Use of uninitialized value of in req_parsebody method of lua_request.c
👉 https://hackerone.com/reports/1514863
🔹 Severity: Medium | 💰 2,400 USD
🔹 Reported To: Internet Bug Bounty
🔹 Reported By: #chamal
🔹 State: 🟢 Resolved
🔹 Disclosed: March 17, 2022, 3:01pm (UTC)
👉 https://hackerone.com/reports/1514863
🔹 Severity: Medium | 💰 2,400 USD
🔹 Reported To: Internet Bug Bounty
🔹 Reported By: #chamal
🔹 State: 🟢 Resolved
🔹 Disclosed: March 17, 2022, 3:01pm (UTC)
👍1
IDOR at https://demo.sftool.gov/TwsHome/ScorecardManage/ via scorecard name
👉 https://hackerone.com/reports/1472721
🔹 Severity: High
🔹 Reported To: U.S. General Services Administration
🔹 Reported By: #hollaatm3
🔹 State: 🟢 Resolved
🔹 Disclosed: March 17, 2022, 4:23pm (UTC)
👉 https://hackerone.com/reports/1472721
🔹 Severity: High
🔹 Reported To: U.S. General Services Administration
🔹 Reported By: #hollaatm3
🔹 State: 🟢 Resolved
🔹 Disclosed: March 17, 2022, 4:23pm (UTC)
SSRF + RCE через fastCGI в POST /api/nr/video
👉 https://hackerone.com/reports/1354335
🔹 Severity: Critical | 💰 1,000 USD
🔹 Reported To: Mail.ru
🔹 Reported By: #mkhazov
🔹 State: 🟢 Resolved
🔹 Disclosed: March 18, 2022, 7:19am (UTC)
👉 https://hackerone.com/reports/1354335
🔹 Severity: Critical | 💰 1,000 USD
🔹 Reported To: Mail.ru
🔹 Reported By: #mkhazov
🔹 State: 🟢 Resolved
🔹 Disclosed: March 18, 2022, 7:19am (UTC)
👍1
OS command injection on seedr.ru
👉 https://hackerone.com/reports/1360208
🔹 Severity: High | 💰 1,000 USD
🔹 Reported To: Mail.ru
🔹 Reported By: #fallenskill
🔹 State: 🟢 Resolved
🔹 Disclosed: March 18, 2022, 7:49am (UTC)
👉 https://hackerone.com/reports/1360208
🔹 Severity: High | 💰 1,000 USD
🔹 Reported To: Mail.ru
🔹 Reported By: #fallenskill
🔹 State: 🟢 Resolved
🔹 Disclosed: March 18, 2022, 7:49am (UTC)
XSS Stored on https://seedr.ru
👉 https://hackerone.com/reports/1350671
🔹 Severity: Medium
🔹 Reported To: Mail.ru
🔹 Reported By: #fallenskill
🔹 State: 🟢 Resolved
🔹 Disclosed: March 18, 2022, 8:22am (UTC)
👉 https://hackerone.com/reports/1350671
🔹 Severity: Medium
🔹 Reported To: Mail.ru
🔹 Reported By: #fallenskill
🔹 State: 🟢 Resolved
🔹 Disclosed: March 18, 2022, 8:22am (UTC)
RCE в .api/nr/report/{id}/download
👉 https://hackerone.com/reports/1348154
🔹 Severity: Critical | 💰 1,000 USD
🔹 Reported To: Mail.ru
🔹 Reported By: #mkhazov
🔹 State: 🟢 Resolved
🔹 Disclosed: March 18, 2022, 9:03am (UTC)
👉 https://hackerone.com/reports/1348154
🔹 Severity: Critical | 💰 1,000 USD
🔹 Reported To: Mail.ru
🔹 Reported By: #mkhazov
🔹 State: 🟢 Resolved
🔹 Disclosed: March 18, 2022, 9:03am (UTC)
XSS because of Akamai ARL misconfiguration on ████
👉 https://hackerone.com/reports/1305477
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #pirneci
🔹 State: 🟢 Resolved
🔹 Disclosed: March 18, 2022, 6:57pm (UTC)
👉 https://hackerone.com/reports/1305477
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #pirneci
🔹 State: 🟢 Resolved
🔹 Disclosed: March 18, 2022, 6:57pm (UTC)
CVE-2021-42567 - Apereo CAS Reflected XSS on https://█████████
👉 https://hackerone.com/reports/1446236
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #3th1c_yuk1
🔹 State: 🟢 Resolved
🔹 Disclosed: March 18, 2022, 6:58pm (UTC)
👉 https://hackerone.com/reports/1446236
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #3th1c_yuk1
🔹 State: 🟢 Resolved
🔹 Disclosed: March 18, 2022, 6:58pm (UTC)
CSRF - Delete Account (Urgent)
👉 https://hackerone.com/reports/799855
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #ahmd_halabi
🔹 State: 🟢 Resolved
🔹 Disclosed: March 18, 2022, 6:59pm (UTC)
👉 https://hackerone.com/reports/799855
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #ahmd_halabi
🔹 State: 🟢 Resolved
🔹 Disclosed: March 18, 2022, 6:59pm (UTC)
IDOR - Delete Users Saved Projects
👉 https://hackerone.com/reports/800608
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #ahmd_halabi
🔹 State: 🟢 Resolved
🔹 Disclosed: March 18, 2022, 7:00pm (UTC)
👉 https://hackerone.com/reports/800608
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #ahmd_halabi
🔹 State: 🟢 Resolved
🔹 Disclosed: March 18, 2022, 7:00pm (UTC)
Reflected XSS - in Email Input
👉 https://hackerone.com/reports/799839
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #ahmd_halabi
🔹 State: 🟢 Resolved
🔹 Disclosed: March 18, 2022, 7:01pm (UTC)
👉 https://hackerone.com/reports/799839
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #ahmd_halabi
🔹 State: 🟢 Resolved
🔹 Disclosed: March 18, 2022, 7:01pm (UTC)
CSRF - Modify User Settings with one click - Account TakeOver
👉 https://hackerone.com/reports/799895
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #ahmd_halabi
🔹 State: 🟢 Resolved
🔹 Disclosed: March 18, 2022, 7:03pm (UTC)
👉 https://hackerone.com/reports/799895
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #ahmd_halabi
🔹 State: 🟢 Resolved
🔹 Disclosed: March 18, 2022, 7:03pm (UTC)
Arbitrary File Deletion (CVE-2020-3187) on ████████
👉 https://hackerone.com/reports/1455266
🔹 Severity: High
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #pirneci
🔹 State: 🟢 Resolved
🔹 Disclosed: March 18, 2022, 7:04pm (UTC)
👉 https://hackerone.com/reports/1455266
🔹 Severity: High
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #pirneci
🔹 State: 🟢 Resolved
🔹 Disclosed: March 18, 2022, 7:04pm (UTC)
CVE-2020-3452 on https://█████/
👉 https://hackerone.com/reports/1455257
🔹 Severity: High
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #pirneci
🔹 State: 🟢 Resolved
🔹 Disclosed: March 18, 2022, 7:05pm (UTC)
👉 https://hackerone.com/reports/1455257
🔹 Severity: High
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #pirneci
🔹 State: 🟢 Resolved
🔹 Disclosed: March 18, 2022, 7:05pm (UTC)
Military name,email,phone,address,certdata Disclosure
👉 https://hackerone.com/reports/1490133
🔹 Severity: Critical
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #unknownsh
🔹 State: 🟢 Resolved
🔹 Disclosed: March 18, 2022, 7:09pm (UTC)
👉 https://hackerone.com/reports/1490133
🔹 Severity: Critical
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #unknownsh
🔹 State: 🟢 Resolved
🔹 Disclosed: March 18, 2022, 7:09pm (UTC)
PIN 📌 BYPASS 🥷
👉 https://hackerone.com/reports/1257586
🔹 Severity: High | 💰 1,000 USD
🔹 Reported To: Yoti
🔹 Reported By: #ww1
🔹 State: 🟢 Resolved
🔹 Disclosed: March 18, 2022, 10:25pm (UTC)
👉 https://hackerone.com/reports/1257586
🔹 Severity: High | 💰 1,000 USD
🔹 Reported To: Yoti
🔹 Reported By: #ww1
🔹 State: 🟢 Resolved
🔹 Disclosed: March 18, 2022, 10:25pm (UTC)
🛑 Blocking bounty payments for Russian & Belarusian hackers 🇺🇸🇺🇦
👉 https://www.hackerone.com/sanctions-faq
👉 https://www.hackerone.com/sanctions-faq
🤬10👍7😢4👎1
Exposed .bash_history at http://21days2017.mtncameroon.net/.bash_history
👉 https://hackerone.com/reports/801437
🔹 Severity: Medium
🔹 Reported To: MTN Group
🔹 Reported By: #xlife
🔹 State: 🟢 Resolved
🔹 Disclosed: March 20, 2022, 5:31am (UTC)
👉 https://hackerone.com/reports/801437
🔹 Severity: Medium
🔹 Reported To: MTN Group
🔹 Reported By: #xlife
🔹 State: 🟢 Resolved
🔹 Disclosed: March 20, 2022, 5:31am (UTC)
Insecure crossdomain.xml on https://vdc.mtnonline.com/
👉 https://hackerone.com/reports/838817
🔹 Severity: High
🔹 Reported To: MTN Group
🔹 Reported By: #xlife
🔹 State: 🟢 Resolved
🔹 Disclosed: March 20, 2022, 5:31am (UTC)
👉 https://hackerone.com/reports/838817
🔹 Severity: High
🔹 Reported To: MTN Group
🔹 Reported By: #xlife
🔹 State: 🟢 Resolved
🔹 Disclosed: March 20, 2022, 5:31am (UTC)
RXSS
👉 https://hackerone.com/reports/1418413
🔹 Severity: Medium
🔹 Reported To: SecurityScorecard
🔹 Reported By: #ww1
🔹 State: 🟢 Resolved
🔹 Disclosed: March 20, 2022, 6:55am (UTC)
👉 https://hackerone.com/reports/1418413
🔹 Severity: Medium
🔹 Reported To: SecurityScorecard
🔹 Reported By: #ww1
🔹 State: 🟢 Resolved
🔹 Disclosed: March 20, 2022, 6:55am (UTC)
Get all personal email IDs of Glassdoor users[No user interaction required]
👉 https://hackerone.com/reports/864783
🔹 Severity: High | 💰 1,500 USD
🔹 Reported To: Glassdoor
🔹 Reported By: #safehacker_2715
🔹 State: 🟢 Resolved
🔹 Disclosed: March 21, 2022, 1:11pm (UTC)
👉 https://hackerone.com/reports/864783
🔹 Severity: High | 💰 1,500 USD
🔹 Reported To: Glassdoor
🔹 Reported By: #safehacker_2715
🔹 State: 🟢 Resolved
🔹 Disclosed: March 21, 2022, 1:11pm (UTC)