Bugpoint – Telegram
Bugpoint
@bugpoint
1.06K subscribers
3.73K photos
3.73K links
Latest updates about disclosure bug bounty reports: tech details, impacts, bounties 📣

Rate👇
https://cutt.ly/bugpoint_rate
Feedback👇
https://cutt.ly/bugpoint_feedback

#️⃣ bug bounty disclosed reports
#️⃣ bug bounty write-ups
#️⃣ bug bounty teleg
Download Telegram
About
Blog
Apps
Platform
Join
Bugpoint
1.06K subscribers
Bugpoint
Enumerate class codes via yahoo dork - Can access any course under teacher - Sensitive information leaked

👉 https://hackerone.com/reports/1514356

🔹 Severity: High
🔹 Reported To: Khan Academy
🔹 Reported By: #bughunterpol
🔹 State: 🟢 Resolved
🔹 Disclosed: May 1, 2022, 6:05pm (UTC)
333 views
Bugpoint
XSS at videostore.mtnonline.com/GL/*.aspx via all parameters

👉 https://hackerone.com/reports/1244731

🔹 Severity: Medium
🔹 Reported To: MTN Group
🔹 Reported By: #homosec
🔹 State: 🟢 Resolved
🔹 Disclosed: May 1, 2022, 9:20pm (UTC)
331 views
Bugpoint
XSS at http://nextapps.mtnonline.com/search/suggest/q/{xss payload}

👉 https://hackerone.com/reports/1244722

🔹 Severity: Medium
🔹 Reported To: MTN Group
🔹 Reported By: #homosec
🔹 State: 🟢 Resolved
🔹 Disclosed: May 1, 2022, 9:20pm (UTC)
355 views
Bugpoint
Self-DoS due to template injection via email field in password reset form on access.acronis.com

👉 https://hackerone.com/reports/1265344

🔹 Severity: No Rating
🔹 Reported To: Acronis
🔹 Reported By: #sudo_bash
🔹 State: ⚪️ Informative
🔹 Disclosed: May 3, 2022, 6:41am (UTC)
343 views
Bugpoint
Blind XSS via Feedback form.

👉 https://hackerone.com/reports/1339034

🔹 Severity: High | 💰 1,250 USD
🔹 Reported To: Judge.me
🔹 Reported By: #b3hlull
🔹 State: 🟢 Resolved
🔹 Disclosed: May 3, 2022, 9:36am (UTC)
356 views
Bugpoint
URL Scheme misconfiguration on TikTok for IOS

👉 https://hackerone.com/reports/1437294

🔹 Severity: Low | 💰 500 USD
🔹 Reported To: TikTok
🔹 Reported By: #glassplant
🔹 State: 🟢 Resolved
🔹 Disclosed: May 4, 2022, 10:17pm (UTC)
342 views
Bugpoint
One Click Account Hijacking via Unvalidated Deeplink

👉 https://hackerone.com/reports/1500614

🔹 Severity: High | 💰 10,000 USD
🔹 Reported To: TikTok
🔹 Reported By: #fr4via
🔹 State: 🟢 Resolved
🔹 Disclosed: May 4, 2022, 10:23pm (UTC)
👍4
362 views
Bugpoint
Clickjacking Vulnerability Can Leads To Delete Developer APP

👉 https://hackerone.com/reports/1416612

🔹 Severity: Low | 💰 500 USD
🔹 Reported To: TikTok
🔹 Reported By: #rioncool22
🔹 State: 🟢 Resolved
🔹 Disclosed: May 4, 2022, 10:25pm (UTC)
404 views
Bugpoint
Github Account Takeover which is used as gradle vcs in "github.com/palantir/gradle-launch-config-plugin"

👉 https://hackerone.com/reports/1525578

🔹 Severity: Low | 💰 250 USD
🔹 Reported To: Palantir Public
🔹 Reported By: #codermak
🔹 State: 🟢 Resolved
🔹 Disclosed: May 5, 2022, 1:54pm (UTC)
383 views
Bugpoint
Able to bypass email verification and change email to any other user email

👉 https://hackerone.com/reports/1551176

🔹 Severity: High | 💰 5,000 USD
🔹 Reported To: Reddit
🔹 Reported By: #bisesh
🔹 State: 🟢 Resolved
🔹 Disclosed: May 6, 2022, 4:50pm (UTC)
👍3👏2
377 views
Bugpoint
SQL injection in URL path processing on www.ibm.com

👉 https://hackerone.com/reports/1527284

🔹 Severity: Critical
🔹 Reported To: IBM
🔹 Reported By: #asterite
🔹 State: 🟢 Resolved
🔹 Disclosed: May 6, 2022, 6:37pm (UTC)
🔥1
394 views
Bugpoint
Multiple IDORs in family pairing api

👉 https://hackerone.com/reports/1286332

🔹 Severity: High | 💰 7,500 USD
🔹 Reported To: TikTok
🔹 Reported By: #s3c
🔹 State: 🟢 Resolved
🔹 Disclosed: May 6, 2022, 9:18pm (UTC)
🔥2👍1
406 views
Bugpoint
Reflected xss in https://sh.reddit.com

👉 https://hackerone.com/reports/1549206

🔹 Severity: High | 💰 5,000 USD
🔹 Reported To: Reddit
🔹 Reported By: #abhiramsita
🔹 State: 🟢 Resolved
🔹 Disclosed: May 8, 2022, 7:36am (UTC)
🔥5👍2
380 views
Bugpoint
Slowvote and Countdown can cause Denial of Service due to recursive inclusion

👉 https://hackerone.com/reports/1563142

🔹 Severity: No Rating
🔹 Reported To: Phabricator
🔹 Reported By: #dyls
🔹 State: 🟢 Resolved
🔹 Disclosed: May 9, 2022, 6:37pm (UTC)
354 views
Bugpoint
Global default settings page is accessible to non-administrators

👉 https://hackerone.com/reports/1563139

🔹 Severity: No Rating | 💰 300 USD
🔹 Reported To: Phabricator
🔹 Reported By: #dyls
🔹 State: 🟢 Resolved
🔹 Disclosed: May 9, 2022, 10:25pm (UTC)
338 views
Bugpoint
Misconfigured Rate Limit in Sending Notifications to the Victims Phone Via the Endpoint " /faxes/inbox "

👉 https://hackerone.com/reports/1482919

🔹 Severity: Medium
🔹 Reported To: Alohi
🔹 Reported By: #shamim_12__
🔹 State: 🟢 Resolved
🔹 Disclosed: May 10, 2022, 9:14am (UTC)
👍1
317 views
Bugpoint
Certificate authentication re-use on redirect

👉 https://hackerone.com/reports/1563061

🔹 Severity: Medium
🔹 Reported To: curl
🔹 Reported By: #nyymi
🔹 State: 🔴 N/A
🔹 Disclosed: May 11, 2022, 6:48am (UTC)
299 views
Bugpoint
CVE-2022-27778: curl removes wrong file on error

👉 https://hackerone.com/reports/1553598

🔹 Severity: Medium
🔹 Reported To: curl
🔹 Reported By: #nyymi
🔹 State: 🟢 Resolved
🔹 Disclosed: May 11, 2022, 7:23am (UTC)
289 views
Bugpoint
CVE-2022-27779: cookie for trailing dot TLD

👉 https://hackerone.com/reports/1553301

🔹 Severity: Medium
🔹 Reported To: curl
🔹 Reported By: #haxatron1
🔹 State: 🟢 Resolved
🔹 Disclosed: May 11, 2022, 7:59am (UTC)
293 views
Bugpoint
Account takeover via Google OneTap

👉 https://hackerone.com/reports/671406

🔹 Severity: High | 💰 1,500 USD
🔹 Reported To: Priceline
🔹 Reported By: #badca7
🔹 State: 🟢 Resolved
🔹 Disclosed: May 11, 2022, 9:37am (UTC)
616 views
Bugpoint
CVE-2022-27782: TLS and SSH connection too eager reuse

👉 https://hackerone.com/reports/1555796

🔹 Severity: Medium
🔹 Reported To: curl
🔹 Reported By: #nyymi
🔹 State: 🟢 Resolved
🔹 Disclosed: May 11, 2022, 12:40pm (UTC)
301 views