Stored XSS through PDF viewer
👉 https://hackerone.com/reports/881557
🔹 Severity: High | 💰 4,875 USD
🔹 Reported To: Slack
🔹 Reported By: #hitman_47
🔹 State: 🟢 Resolved
🔹 Disclosed: March 16, 2022, 2:10pm (UTC)
👉 https://hackerone.com/reports/881557
🔹 Severity: High | 💰 4,875 USD
🔹 Reported To: Slack
🔹 Reported By: #hitman_47
🔹 State: 🟢 Resolved
🔹 Disclosed: March 16, 2022, 2:10pm (UTC)
🔥1
0-day Cross Origin Request Forgery vulnerability in Grafana 8.x .
👉 https://hackerone.com/reports/1458236
🔹 Severity: High | 💰 1,500 USD
🔹 Reported To: Aiven Ltd
🔹 Reported By: #abrahack
🔹 State: 🟢 Resolved
🔹 Disclosed: March 16, 2022, 2:16pm (UTC)
👉 https://hackerone.com/reports/1458236
🔹 Severity: High | 💰 1,500 USD
🔹 Reported To: Aiven Ltd
🔹 Reported By: #abrahack
🔹 State: 🟢 Resolved
🔹 Disclosed: March 16, 2022, 2:16pm (UTC)
👍2
Instance Page DOS within Organization on TikTok Ads
👉 https://hackerone.com/reports/1478930
🔹 Severity: Low | 💰 200 USD
🔹 Reported To: TikTok
🔹 Reported By: #arsene_lupin
🔹 State: 🟢 Resolved
🔹 Disclosed: March 17, 2022, 12:18am (UTC)
👉 https://hackerone.com/reports/1478930
🔹 Severity: Low | 💰 200 USD
🔹 Reported To: TikTok
🔹 Reported By: #arsene_lupin
🔹 State: 🟢 Resolved
🔹 Disclosed: March 17, 2022, 12:18am (UTC)
Theft of protected files on Android
👉 https://hackerone.com/reports/1454002
🔹 Severity: Low | 💰 50 USD
🔹 Reported To: ownCloud
🔹 Reported By: #n00b-cyborg
🔹 State: 🟢 Resolved
🔹 Disclosed: March 17, 2022, 8:42am (UTC)
👉 https://hackerone.com/reports/1454002
🔹 Severity: Low | 💰 50 USD
🔹 Reported To: ownCloud
🔹 Reported By: #n00b-cyborg
🔹 State: 🟢 Resolved
🔹 Disclosed: March 17, 2022, 8:42am (UTC)
Use of uninitialized value of in req_parsebody method of lua_request.c
👉 https://hackerone.com/reports/1514863
🔹 Severity: Medium | 💰 2,400 USD
🔹 Reported To: Internet Bug Bounty
🔹 Reported By: #chamal
🔹 State: 🟢 Resolved
🔹 Disclosed: March 17, 2022, 3:01pm (UTC)
👉 https://hackerone.com/reports/1514863
🔹 Severity: Medium | 💰 2,400 USD
🔹 Reported To: Internet Bug Bounty
🔹 Reported By: #chamal
🔹 State: 🟢 Resolved
🔹 Disclosed: March 17, 2022, 3:01pm (UTC)
👍1
IDOR at https://demo.sftool.gov/TwsHome/ScorecardManage/ via scorecard name
👉 https://hackerone.com/reports/1472721
🔹 Severity: High
🔹 Reported To: U.S. General Services Administration
🔹 Reported By: #hollaatm3
🔹 State: 🟢 Resolved
🔹 Disclosed: March 17, 2022, 4:23pm (UTC)
👉 https://hackerone.com/reports/1472721
🔹 Severity: High
🔹 Reported To: U.S. General Services Administration
🔹 Reported By: #hollaatm3
🔹 State: 🟢 Resolved
🔹 Disclosed: March 17, 2022, 4:23pm (UTC)
SSRF + RCE через fastCGI в POST /api/nr/video
👉 https://hackerone.com/reports/1354335
🔹 Severity: Critical | 💰 1,000 USD
🔹 Reported To: Mail.ru
🔹 Reported By: #mkhazov
🔹 State: 🟢 Resolved
🔹 Disclosed: March 18, 2022, 7:19am (UTC)
👉 https://hackerone.com/reports/1354335
🔹 Severity: Critical | 💰 1,000 USD
🔹 Reported To: Mail.ru
🔹 Reported By: #mkhazov
🔹 State: 🟢 Resolved
🔹 Disclosed: March 18, 2022, 7:19am (UTC)
👍1
OS command injection on seedr.ru
👉 https://hackerone.com/reports/1360208
🔹 Severity: High | 💰 1,000 USD
🔹 Reported To: Mail.ru
🔹 Reported By: #fallenskill
🔹 State: 🟢 Resolved
🔹 Disclosed: March 18, 2022, 7:49am (UTC)
👉 https://hackerone.com/reports/1360208
🔹 Severity: High | 💰 1,000 USD
🔹 Reported To: Mail.ru
🔹 Reported By: #fallenskill
🔹 State: 🟢 Resolved
🔹 Disclosed: March 18, 2022, 7:49am (UTC)
XSS Stored on https://seedr.ru
👉 https://hackerone.com/reports/1350671
🔹 Severity: Medium
🔹 Reported To: Mail.ru
🔹 Reported By: #fallenskill
🔹 State: 🟢 Resolved
🔹 Disclosed: March 18, 2022, 8:22am (UTC)
👉 https://hackerone.com/reports/1350671
🔹 Severity: Medium
🔹 Reported To: Mail.ru
🔹 Reported By: #fallenskill
🔹 State: 🟢 Resolved
🔹 Disclosed: March 18, 2022, 8:22am (UTC)
RCE в .api/nr/report/{id}/download
👉 https://hackerone.com/reports/1348154
🔹 Severity: Critical | 💰 1,000 USD
🔹 Reported To: Mail.ru
🔹 Reported By: #mkhazov
🔹 State: 🟢 Resolved
🔹 Disclosed: March 18, 2022, 9:03am (UTC)
👉 https://hackerone.com/reports/1348154
🔹 Severity: Critical | 💰 1,000 USD
🔹 Reported To: Mail.ru
🔹 Reported By: #mkhazov
🔹 State: 🟢 Resolved
🔹 Disclosed: March 18, 2022, 9:03am (UTC)
XSS because of Akamai ARL misconfiguration on ████
👉 https://hackerone.com/reports/1305477
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #pirneci
🔹 State: 🟢 Resolved
🔹 Disclosed: March 18, 2022, 6:57pm (UTC)
👉 https://hackerone.com/reports/1305477
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #pirneci
🔹 State: 🟢 Resolved
🔹 Disclosed: March 18, 2022, 6:57pm (UTC)
CVE-2021-42567 - Apereo CAS Reflected XSS on https://█████████
👉 https://hackerone.com/reports/1446236
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #3th1c_yuk1
🔹 State: 🟢 Resolved
🔹 Disclosed: March 18, 2022, 6:58pm (UTC)
👉 https://hackerone.com/reports/1446236
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #3th1c_yuk1
🔹 State: 🟢 Resolved
🔹 Disclosed: March 18, 2022, 6:58pm (UTC)
CSRF - Delete Account (Urgent)
👉 https://hackerone.com/reports/799855
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #ahmd_halabi
🔹 State: 🟢 Resolved
🔹 Disclosed: March 18, 2022, 6:59pm (UTC)
👉 https://hackerone.com/reports/799855
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #ahmd_halabi
🔹 State: 🟢 Resolved
🔹 Disclosed: March 18, 2022, 6:59pm (UTC)
IDOR - Delete Users Saved Projects
👉 https://hackerone.com/reports/800608
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #ahmd_halabi
🔹 State: 🟢 Resolved
🔹 Disclosed: March 18, 2022, 7:00pm (UTC)
👉 https://hackerone.com/reports/800608
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #ahmd_halabi
🔹 State: 🟢 Resolved
🔹 Disclosed: March 18, 2022, 7:00pm (UTC)
Reflected XSS - in Email Input
👉 https://hackerone.com/reports/799839
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #ahmd_halabi
🔹 State: 🟢 Resolved
🔹 Disclosed: March 18, 2022, 7:01pm (UTC)
👉 https://hackerone.com/reports/799839
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #ahmd_halabi
🔹 State: 🟢 Resolved
🔹 Disclosed: March 18, 2022, 7:01pm (UTC)
CSRF - Modify User Settings with one click - Account TakeOver
👉 https://hackerone.com/reports/799895
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #ahmd_halabi
🔹 State: 🟢 Resolved
🔹 Disclosed: March 18, 2022, 7:03pm (UTC)
👉 https://hackerone.com/reports/799895
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #ahmd_halabi
🔹 State: 🟢 Resolved
🔹 Disclosed: March 18, 2022, 7:03pm (UTC)
Arbitrary File Deletion (CVE-2020-3187) on ████████
👉 https://hackerone.com/reports/1455266
🔹 Severity: High
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #pirneci
🔹 State: 🟢 Resolved
🔹 Disclosed: March 18, 2022, 7:04pm (UTC)
👉 https://hackerone.com/reports/1455266
🔹 Severity: High
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #pirneci
🔹 State: 🟢 Resolved
🔹 Disclosed: March 18, 2022, 7:04pm (UTC)
CVE-2020-3452 on https://█████/
👉 https://hackerone.com/reports/1455257
🔹 Severity: High
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #pirneci
🔹 State: 🟢 Resolved
🔹 Disclosed: March 18, 2022, 7:05pm (UTC)
👉 https://hackerone.com/reports/1455257
🔹 Severity: High
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #pirneci
🔹 State: 🟢 Resolved
🔹 Disclosed: March 18, 2022, 7:05pm (UTC)
Military name,email,phone,address,certdata Disclosure
👉 https://hackerone.com/reports/1490133
🔹 Severity: Critical
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #unknownsh
🔹 State: 🟢 Resolved
🔹 Disclosed: March 18, 2022, 7:09pm (UTC)
👉 https://hackerone.com/reports/1490133
🔹 Severity: Critical
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #unknownsh
🔹 State: 🟢 Resolved
🔹 Disclosed: March 18, 2022, 7:09pm (UTC)
PIN 📌 BYPASS 🥷
👉 https://hackerone.com/reports/1257586
🔹 Severity: High | 💰 1,000 USD
🔹 Reported To: Yoti
🔹 Reported By: #ww1
🔹 State: 🟢 Resolved
🔹 Disclosed: March 18, 2022, 10:25pm (UTC)
👉 https://hackerone.com/reports/1257586
🔹 Severity: High | 💰 1,000 USD
🔹 Reported To: Yoti
🔹 Reported By: #ww1
🔹 State: 🟢 Resolved
🔹 Disclosed: March 18, 2022, 10:25pm (UTC)
🛑 Blocking bounty payments for Russian & Belarusian hackers 🇺🇸🇺🇦
👉 https://www.hackerone.com/sanctions-faq
👉 https://www.hackerone.com/sanctions-faq
🤬10👍7😢4👎1