Bugpoint – Telegram
Bugpoint
@bugpoint
1.06K subscribers
3.73K photos
3.73K links
Latest updates about disclosure bug bounty reports: tech details, impacts, bounties 📣

Rate👇
https://cutt.ly/bugpoint_rate
Feedback👇
https://cutt.ly/bugpoint_feedback

#️⃣ bug bounty disclosed reports
#️⃣ bug bounty write-ups
#️⃣ bug bounty teleg
Download Telegram
About
Blog
Apps
Platform
Join
Bugpoint
1.06K subscribers
Bugpoint
Arbitrary File Deletion via Path Traversal in image-edit.php

👉 https://hackerone.com/reports/1081878

🔹 Severity: Medium
🔹 Reported To: ImpressCMS
🔹 Reported By: #egix
🔹 State: 🟢 Resolved
🔹 Disclosed: March 22, 2022, 10:56pm (UTC)
284 views
Bugpoint
Incorrect Authorization Checks in /include/findusers.php

👉 https://hackerone.com/reports/1081137

🔹 Severity: Medium
🔹 Reported To: ImpressCMS
🔹 Reported By: #egix
🔹 State: 🟢 Resolved
🔹 Disclosed: March 22, 2022, 10:57pm (UTC)
303 views
Bugpoint
XSS Reflected at https://sketch.pixiv.net/ Via `next_url`

👉 https://hackerone.com/reports/1503601

🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: pixiv
🔹 Reported By: #aidilarf_2000
🔹 State: 🟢 Resolved
🔹 Disclosed: March 23, 2022, 1:19am (UTC)
336 views
Bugpoint
Bypassing domain deny_list rule in Smokescreen via trailing dot leads to SSRF

👉 https://hackerone.com/reports/1410214

🔹 Severity: Low | 💰 1,500 USD
🔹 Reported To: Stripe
🔹 Reported By: #gregxsunday
🔹 State: 🟢 Resolved
🔹 Disclosed: March 23, 2022, 3:43pm (UTC)
🔥1
324 views
Bugpoint
Improper Authentication via previous backup code login

👉 https://hackerone.com/reports/1485788

🔹 Severity: Medium | 💰 250 USD
🔹 Reported To: Basecamp
🔹 Reported By: #fuzzsqlb0f
🔹 State: 🟢 Resolved
🔹 Disclosed: March 24, 2022, 2:45am (UTC)
320 views
Bugpoint
Time-of-check to time-of-use vulnerability in the std::fs::remove_dir_all() function of the Rust standard library

👉 https://hackerone.com/reports/1520931

🔹 Severity: High | 💰 4,000 USD
🔹 Reported To: Internet Bug Bounty
🔹 Reported By: #hkratz
🔹 State: 🟢 Resolved
🔹 Disclosed: March 24, 2022, 6:09pm (UTC)
🔥2
315 views
Bugpoint
Impersonation of tiktok account via Broken Link in TikTok Newsroom

👉 https://hackerone.com/reports/1504294

🔹 Severity: No Rating
🔹 Reported To: TikTok
🔹 Reported By: #bushidobrown200
🔹 State: 🟢 Resolved
🔹 Disclosed: March 24, 2022, 10:37pm (UTC)
305 views
Bugpoint
Broken link hijacking in https://kubernetes-csi.github.io/docs/drivers.html?highlight=chubaofs#production-drivers

👉 https://hackerone.com/reports/1466889

🔹 Severity: Low | 💰 100 USD
🔹 Reported To: Kubernetes
🔹 Reported By: #0xlegendkiller
🔹 State: 🟢 Resolved
🔹 Disclosed: March 25, 2022, 6:49am (UTC)
328 views
Bugpoint
Business Logic Flaw in the subnoscription of the app

👉 https://hackerone.com/reports/1505189

🔹 Severity: Low | 💰 250 USD
🔹 Reported To: Dragon
🔹 Reported By: #engr-naseem1
🔹 State: 🟢 Resolved
🔹 Disclosed: March 25, 2022, 8:21am (UTC)
340 views
Bugpoint
F5 BIG-IP TMUI RCE - CVE-2020-5902 (██.packet8.net)

👉 https://hackerone.com/reports/1519841

🔹 Severity: Critical
🔹 Reported To: 8x8
🔹 Reported By: #remonsec
🔹 State: 🟢 Resolved
🔹 Disclosed: March 25, 2022, 11:11am (UTC)
👍1
333 views
Bugpoint
Misconfigured Rate Limit at app.sign.plus/forgot_password

👉 https://hackerone.com/reports/1472394

🔹 Severity: Low
🔹 Reported To: Alohi
🔹 Reported By: #shamim_12__
🔹 State: 🟢 Resolved
🔹 Disclosed: March 25, 2022, 3:05pm (UTC)
319 views
Bugpoint
No Rate Limiting for Password Reset Email Leads to Email Flooding

👉 https://hackerone.com/reports/1340650

🔹 Severity: Medium
🔹 Reported To: UPchieve
🔹 Reported By: #bd10ceb041a5297f881137c
🔹 State: 🔴 N/A
🔹 Disclosed: March 26, 2022, 5:58pm (UTC)
284 views
Bugpoint
Clickjacking login page of https://hackers.upchieve.org/login

👉 https://hackerone.com/reports/1331485

🔹 Severity: Medium
🔹 Reported To: UPchieve
🔹 Reported By: #sara346
🔹 State: 🔴 N/A
🔹 Disclosed: March 26, 2022, 5:58pm (UTC)
268 views
Bugpoint
No rate Limit on Password Reset page on upchieve

👉 https://hackerone.com/reports/1320138

🔹 Severity: Medium
🔹 Reported To: UPchieve
🔹 Reported By: #rupachandransangothi
🔹 State: 🔴 N/A
🔹 Disclosed: March 26, 2022, 5:58pm (UTC)
238 views
Bugpoint
Outdated Copyright Message @ Welcome email

👉 https://hackerone.com/reports/1354444

🔹 Severity: No Rating
🔹 Reported To: UPchieve
🔹 Reported By: #ww1
🔹 State: 🔴 N/A
🔹 Disclosed: March 26, 2022, 5:59pm (UTC)
234 views
Bugpoint
Password Reuse

👉 https://hackerone.com/reports/1354382

🔹 Severity: Medium
🔹 Reported To: UPchieve
🔹 Reported By: #ww1
🔹 State: 🔴 N/A
🔹 Disclosed: March 26, 2022, 5:59pm (UTC)
232 views
Bugpoint
Missing Validation in editing "Your Phone Number"

👉 https://hackerone.com/reports/1354368

🔹 Severity: Medium
🔹 Reported To: UPchieve
🔹 Reported By: #ww1
🔹 State: 🔴 N/A
🔹 Disclosed: March 26, 2022, 5:59pm (UTC)
241 views
Bugpoint
Password reset token leakage

👉 https://hackerone.com/reports/1354437

🔹 Severity: High
🔹 Reported To: UPchieve
🔹 Reported By: #ww1
🔹 State: 🟤 Duplicate
🔹 Disclosed: March 26, 2022, 5:59pm (UTC)
255 views
Bugpoint
No Rate Limit on forgot password page

👉 https://hackerone.com/reports/1317494

🔹 Severity: Medium
🔹 Reported To: UPchieve
🔹 Reported By: #pranto_0
🔹 State: 🔴 N/A
🔹 Disclosed: March 26, 2022, 6:00pm (UTC)
298 views
Bugpoint
OTP reflecting in response sensitive data exposure leads to account take over

👉 https://hackerone.com/reports/1318087

🔹 Severity: Critical
🔹 Reported To: UPchieve
🔹 Reported By: #rupachandransangothi
🔹 State: 🔴 N/A
🔹 Disclosed: March 26, 2022, 6:00pm (UTC)
327 views
Bugpoint
Able to steal bearer token from deep link

👉 https://hackerone.com/reports/1372667

🔹 Severity: High | 💰 6,337 USD
🔹 Reported To: Basecamp
🔹 Reported By: #danielllewellyn
🔹 State: 🟢 Resolved
🔹 Disclosed: March 27, 2022, 6:33pm (UTC)
👍3🔥2
324 views