Bugpoint – Telegram
Bugpoint
@bugpoint
1.06K subscribers
3.73K photos
3.73K links
Latest updates about disclosure bug bounty reports: tech details, impacts, bounties 📣

Rate👇
https://cutt.ly/bugpoint_rate
Feedback👇
https://cutt.ly/bugpoint_feedback

#️⃣ bug bounty disclosed reports
#️⃣ bug bounty write-ups
#️⃣ bug bounty teleg
Download Telegram
About
Blog
Apps
Platform
Join
Bugpoint
1.06K subscribers
Bugpoint
XSS on https://██████/███ via █████ parameter

👉 https://hackerone.com/reports/1252059

🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #homosec
🔹 State: 🟢 Resolved
🔹 Disclosed: April 7, 2022, 7:56pm (UTC)
221 views
Bugpoint
XSS on https://███████/██████████ parameter

👉 https://hackerone.com/reports/1252229

🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #homosec
🔹 State: 🟢 Resolved
🔹 Disclosed: April 7, 2022, 7:57pm (UTC)
223 views
Bugpoint
XSS on https://████████/████' parameter

👉 https://hackerone.com/reports/1252020

🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #homosec
🔹 State: 🟢 Resolved
🔹 Disclosed: April 7, 2022, 7:57pm (UTC)
228 views
Bugpoint
SQL Injection in █████

👉 https://hackerone.com/reports/1489744

🔹 Severity: Critical
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #lubak
🔹 State: 🟢 Resolved
🔹 Disclosed: April 7, 2022, 7:59pm (UTC)
218 views
Bugpoint
Cross-site Scripting (XSS) - Reflected at https://██████████/

👉 https://hackerone.com/reports/1370746

🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #mamunwhh
🔹 State: 🟢 Resolved
🔹 Disclosed: April 7, 2022, 8:00pm (UTC)
221 views
Bugpoint
Authorization bypass -> IDOR -> PII Leakage

👉 https://hackerone.com/reports/1489470

🔹 Severity: High
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #lubak
🔹 State: 🟢 Resolved
🔹 Disclosed: April 7, 2022, 8:02pm (UTC)
223 views
Bugpoint
Broken access control, can lead to legitimate user data loss

👉 https://hackerone.com/reports/1493007

🔹 Severity: High
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #lubak
🔹 State: 🟢 Resolved
🔹 Disclosed: April 7, 2022, 8:03pm (UTC)
219 views
Bugpoint
username and password leaked via pptx for █████████ website

👉 https://hackerone.com/reports/1512199

🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #ibrahimatix_
🔹 State: 🟢 Resolved
🔹 Disclosed: April 7, 2022, 8:04pm (UTC)
228 views
Bugpoint
[CVE-2020-3452] on ███████

👉 https://hackerone.com/reports/1234925

🔹 Severity: High
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #splint3rsec
🔹 State: 🟢 Resolved
🔹 Disclosed: April 7, 2022, 8:06pm (UTC)
237 views
Bugpoint
[www.█████] Path-based reflected Cross Site Scripting

👉 https://hackerone.com/reports/1159371

🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #geeknik
🔹 State: 🟢 Resolved
🔹 Disclosed: April 7, 2022, 8:08pm (UTC)
257 views
Bugpoint
Reflected XSS on [█████████]

👉 https://hackerone.com/reports/1267380

🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #saajanbhujel
🔹 State: 🟢 Resolved
🔹 Disclosed: April 7, 2022, 8:09pm (UTC)
284 views
Bugpoint
Chain of IDORs Between U4B and Vouchers APIs Allows Attackers to View and Modify Program/Voucher Policies and to Obtain Organization Employees' PII

👉 https://hackerone.com/reports/1148697

🔹 Severity: High | 💰 10,250 USD
🔹 Reported To: Uber
🔹 Reported By: #hunt4p1zza
🔹 State: 🟢 Resolved
🔹 Disclosed: April 7, 2022, 8:49pm (UTC)
👍2🔥1
309 views
Bugpoint
Exposed Golang Pprof debugger at https://cn-geo1.uber.com/

👉 https://hackerone.com/reports/1385906

🔹 Severity: Low | 💰 500 USD
🔹 Reported To: Uber
🔹 Reported By: #boobalan123
🔹 State: 🟢 Resolved
🔹 Disclosed: April 7, 2022, 8:52pm (UTC)
👍1
347 views
Bugpoint
Host Header Injection leads to Open Redirect and Content Spoofing or Text Injection.

👉 https://hackerone.com/reports/1444675

🔹 Severity: Medium | 💰 300 USD
🔹 Reported To: Omise
🔹 Reported By: #oblivionlight
🔹 State: 🟢 Resolved
🔹 Disclosed: April 9, 2022, 6:45am (UTC)
332 views
Bugpoint
Found Origin IP's Lead To Access To kraden.com

👉 https://hackerone.com/reports/1531183

🔹 Severity: No Rating | 💰 100 USD
🔹 Reported To: Kraden
🔹 Reported By: #4bhin8v
🔹 State: 🟢 Resolved
🔹 Disclosed: April 9, 2022, 10:04am (UTC)
327 views
Bugpoint
Folder architecture and Filesizes of private file drop shares can be getten

👉 https://hackerone.com/reports/1337422

🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Nextcloud
🔹 Reported By: #shakierbellows
🔹 State: 🟢 Resolved
🔹 Disclosed: April 9, 2022, 1:08pm (UTC)
339 views
Bugpoint
HTML injection through Invite Teammate email

👉 https://hackerone.com/reports/1482057

🔹 Severity: Low
🔹 Reported To: SecurityScorecard
🔹 Reported By: #cryptoknight028
🔹 State: 🟢 Resolved
🔹 Disclosed: April 9, 2022, 5:25pm (UTC)
341 views
Bugpoint
Insecure Storage of Sensitive Information on lonestarcell.com server

👉 https://hackerone.com/reports/1482830

🔹 Severity: Critical
🔹 Reported To: MTN Group
🔹 Reported By: #muhnad
🔹 State: 🟢 Resolved
🔹 Disclosed: April 9, 2022, 6:58pm (UTC)
366 views
Bugpoint
[Python]: Add Server-side Request Forgery sinks

👉 https://hackerone.com/reports/1538144

🔹 Severity: Medium
🔹 Reported To: GitHub Security Lab
🔹 Reported By: #not_specified
🔹 State: 🟢 Resolved
🔹 Disclosed: April 11, 2022, 11:52pm (UTC)
353 views
Bugpoint
RCE via WikiCloth markdown rendering if the `rubyluabridge` gem is installed

👉 https://hackerone.com/reports/1401444

🔹 Severity: No Rating | 💰 3,000 USD
🔹 Reported To: GitLab
🔹 Reported By: #vakzz
🔹 State: 🟢 Resolved
🔹 Disclosed: April 12, 2022, 10:10am (UTC)
🔥3
360 views
Bugpoint
Regular Expression Denial of Service vulnerability

👉 https://hackerone.com/reports/1538157

🔹 Severity: Medium
🔹 Reported To: Reddit
🔹 Reported By: #dingleberryfarts
🔹 State: ⚪️ Informative
🔹 Disclosed: April 12, 2022, 1:24pm (UTC)
353 views