CPP: Add query for CWE-377 Insecure Temporary File
👉 https://hackerone.com/reports/1515139
🔹 Severity: Low | 💰 1,000 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #ihsinme
🔹 State: 🟢 Resolved
🔹 Disclosed: March 30, 2022, 8:29pm (UTC)
👉 https://hackerone.com/reports/1515139
🔹 Severity: Low | 💰 1,000 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #ihsinme
🔹 State: 🟢 Resolved
🔹 Disclosed: March 30, 2022, 8:29pm (UTC)
[Python]: CWE-611: XXE
👉 https://hackerone.com/reports/1512937
🔹 Severity: Medium | 💰 1,800 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #jorgectf
🔹 State: 🟢 Resolved
🔹 Disclosed: March 30, 2022, 8:29pm (UTC)
👉 https://hackerone.com/reports/1512937
🔹 Severity: Medium | 💰 1,800 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #jorgectf
🔹 State: 🟢 Resolved
🔹 Disclosed: March 30, 2022, 8:29pm (UTC)
[Java]: Add JDBC connection SSRF sinks
👉 https://hackerone.com/reports/1512936
🔹 Severity: Medium | 💰 1,800 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #p0wn4j
🔹 State: 🟢 Resolved
🔹 Disclosed: March 30, 2022, 8:29pm (UTC)
👉 https://hackerone.com/reports/1512936
🔹 Severity: Medium | 💰 1,800 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #p0wn4j
🔹 State: 🟢 Resolved
🔹 Disclosed: March 30, 2022, 8:29pm (UTC)
[Java]: Timing attacks while comparing the headers value
👉 https://hackerone.com/reports/1496268
🔹 Severity: Low | 💰 1,000 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #farid_hunter
🔹 State: 🟢 Resolved
🔹 Disclosed: March 30, 2022, 8:29pm (UTC)
👉 https://hackerone.com/reports/1496268
🔹 Severity: Low | 💰 1,000 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #farid_hunter
🔹 State: 🟢 Resolved
🔹 Disclosed: March 30, 2022, 8:29pm (UTC)
Python: CWE-338 insecureRandomness
👉 https://hackerone.com/reports/1490400
🔹 Severity: Medium | 💰 1,800 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #museljh
🔹 State: 🟢 Resolved
🔹 Disclosed: March 30, 2022, 8:30pm (UTC)
👉 https://hackerone.com/reports/1490400
🔹 Severity: Medium | 💰 1,800 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #museljh
🔹 State: 🟢 Resolved
🔹 Disclosed: March 30, 2022, 8:30pm (UTC)
Java : Add query to detect Server Side Template Injection (SSTI)
👉 https://hackerone.com/reports/1490372
🔹 Severity: Medium | 💰 1,800 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #porcupineyhairs
🔹 State: 🟢 Resolved
🔹 Disclosed: March 30, 2022, 8:30pm (UTC)
👉 https://hackerone.com/reports/1490372
🔹 Severity: Medium | 💰 1,800 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #porcupineyhairs
🔹 State: 🟢 Resolved
🔹 Disclosed: March 30, 2022, 8:30pm (UTC)
[C#] CWE-759: Query to detect password hash without a salt
👉 https://hackerone.com/reports/1484086
🔹 Severity: Medium | 💰 1,800 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #luchua
🔹 State: 🟢 Resolved
🔹 Disclosed: March 30, 2022, 8:30pm (UTC)
👉 https://hackerone.com/reports/1484086
🔹 Severity: Medium | 💰 1,800 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #luchua
🔹 State: 🟢 Resolved
🔹 Disclosed: March 30, 2022, 8:30pm (UTC)
CPP: Add query for CWE-266 Incorrect Privilege Assignment
👉 https://hackerone.com/reports/1483919
🔹 Severity: Medium | 💰 1,800 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #ihsinme
🔹 State: 🟢 Resolved
🔹 Disclosed: March 30, 2022, 8:31pm (UTC)
👉 https://hackerone.com/reports/1483919
🔹 Severity: Medium | 💰 1,800 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #ihsinme
🔹 State: 🟢 Resolved
🔹 Disclosed: March 30, 2022, 8:31pm (UTC)
[Java]: CWE-073 - File path injection with the JFinal framework
👉 https://hackerone.com/reports/1483918
🔹 Severity: Medium | 💰 1,800 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #luchua
🔹 State: 🟢 Resolved
🔹 Disclosed: March 30, 2022, 8:31pm (UTC)
👉 https://hackerone.com/reports/1483918
🔹 Severity: Medium | 💰 1,800 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #luchua
🔹 State: 🟢 Resolved
🔹 Disclosed: March 30, 2022, 8:31pm (UTC)
Java: An experimental query for ignored hostname verification
👉 https://hackerone.com/reports/1481247
🔹 Severity: Medium | 💰 1,800 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #artem
🔹 State: 🟢 Resolved
🔹 Disclosed: March 30, 2022, 8:31pm (UTC)
👉 https://hackerone.com/reports/1481247
🔹 Severity: Medium | 💰 1,800 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #artem
🔹 State: 🟢 Resolved
🔹 Disclosed: March 30, 2022, 8:31pm (UTC)
[Python]: Add shutil module sinks for path injection query
👉 https://hackerone.com/reports/1471622
🔹 Severity: Low | 💰 1,000 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #jessforfun
🔹 State: 🟢 Resolved
🔹 Disclosed: March 30, 2022, 8:31pm (UTC)
👉 https://hackerone.com/reports/1471622
🔹 Severity: Low | 💰 1,000 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #jessforfun
🔹 State: 🟢 Resolved
🔹 Disclosed: March 30, 2022, 8:31pm (UTC)
ihsinme: CPP Add a query to find incorrectly used exceptions.
👉 https://hackerone.com/reports/1455531
🔹 Severity: Low | 💰 1,000 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #ihsinme
🔹 State: 🟢 Resolved
🔹 Disclosed: March 30, 2022, 8:32pm (UTC)
👉 https://hackerone.com/reports/1455531
🔹 Severity: Low | 💰 1,000 USD
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #ihsinme
🔹 State: 🟢 Resolved
🔹 Disclosed: March 30, 2022, 8:32pm (UTC)
Stored XSS in Question edit for product name (bypass #1416672)
👉 https://hackerone.com/reports/1428207
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Judge.me
🔹 Reported By: #glister
🔹 State: 🟢 Resolved
🔹 Disclosed: March 31, 2022, 2:01pm (UTC)
👉 https://hackerone.com/reports/1428207
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Judge.me
🔹 Reported By: #glister
🔹 State: 🟢 Resolved
🔹 Disclosed: March 31, 2022, 2:01pm (UTC)
stored XSS on AliExpress Review Importer/Products when delete product
👉 https://hackerone.com/reports/1425882
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Judge.me
🔹 Reported By: #glister
🔹 State: 🟢 Resolved
🔹 Disclosed: March 31, 2022, 2:01pm (UTC)
👉 https://hackerone.com/reports/1425882
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Judge.me
🔹 Reported By: #glister
🔹 State: 🟢 Resolved
🔹 Disclosed: March 31, 2022, 2:01pm (UTC)
Stored XSS in Question edit from product name
👉 https://hackerone.com/reports/1416672
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Judge.me
🔹 Reported By: #glister
🔹 State: 🟢 Resolved
🔹 Disclosed: March 31, 2022, 2:02pm (UTC)
👉 https://hackerone.com/reports/1416672
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Judge.me
🔹 Reported By: #glister
🔹 State: 🟢 Resolved
🔹 Disclosed: March 31, 2022, 2:02pm (UTC)
IDOR: leak buyer info & Publish/Hide foreign comments
👉 https://hackerone.com/reports/1410498
🔹 Severity: High | 💰 1,250 USD
🔹 Reported To: Judge.me
🔹 Reported By: #glister
🔹 State: 🟢 Resolved
🔹 Disclosed: March 31, 2022, 2:04pm (UTC)
👉 https://hackerone.com/reports/1410498
🔹 Severity: High | 💰 1,250 USD
🔹 Reported To: Judge.me
🔹 Reported By: #glister
🔹 State: 🟢 Resolved
🔹 Disclosed: March 31, 2022, 2:04pm (UTC)
👍2
Stored XSS in merge request creation page through payload in approval rule name
👉 https://hackerone.com/reports/1342009
🔹 Severity: High | 💰 3,000 USD
🔹 Reported To: GitLab
🔹 Reported By: #joaxcar
🔹 State: 🟢 Resolved
🔹 Disclosed: March 31, 2022, 7:24pm (UTC)
👉 https://hackerone.com/reports/1342009
🔹 Severity: High | 💰 3,000 USD
🔹 Reported To: GitLab
🔹 Reported By: #joaxcar
🔹 State: 🟢 Resolved
🔹 Disclosed: March 31, 2022, 7:24pm (UTC)
Information Leakage via TikTok Ads Web Cache Deception
👉 https://hackerone.com/reports/1484468
🔹 Severity: Low | 💰 200 USD
🔹 Reported To: TikTok
🔹 Reported By: #arifmkhls
🔹 State: 🟢 Resolved
🔹 Disclosed: March 31, 2022, 10:16pm (UTC)
👉 https://hackerone.com/reports/1484468
🔹 Severity: Low | 💰 200 USD
🔹 Reported To: TikTok
🔹 Reported By: #arifmkhls
🔹 State: 🟢 Resolved
🔹 Disclosed: March 31, 2022, 10:16pm (UTC)
CVE-2022-24288: Apache Airflow: TWO RCEs in example DAGs
👉 https://hackerone.com/reports/1492896
🔹 Severity: High | 💰 4,000 USD
🔹 Reported To: Internet Bug Bounty
🔹 Reported By: #happyhacking123
🔹 State: 🟢 Resolved
🔹 Disclosed: April 1, 2022, 2:40pm (UTC)
👉 https://hackerone.com/reports/1492896
🔹 Severity: High | 💰 4,000 USD
🔹 Reported To: Internet Bug Bounty
🔹 Reported By: #happyhacking123
🔹 State: 🟢 Resolved
🔹 Disclosed: April 1, 2022, 2:40pm (UTC)
Subdomain Takeover on proxies.sifchain.finance pointing to vercel
👉 https://hackerone.com/reports/1487793
🔹 Severity: High | 💰 100 USD
🔹 Reported To: Sifchain
🔹 Reported By: #hrdfrdh
🔹 State: ⚪️ Informative
🔹 Disclosed: April 1, 2022, 3:25pm (UTC)
👉 https://hackerone.com/reports/1487793
🔹 Severity: High | 💰 100 USD
🔹 Reported To: Sifchain
🔹 Reported By: #hrdfrdh
🔹 State: ⚪️ Informative
🔹 Disclosed: April 1, 2022, 3:25pm (UTC)
Workspace configuration metadata disclosure
👉 https://hackerone.com/reports/864489
🔹 Severity: High | 💰 3,500 USD
🔹 Reported To: Slack
🔹 Reported By: #kadusantiago
🔹 State: 🟢 Resolved
🔹 Disclosed: April 1, 2022, 7:44pm (UTC)
👉 https://hackerone.com/reports/864489
🔹 Severity: High | 💰 3,500 USD
🔹 Reported To: Slack
🔹 Reported By: #kadusantiago
🔹 State: 🟢 Resolved
🔹 Disclosed: April 1, 2022, 7:44pm (UTC)