[Bypass] Ability to invite a new member in sandbox Organization
👉 https://hackerone.com/reports/1486417
🔹 Severity: Medium | 💰 2,500 USD
🔹 Reported To: HackerOne
🔹 Reported By: #0619
🔹 State: 🟢 Resolved
🔹 Disclosed: April 14, 2022, 5:11pm (UTC)
👉 https://hackerone.com/reports/1486417
🔹 Severity: Medium | 💰 2,500 USD
🔹 Reported To: HackerOne
🔹 Reported By: #0619
🔹 State: 🟢 Resolved
🔹 Disclosed: April 14, 2022, 5:11pm (UTC)
Read and write beyond bounds in mod_sed
👉 https://hackerone.com/reports/1511619
🔹 Severity: High | 💰 4,000 USD
🔹 Reported To: Internet Bug Bounty
🔹 Reported By: #tdp3kel9g
🔹 State: 🟢 Resolved
🔹 Disclosed: April 14, 2022, 6:07pm (UTC)
👉 https://hackerone.com/reports/1511619
🔹 Severity: High | 💰 4,000 USD
🔹 Reported To: Internet Bug Bounty
🔹 Reported By: #tdp3kel9g
🔹 State: 🟢 Resolved
🔹 Disclosed: April 14, 2022, 6:07pm (UTC)
Account takeover leading to PII chained with stored XSS
👉 https://hackerone.com/reports/1483201
🔹 Severity: High
🔹 Reported To: U.S. General Services Administration
🔹 Reported By: #hollaatm3
🔹 State: 🟢 Resolved
🔹 Disclosed: April 16, 2022, 8:20am (UTC)
👉 https://hackerone.com/reports/1483201
🔹 Severity: High
🔹 Reported To: U.S. General Services Administration
🔹 Reported By: #hollaatm3
🔹 State: 🟢 Resolved
🔹 Disclosed: April 16, 2022, 8:20am (UTC)
[https://shipit-sox-staging.shopifycloud.com] Presence of multiple vulnerabilities present in Ruby On Rails
👉 https://hackerone.com/reports/1400309
🔹 Severity: No Rating | 💰 500 USD
🔹 Reported To: Shopify
🔹 Reported By: #beastglatisant
🔹 State: 🟢 Resolved
🔹 Disclosed: April 16, 2022, 5:19pm (UTC)
👉 https://hackerone.com/reports/1400309
🔹 Severity: No Rating | 💰 500 USD
🔹 Reported To: Shopify
🔹 Reported By: #beastglatisant
🔹 State: 🟢 Resolved
🔹 Disclosed: April 16, 2022, 5:19pm (UTC)
SSRF restricted to HTTP/HTML on LINE Social Plugins (https://social-plugins.line.me/)
👉 https://hackerone.com/reports/860939
🔹 Severity: Medium | 💰 1,350 USD
🔹 Reported To: LINE
🔹 Reported By: #duahaubadao
🔹 State: 🟢 Resolved
🔹 Disclosed: April 18, 2022, 6:08am (UTC)
👉 https://hackerone.com/reports/860939
🔹 Severity: Medium | 💰 1,350 USD
🔹 Reported To: LINE
🔹 Reported By: #duahaubadao
🔹 State: 🟢 Resolved
🔹 Disclosed: April 18, 2022, 6:08am (UTC)
👍1
Use of unreleased features in programming education service (https://entry.line.me)
👉 https://hackerone.com/reports/975428
🔹 Severity: Medium | 💰 100 USD
🔹 Reported To: LINE
🔹 Reported By: #tosun
🔹 State: 🟢 Resolved
🔹 Disclosed: April 18, 2022, 6:11am (UTC)
👉 https://hackerone.com/reports/975428
🔹 Severity: Medium | 💰 100 USD
🔹 Reported To: LINE
🔹 Reported By: #tosun
🔹 State: 🟢 Resolved
🔹 Disclosed: April 18, 2022, 6:11am (UTC)
Deleting someone else's profile image with a GraphQL query in programming education service (https://entry.line.me)
👉 https://hackerone.com/reports/952095
🔹 Severity: Medium | 💰 600 USD
🔹 Reported To: LINE
🔹 Reported By: #tosun
🔹 State: 🟢 Resolved
🔹 Disclosed: April 18, 2022, 6:13am (UTC)
👉 https://hackerone.com/reports/952095
🔹 Severity: Medium | 💰 600 USD
🔹 Reported To: LINE
🔹 Reported By: #tosun
🔹 State: 🟢 Resolved
🔹 Disclosed: April 18, 2022, 6:13am (UTC)
SSRF occurrence in website preview used by LINE Official Account Manager (https://manager.line.biz)
👉 https://hackerone.com/reports/1131608
🔹 Severity: Low | 💰 100 USD
🔹 Reported To: LINE
🔹 Reported By: #jafarakhondali
🔹 State: 🟢 Resolved
🔹 Disclosed: April 18, 2022, 6:15am (UTC)
👉 https://hackerone.com/reports/1131608
🔹 Severity: Low | 💰 100 USD
🔹 Reported To: LINE
🔹 Reported By: #jafarakhondali
🔹 State: 🟢 Resolved
🔹 Disclosed: April 18, 2022, 6:15am (UTC)
Archive Any Scope of a Program
👉 https://hackerone.com/reports/1501611
🔹 Severity: High | 💰 12,500 USD
🔹 Reported To: HackerOne
🔹 Reported By: #ahacker1
🔹 State: 🟢 Resolved
🔹 Disclosed: April 18, 2022, 6:22pm (UTC)
👉 https://hackerone.com/reports/1501611
🔹 Severity: High | 💰 12,500 USD
🔹 Reported To: HackerOne
🔹 Reported By: #ahacker1
🔹 State: 🟢 Resolved
🔹 Disclosed: April 18, 2022, 6:22pm (UTC)
👍2
xss on [developers.mtn.com]
👉 https://hackerone.com/reports/924851
🔹 Severity: Medium
🔹 Reported To: MTN Group
🔹 Reported By: #pisarenko
🔹 State: 🟢 Resolved
🔹 Disclosed: April 19, 2022, 7:58am (UTC)
👉 https://hackerone.com/reports/924851
🔹 Severity: Medium
🔹 Reported To: MTN Group
🔹 Reported By: #pisarenko
🔹 State: 🟢 Resolved
🔹 Disclosed: April 19, 2022, 7:58am (UTC)
Invitation Email is resent as a Reminder after invalidating pending email invites
👉 https://hackerone.com/reports/1486820
🔹 Severity: Low | 💰 150 USD
🔹 Reported To: Mattermost
🔹 Reported By: #mr_anksec
🔹 State: 🟢 Resolved
🔹 Disclosed: April 19, 2022, 11:37am (UTC)
👉 https://hackerone.com/reports/1486820
🔹 Severity: Low | 💰 150 USD
🔹 Reported To: Mattermost
🔹 Reported By: #mr_anksec
🔹 State: 🟢 Resolved
🔹 Disclosed: April 19, 2022, 11:37am (UTC)
Reflected XSS in the shared note view on https://evernote.com
👉 https://hackerone.com/reports/1518343
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Evernote
🔹 Reported By: #sarka
🔹 State: 🟢 Resolved
🔹 Disclosed: April 20, 2022, 7:37pm (UTC)
👉 https://hackerone.com/reports/1518343
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Evernote
🔹 Reported By: #sarka
🔹 State: 🟢 Resolved
🔹 Disclosed: April 20, 2022, 7:37pm (UTC)
CORS Misconfiguration
👉 https://hackerone.com/reports/1530581
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #shirshak
🔹 State: 🟢 Resolved
🔹 Disclosed: April 20, 2022, 8:15pm (UTC)
👉 https://hackerone.com/reports/1530581
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #shirshak
🔹 State: 🟢 Resolved
🔹 Disclosed: April 20, 2022, 8:15pm (UTC)
███ vulnerable to CVE-2022-22954
👉 https://hackerone.com/reports/1537694
🔹 Severity: Critical
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #null_bytes
🔹 State: 🟢 Resolved
🔹 Disclosed: April 20, 2022, 8:16pm (UTC)
👉 https://hackerone.com/reports/1537694
🔹 Severity: Critical
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #null_bytes
🔹 State: 🟢 Resolved
🔹 Disclosed: April 20, 2022, 8:16pm (UTC)
👍1
Full account takeover in ███████ due lack of rate limiting in forgot password
👉 https://hackerone.com/reports/1059758
🔹 Severity: High
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #takester
🔹 State: 🟢 Resolved
🔹 Disclosed: April 20, 2022, 8:17pm (UTC)
👉 https://hackerone.com/reports/1059758
🔹 Severity: High
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #takester
🔹 State: 🟢 Resolved
🔹 Disclosed: April 20, 2022, 8:17pm (UTC)
Open Akamai ARL XSS at ████████
👉 https://hackerone.com/reports/1317024
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #whoisbinit
🔹 State: 🟢 Resolved
🔹 Disclosed: April 20, 2022, 8:18pm (UTC)
👉 https://hackerone.com/reports/1317024
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #whoisbinit
🔹 State: 🟢 Resolved
🔹 Disclosed: April 20, 2022, 8:18pm (UTC)
Timing difference exposes existence of accounts
👉 https://hackerone.com/reports/1391636
🔹 Severity: Low
🔹 Reported To: Zivver
🔹 Reported By: #martinvw
🔹 State: 🟢 Resolved
🔹 Disclosed: April 21, 2022, 10:41am (UTC)
👉 https://hackerone.com/reports/1391636
🔹 Severity: Low
🔹 Reported To: Zivver
🔹 Reported By: #martinvw
🔹 State: 🟢 Resolved
🔹 Disclosed: April 21, 2022, 10:41am (UTC)
curl proceeds with unsafe connections when -K file can't be read
👉 https://hackerone.com/reports/1542881
🔹 Severity: High
🔹 Reported To: curl
🔹 Reported By: #medianmedianstride
🔹 State: ⚪️ Informative
🔹 Disclosed: April 21, 2022, 3:38pm (UTC)
👉 https://hackerone.com/reports/1542881
🔹 Severity: High
🔹 Reported To: curl
🔹 Reported By: #medianmedianstride
🔹 State: ⚪️ Informative
🔹 Disclosed: April 21, 2022, 3:38pm (UTC)
👍1
Same the Url
👉 https://hackerone.com/reports/1459338
🔹 Severity: No Rating | 💰 500 USD
🔹 Reported To: Shopify
🔹 Reported By: #4bel
🔹 State: 🟢 Resolved
🔹 Disclosed: April 21, 2022, 6:54pm (UTC)
👉 https://hackerone.com/reports/1459338
🔹 Severity: No Rating | 💰 500 USD
🔹 Reported To: Shopify
🔹 Reported By: #4bel
🔹 State: 🟢 Resolved
🔹 Disclosed: April 21, 2022, 6:54pm (UTC)
[h1-2102] Improper Access Control at https://shopify.plus/[id]/users/api in operation UpdateOrganizationUserRole
👉 https://hackerone.com/reports/1084638
🔹 Severity: Medium | 💰 950 USD
🔹 Reported To: Shopify
🔹 Reported By: #ramsexy
🔹 State: 🟢 Resolved
🔹 Disclosed: April 21, 2022, 7:06pm (UTC)
👉 https://hackerone.com/reports/1084638
🔹 Severity: Medium | 💰 950 USD
🔹 Reported To: Shopify
🔹 Reported By: #ramsexy
🔹 State: 🟢 Resolved
🔹 Disclosed: April 21, 2022, 7:06pm (UTC)
User with no Develop apps permission can Uninstall Custom App
👉 https://hackerone.com/reports/1466855
🔹 Severity: Low | 💰 600 USD
🔹 Reported To: Shopify
🔹 Reported By: #ayyoub
🔹 State: 🟢 Resolved
🔹 Disclosed: April 21, 2022, 8:33pm (UTC)
👉 https://hackerone.com/reports/1466855
🔹 Severity: Low | 💰 600 USD
🔹 Reported To: Shopify
🔹 Reported By: #ayyoub
🔹 State: 🟢 Resolved
🔹 Disclosed: April 21, 2022, 8:33pm (UTC)