338
🔹 Severity: Low
🔹 Reported To: Monero
🔹 Reported By: #nim4
🔹 State: 🟢 Resolved
🔹 Disclosed: January 29, 2022, 5:08pm (UTC)
👉 https://hackerone.com/reports/896338
🔹 Severity: Low
🔹 Reported To: Monero
🔹 Reported By: #nim4
🔹 State: 🟢 Resolved
🔹 Disclosed: January 29, 2022, 5:08pm (UTC)
👍1
No character limit in password field
👉 https://hackerone.com/reports/1462175
🔹 Severity: Medium
🔹 Reported To: UPchieve
🔹 Reported By: #tomyway
🔹 State: 🔴 N/A
🔹 Disclosed: January 30, 2022, 11:35am (UTC)
👉 https://hackerone.com/reports/1462175
🔹 Severity: Medium
🔹 Reported To: UPchieve
🔹 Reported By: #tomyway
🔹 State: 🔴 N/A
🔹 Disclosed: January 30, 2022, 11:35am (UTC)
Critical full compromise of jarvis-new.urbanclap.com via weak session signing
👉 https://hackerone.com/reports/1380121
🔹 Severity: Critical | 💰 1,500 USD
🔹 Reported To: Urban Company
🔹 Reported By: #ian
🔹 State: 🟢 Resolved
🔹 Disclosed: January 30, 2022, 8:03pm (UTC)
👉 https://hackerone.com/reports/1380121
🔹 Severity: Critical | 💰 1,500 USD
🔹 Reported To: Urban Company
🔹 Reported By: #ian
🔹 State: 🟢 Resolved
🔹 Disclosed: January 30, 2022, 8:03pm (UTC)
👍2
Reflected Xss On https://vk.com/search
👉 https://hackerone.com/reports/1454359
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: VK.com
🔹 Reported By: #b4walid
🔹 State: 🟢 Resolved
🔹 Disclosed: February 1, 2022, 1:09pm (UTC)
👉 https://hackerone.com/reports/1454359
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: VK.com
🔹 Reported By: #b4walid
🔹 State: 🟢 Resolved
🔹 Disclosed: February 1, 2022, 1:09pm (UTC)
Full Response SSRF via Google Drive
👉 https://hackerone.com/reports/1406938
🔹 Severity: Critical | 💰 17,576 USD
🔹 Reported To: Dropbox
🔹 Reported By: #bugdiscloseguys
🔹 State: 🟢 Resolved
🔹 Disclosed: February 1, 2022, 2:53pm (UTC)
👉 https://hackerone.com/reports/1406938
🔹 Severity: Critical | 💰 17,576 USD
🔹 Reported To: Dropbox
🔹 Reported By: #bugdiscloseguys
🔹 State: 🟢 Resolved
🔹 Disclosed: February 1, 2022, 2:53pm (UTC)
🔥5😱3
Saving Christmas from Grinchy Gods
👉 https://hackerone.com/reports/1434017
🔹 Severity: Critical | 💰 1,000 USD
🔹 Reported To: h1-ctf
🔹 Reported By: #akshansh
🔹 State: 🟢 Resolved
🔹 Disclosed: February 1, 2022, 5:42pm (UTC)
👉 https://hackerone.com/reports/1434017
🔹 Severity: Critical | 💰 1,000 USD
🔹 Reported To: h1-ctf
🔹 Reported By: #akshansh
🔹 State: 🟢 Resolved
🔹 Disclosed: February 1, 2022, 5:42pm (UTC)
The Return of the Grinch
👉 https://hackerone.com/reports/1433581
🔹 Severity: Critical | 💰 1,000 USD
🔹 Reported To: h1-ctf
🔹 Reported By: #w31rd0
🔹 State: 🟢 Resolved
🔹 Disclosed: February 1, 2022, 5:44pm (UTC)
👉 https://hackerone.com/reports/1433581
🔹 Severity: Critical | 💰 1,000 USD
🔹 Reported To: h1-ctf
🔹 Reported By: #w31rd0
🔹 State: 🟢 Resolved
🔹 Disclosed: February 1, 2022, 5:44pm (UTC)
Information disclosure-Referer leak
👉 https://hackerone.com/reports/1337624
🔹 Severity: High | 💰 500 USD
🔹 Reported To: Brave Software
🔹 Reported By: #kkarfalcon
🔹 State: 🟢 Resolved
🔹 Disclosed: February 1, 2022, 7:32pm (UTC)
👉 https://hackerone.com/reports/1337624
🔹 Severity: High | 💰 500 USD
🔹 Reported To: Brave Software
🔹 Reported By: #kkarfalcon
🔹 State: 🟢 Resolved
🔹 Disclosed: February 1, 2022, 7:32pm (UTC)
SQL injection at /admin.php?/cp/members/create
👉 https://hackerone.com/reports/968240
🔹 Severity: Medium
🔹 Reported To: ExpressionEngine
🔹 Reported By: #khoabda1
🔹 State: 🟢 Resolved
🔹 Disclosed: February 1, 2022, 9:12pm (UTC)
👉 https://hackerone.com/reports/968240
🔹 Severity: Medium
🔹 Reported To: ExpressionEngine
🔹 Reported By: #khoabda1
🔹 State: 🟢 Resolved
🔹 Disclosed: February 1, 2022, 9:12pm (UTC)