NEW BOT Телеграм, страница

Bugpoint

Reflected XSS at https://█████████ via "███" parameter

👉 https://hackerone.com/reports/1457277

🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #pelegn
🔹 State: 🟢 Resolved
🔹 Disclosed: February 14, 2022, 9:22pm (UTC)

216 views21:24

Bugpoint

XSS trigger via HTML Iframe injection in ( https://██████████ ) due to unfiltered HTML tags

👉 https://hackerone.com/reports/1200770

🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #rozerx00
🔹 State: 🟢 Resolved
🔹 Disclosed: February 14, 2022, 9:23pm (UTC)

215 views21:26

Bugpoint

EC2 subdomain takeover at http://████████/

👉 https://hackerone.com/reports/1296366

🔹 Severity: Critical
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #dreyand72
🔹 State: 🟢 Resolved
🔹 Disclosed: February 14, 2022, 9:24pm (UTC)

225 views21:26

Bugpoint

CUI Labelled document out in the open

👉 https://hackerone.com/reports/1436460

🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #pll25
🔹 State: 🟢 Resolved
🔹 Disclosed: February 14, 2022, 9:26pm (UTC)

240 views21:28

Bugpoint

IDOR

👉 https://hackerone.com/reports/389250

🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #websecnl
🔹 State: 🟢 Resolved
🔹 Disclosed: February 14, 2022, 9:27pm (UTC)

252 views21:30

Bugpoint

Broken Authentication

👉 https://hackerone.com/reports/409237

🔹 Severity: High
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #websecnl
🔹 State: 🟢 Resolved
🔹 Disclosed: February 14, 2022, 9:29pm (UTC)

280 views21:32

Bugpoint

Arbitrary File Read at ███ via filename parameter

👉 https://hackerone.com/reports/1436223

🔹 Severity: Critical
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #shiar
🔹 State: 🟢 Resolved
🔹 Disclosed: February 14, 2022, 9:35pm (UTC)

301 views21:38

Bugpoint

Ability to Disable the Login Attempt of any Shopify Owner for 24 hrs (Zero_Click)

👉 https://hackerone.com/reports/1406495

🔹 Severity: Low | 💰 900 USD
🔹 Reported To: Shopify
🔹 Reported By: #saurabhsankhwar3
🔹 State: 🟢 Resolved
🔹 Disclosed: February 15, 2022, 6:20am (UTC)

355 views06:22

Bugpoint

When sharing a Deck card in conversation the metaData can be manipulated to open arbitrary URL

👉 https://hackerone.com/reports/1358977

🔹 Severity: Medium | 💰 100 USD
🔹 Reported To: Nextcloud
🔹 Reported By: #ctulhu
🔹 State: 🟢 Resolved
🔹 Disclosed: February 15, 2022, 7:09am (UTC)

385 views07:12

Bugpoint

Cross-origin resource sharing

👉 https://hackerone.com/reports/1478449

🔹 Severity: No Rating | 💰 50 USD
🔹 Reported To: Showmax
🔹 Reported By: #qualin
🔹 State: 🟢 Resolved
🔹 Disclosed: February 15, 2022, 10:37am (UTC)

406 views10:40

Bugpoint

XSS payload from an active vulnerability. What was bypassed with it? ⤵️

javanoscript:a=document;alert('\@example.com/|'+a.domain);

Anonymous Poll

21%

Text input URL validation

23%

WAF

56%

Text input URL validation + WAF

🔥5👍3

104 voters464 views16:26

Bugpoint

Broken Authentication Session Token Bug

👉 https://hackerone.com/reports/948345

🔹 Severity: Medium
🔹 Reported To: Courier
🔹 Reported By: #the_hacker_girl
🔹 State: 🟢 Resolved
🔹 Disclosed: February 16, 2022, 11:43pm (UTC)

416 views23:46

Bugpoint

Missing SPF record on trycourier.app

👉 https://hackerone.com/reports/1416701

🔹 Severity: Medium
🔹 Reported To: Courier
🔹 Reported By: #musab_alharany
🔹 State: ⚪️ Informative
🔹 Disclosed: February 17, 2022, 6:36am (UTC)

432 views06:38

Bugpoint

Subdomain Takeover of brand.zen.ly

👉 https://hackerone.com/reports/1474784

🔹 Severity: Medium | 💰 750 USD
🔹 Reported To: Zenly
🔹 Reported By: #mega7
🔹 State: 🟢 Resolved
🔹 Disclosed: February 17, 2022, 10:09am (UTC)

👍1

448 views10:12

Bugpoint

Уязвимость в приложении для Android

👉 https://hackerone.com/reports/1343528

🔹 Severity: High | 💰 3,000 USD
🔹 Reported To: VK.com
🔹 Reported By: #executor
🔹 State: 🟢 Resolved
🔹 Disclosed: February 18, 2022, 7:09pm (UTC)

👏3

412 views19:12

Bugpoint

Self XSS in Create New Workspace Screen

👉 https://hackerone.com/reports/1442017

🔹 Severity: Low | 💰 50 USD
🔹 Reported To: Mattermost
🔹 Reported By: #rynexxx
🔹 State: 🟢 Resolved
🔹 Disclosed: February 20, 2022, 9:08am (UTC)

390 views09:10

Bugpoint

███ Page has a link to a google drive which has access to not only logos but also customer phone recordings

👉 https://hackerone.com/reports/864712

🔹 Severity: Medium | 💰 200 USD
🔹 Reported To: Zomato
🔹 Reported By: #codersanjay
🔹 State: 🟢 Resolved
🔹 Disclosed: February 21, 2022, 8:15am (UTC)

👍1

359 views08:18

Bugpoint

Remote memory disclosure vulnerability in libcurl on 64 Bit Windows

👉 https://hackerone.com/reports/1444539

🔹 Severity: High
🔹 Reported To: curl
🔹 Reported By: #nsq11
🔹 State: ⚪️ Informative
🔹 Disclosed: February 21, 2022, 9:15am (UTC)

363 views09:18

Bugpoint

De-anonymize anonymous tips through the Tumblr blog network

👉 https://hackerone.com/reports/1484168

🔹 Severity: Medium | 💰 450 USD
🔹 Reported To: Automattic
🔹 Reported By: #ajoekerr
🔹 State: 🟢 Resolved
🔹 Disclosed: February 21, 2022, 2:58pm (UTC)

359 views15:00

Bugpoint

████ api key exposed in github.com/███/███

👉 https://hackerone.com/reports/1454965

🔹 Severity: High
🔹 Reported To: 8x8
🔹 Reported By: #adnanmalikinfo
🔹 State: 🟢 Resolved
🔹 Disclosed: February 22, 2022, 7:19am (UTC)

😢2💩1

361 views07:22

Bugpoint

Claiming the listing of a non-delivery restaurant through OTP manipulation

👉 https://hackerone.com/reports/1330529

🔹 Severity: Critical | 💰 3,250 USD
🔹 Reported To: Zomato
🔹 Reported By: #ashoka_rao
🔹 State: 🟢 Resolved
🔹 Disclosed: February 22, 2022, 8:51am (UTC)

🔥2🥰1

361 views08:54

About

Blog

Apps

Platform