Bugpoint – Telegram
Bugpoint
@bugpoint
1.06K subscribers
3.73K photos
3.73K links
Latest updates about disclosure bug bounty reports: tech details, impacts, bounties 📣

Rate👇
https://cutt.ly/bugpoint_rate
Feedback👇
https://cutt.ly/bugpoint_feedback

#️⃣ bug bounty disclosed reports
#️⃣ bug bounty write-ups
#️⃣ bug bounty teleg
Download Telegram
About
Blog
Apps
Platform
Join
Bugpoint
1.06K subscribers
Bugpoint
lfi in filePathDownload parameter via ███████

👉 https://hackerone.com/reports/1542734

🔹 Severity: High
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #exploitmsf
🔹 State: 🟢 Resolved
🔹 Disclosed: April 29, 2022, 2:04pm (UTC)
270 views
Bugpoint
Reflected XSS [███]

👉 https://hackerone.com/reports/1309237

🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #fdeleite
🔹 State: 🟢 Resolved
🔹 Disclosed: April 29, 2022, 2:05pm (UTC)
283 views
Bugpoint
Reflected XSS [██████]

👉 https://hackerone.com/reports/1309385

🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #fdeleite
🔹 State: 🟢 Resolved
🔹 Disclosed: April 29, 2022, 2:06pm (UTC)
303 views
Bugpoint
Hardcoded AWS credentials in ███████.msi

👉 https://hackerone.com/reports/1368690

🔹 Severity: Critical
🔹 Reported To: 8x8
🔹 Reported By: #chip_sec
🔹 State: 🟢 Resolved
🔹 Disclosed: April 29, 2022, 5:01pm (UTC)
315 views
Bugpoint
Reflected XSS due to vulnerable version of sockjs

👉 https://hackerone.com/reports/1100326

🔹 Severity: Medium | 💰 250 USD
🔹 Reported To: Automattic
🔹 Reported By: #chip_sec
🔹 State: 🟢 Resolved
🔹 Disclosed: April 29, 2022, 5:38pm (UTC)
342 views
Bugpoint
com.nextcloud.client bypass the protection lock in andoid app v 3.18.1 latest version.

👉 https://hackerone.com/reports/1450368

🔹 Severity: Low | 💰 200 USD
🔹 Reported To: Nextcloud
🔹 Reported By: #dashingjaved
🔹 State: 🟢 Resolved
🔹 Disclosed: April 30, 2022, 11:56am (UTC)
348 views
Bugpoint
Enumerate class codes via yahoo dork - Can access any course under teacher - Sensitive information leaked

👉 https://hackerone.com/reports/1514356

🔹 Severity: High
🔹 Reported To: Khan Academy
🔹 Reported By: #bughunterpol
🔹 State: 🟢 Resolved
🔹 Disclosed: May 1, 2022, 6:05pm (UTC)
333 views
Bugpoint
XSS at videostore.mtnonline.com/GL/*.aspx via all parameters

👉 https://hackerone.com/reports/1244731

🔹 Severity: Medium
🔹 Reported To: MTN Group
🔹 Reported By: #homosec
🔹 State: 🟢 Resolved
🔹 Disclosed: May 1, 2022, 9:20pm (UTC)
331 views
Bugpoint
XSS at http://nextapps.mtnonline.com/search/suggest/q/{xss payload}

👉 https://hackerone.com/reports/1244722

🔹 Severity: Medium
🔹 Reported To: MTN Group
🔹 Reported By: #homosec
🔹 State: 🟢 Resolved
🔹 Disclosed: May 1, 2022, 9:20pm (UTC)
355 views
Bugpoint
Self-DoS due to template injection via email field in password reset form on access.acronis.com

👉 https://hackerone.com/reports/1265344

🔹 Severity: No Rating
🔹 Reported To: Acronis
🔹 Reported By: #sudo_bash
🔹 State: ⚪️ Informative
🔹 Disclosed: May 3, 2022, 6:41am (UTC)
343 views
Bugpoint
Blind XSS via Feedback form.

👉 https://hackerone.com/reports/1339034

🔹 Severity: High | 💰 1,250 USD
🔹 Reported To: Judge.me
🔹 Reported By: #b3hlull
🔹 State: 🟢 Resolved
🔹 Disclosed: May 3, 2022, 9:36am (UTC)
356 views
Bugpoint
URL Scheme misconfiguration on TikTok for IOS

👉 https://hackerone.com/reports/1437294

🔹 Severity: Low | 💰 500 USD
🔹 Reported To: TikTok
🔹 Reported By: #glassplant
🔹 State: 🟢 Resolved
🔹 Disclosed: May 4, 2022, 10:17pm (UTC)
342 views
Bugpoint
One Click Account Hijacking via Unvalidated Deeplink

👉 https://hackerone.com/reports/1500614

🔹 Severity: High | 💰 10,000 USD
🔹 Reported To: TikTok
🔹 Reported By: #fr4via
🔹 State: 🟢 Resolved
🔹 Disclosed: May 4, 2022, 10:23pm (UTC)
👍4
362 views
Bugpoint
Clickjacking Vulnerability Can Leads To Delete Developer APP

👉 https://hackerone.com/reports/1416612

🔹 Severity: Low | 💰 500 USD
🔹 Reported To: TikTok
🔹 Reported By: #rioncool22
🔹 State: 🟢 Resolved
🔹 Disclosed: May 4, 2022, 10:25pm (UTC)
404 views
Bugpoint
Github Account Takeover which is used as gradle vcs in "github.com/palantir/gradle-launch-config-plugin"

👉 https://hackerone.com/reports/1525578

🔹 Severity: Low | 💰 250 USD
🔹 Reported To: Palantir Public
🔹 Reported By: #codermak
🔹 State: 🟢 Resolved
🔹 Disclosed: May 5, 2022, 1:54pm (UTC)
383 views
Bugpoint
Able to bypass email verification and change email to any other user email

👉 https://hackerone.com/reports/1551176

🔹 Severity: High | 💰 5,000 USD
🔹 Reported To: Reddit
🔹 Reported By: #bisesh
🔹 State: 🟢 Resolved
🔹 Disclosed: May 6, 2022, 4:50pm (UTC)
👍3👏2
377 views
Bugpoint
SQL injection in URL path processing on www.ibm.com

👉 https://hackerone.com/reports/1527284

🔹 Severity: Critical
🔹 Reported To: IBM
🔹 Reported By: #asterite
🔹 State: 🟢 Resolved
🔹 Disclosed: May 6, 2022, 6:37pm (UTC)
🔥1
394 views
Bugpoint
Multiple IDORs in family pairing api

👉 https://hackerone.com/reports/1286332

🔹 Severity: High | 💰 7,500 USD
🔹 Reported To: TikTok
🔹 Reported By: #s3c
🔹 State: 🟢 Resolved
🔹 Disclosed: May 6, 2022, 9:18pm (UTC)
🔥2👍1
406 views
Bugpoint
Reflected xss in https://sh.reddit.com

👉 https://hackerone.com/reports/1549206

🔹 Severity: High | 💰 5,000 USD
🔹 Reported To: Reddit
🔹 Reported By: #abhiramsita
🔹 State: 🟢 Resolved
🔹 Disclosed: May 8, 2022, 7:36am (UTC)
🔥5👍2
380 views
Bugpoint
Slowvote and Countdown can cause Denial of Service due to recursive inclusion

👉 https://hackerone.com/reports/1563142

🔹 Severity: No Rating
🔹 Reported To: Phabricator
🔹 Reported By: #dyls
🔹 State: 🟢 Resolved
🔹 Disclosed: May 9, 2022, 6:37pm (UTC)
354 views
Bugpoint
Global default settings page is accessible to non-administrators

👉 https://hackerone.com/reports/1563139

🔹 Severity: No Rating | 💰 300 USD
🔹 Reported To: Phabricator
🔹 Reported By: #dyls
🔹 State: 🟢 Resolved
🔹 Disclosed: May 9, 2022, 10:25pm (UTC)
338 views