Bugpoint – Telegram
Bugpoint
@bugpoint
1.06K subscribers
3.73K photos
3.73K links
Latest updates about disclosure bug bounty reports: tech details, impacts, bounties 📣

Rate👇
https://cutt.ly/bugpoint_rate
Feedback👇
https://cutt.ly/bugpoint_feedback

#️⃣ bug bounty disclosed reports
#️⃣ bug bounty write-ups
#️⃣ bug bounty teleg
Download Telegram
About
Blog
Apps
Platform
Join
Bugpoint
1.06K subscribers
Bugpoint
Stack Buffer Overflow via `gmp_sprintf`in `BLSSignature` and `BLSSigShare`

👉 https://hackerone.com/reports/1546935

🔹 Severity: Medium | 💰 2,500 USD
🔹 Reported To: SKALE Network
🔹 Reported By: #voiddy
🔹 State: 🟢 Resolved
🔹 Disclosed: July 7, 2022, 12:17am (UTC)
290 views
Bugpoint
Remote denial of service in HyperLedger Fabric

👉 https://hackerone.com/reports/1604951

🔹 Severity: High | 💰 1,500 USD
🔹 Reported To: Hyperledger
🔹 Reported By: #fatal0
🔹 State: 🟢 Resolved
🔹 Disclosed: July 7, 2022, 11:55am (UTC)
276 views
Bugpoint
Brute force of a current password on a disable 2fa leads to guess password and disable 2fa.

👉 https://hackerone.com/reports/1465277

🔹 Severity: No Rating
🔹 Reported To: Omise
🔹 Reported By: #sachinrajput
🔹 State: 🟢 Resolved
🔹 Disclosed: July 7, 2022, 4:35pm (UTC)
281 views
Bugpoint
HTTP Request Smuggling Due to Incorrect Parsing of Multi-line Transfer-Encoding

👉 https://hackerone.com/reports/1501679

🔹 Severity: Medium
🔹 Reported To: Node.js
🔹 Reported By: #zeyu2001
🔹 State: 🟢 Resolved
🔹 Disclosed: July 7, 2022, 5:26pm (UTC)
288 views
Bugpoint
HTTP Request Smuggling Due To Improper Delimiting of Header Fields

👉 https://hackerone.com/reports/1524692

🔹 Severity: Medium
🔹 Reported To: Node.js
🔹 Reported By: #zeyu2001
🔹 State: 🟢 Resolved
🔹 Disclosed: July 7, 2022, 5:26pm (UTC)
292 views
Bugpoint
HTTP Request Smuggling Due to Flawed Parsing of Transfer-Encoding

👉 https://hackerone.com/reports/1524555

🔹 Severity: Medium
🔹 Reported To: Node.js
🔹 Reported By: #zeyu2001
🔹 State: 🟢 Resolved
🔹 Disclosed: July 7, 2022, 5:28pm (UTC)
317 views
Bugpoint
Clickjacking Vulnerability In Whole Page Ads Tiktok

👉 https://hackerone.com/reports/1418857

🔹 Severity: Low | 💰 500 USD
🔹 Reported To: TikTok
🔹 Reported By: #rioncool22
🔹 State: 🟢 Resolved
🔹 Disclosed: July 7, 2022, 11:18pm (UTC)
314 views
Bugpoint
Exposed valid AWS, Mysql, Sendgrid and other secrets

👉 https://hackerone.com/reports/1580567

🔹 Severity: Critical
🔹 Reported To: Glovo
🔹 Reported By: #mehdisadir
🔹 State: 🟢 Resolved
🔹 Disclosed: July 8, 2022, 3:48pm (UTC)
307 views
Bugpoint
Open Redirect through POST Request in www.redditinc.com

👉 https://hackerone.com/reports/1310230

🔹 Severity: Medium
🔹 Reported To: Reddit
🔹 Reported By: #kratul
🔹 State: ⚪️ Informative
🔹 Disclosed: July 8, 2022, 7:02pm (UTC)
293 views
Bugpoint
Unauthorized packages modification or secrets exfiltration via GitHub actions

👉 https://hackerone.com/reports/1548870

🔹 Severity: High | 💰 1,500 USD
🔹 Reported To: Hyperledger
🔹 Reported By: #dusty_wormwood
🔹 State: 🟢 Resolved
🔹 Disclosed: July 8, 2022, 7:51pm (UTC)
👍1
296 views
Bugpoint
Read beyond bounds in ap_strcmp_match() [zhbug_httpd_47.7]

👉 https://hackerone.com/reports/1595281

🔹 Severity: Low | 💰 480 USD
🔹 Reported To: Internet Bug Bounty
🔹 Reported By: #tdp3kel9g
🔹 State: 🟢 Resolved
🔹 Disclosed: July 9, 2022, 1:39pm (UTC)
263 views
Bugpoint
Controllable read beyond bounds in lua_websocket_readbytes() [zhbug_httpd_126]

👉 https://hackerone.com/reports/1595290

🔹 Severity: Low | 💰 480 USD
🔹 Reported To: Internet Bug Bounty
🔹 Reported By: #tdp3kel9g
🔹 State: 🟢 Resolved
🔹 Disclosed: July 9, 2022, 1:45pm (UTC)
👍1
253 views
Bugpoint
Read beyond bounds in mod_isapi.c [zhbug_httpd_41]

👉 https://hackerone.com/reports/1595296

🔹 Severity: Low | 💰 480 USD
🔹 Reported To: Internet Bug Bounty
🔹 Reported By: #tdp3kel9g
🔹 State: 🟢 Resolved
🔹 Disclosed: July 9, 2022, 1:50pm (UTC)
260 views
Bugpoint
Read beyond bounds via ap_rwrite() [zhbug_httpd_47.2]

👉 https://hackerone.com/reports/1595299

🔹 Severity: Low | 💰 480 USD
🔹 Reported To: Internet Bug Bounty
🔹 Reported By: #tdp3kel9g
🔹 State: 🟢 Resolved
🔹 Disclosed: July 9, 2022, 1:54pm (UTC)
271 views
Bugpoint
Apache HTTP Server: mod_proxy_ajp: Possible request smuggling

👉 https://hackerone.com/reports/1594627

🔹 Severity: Medium | 💰 2,400 USD
🔹 Reported To: Internet Bug Bounty
🔹 Reported By: #ricterz
🔹 State: 🟢 Resolved
🔹 Disclosed: July 9, 2022, 7:25pm (UTC)
284 views
Bugpoint
DoS via lua_read_body() [zhbug_httpd_94]

👉 https://hackerone.com/reports/1596252

🔹 Severity: Low | 💰 480 USD
🔹 Reported To: Internet Bug Bounty
🔹 Reported By: #tdp3kel9g
🔹 State: 🟢 Resolved
🔹 Disclosed: July 9, 2022, 8:19pm (UTC)
299 views
Bugpoint
Blind SSRF at packagist.maximum.nl

👉 https://hackerone.com/reports/1538056

🔹 Severity: No Rating | 💰 75 USD
🔹 Reported To: Radancy
🔹 Reported By: #dk4trin
🔹 State: 🟢 Resolved
🔹 Disclosed: July 10, 2022, 12:38pm (UTC)
293 views
Bugpoint
Homograph attack bypass cause redirection

👉 https://hackerone.com/reports/1285245

🔹 Severity: No Rating | 💰 50 USD
🔹 Reported To: Vanilla
🔹 Reported By: #malek
🔹 State: 🟢 Resolved
🔹 Disclosed: July 10, 2022, 9:38pm (UTC)
294 views
Bugpoint
Server Side Template Injection on Name parameter during Sign Up process

👉 https://hackerone.com/reports/1104349

🔹 Severity: High
🔹 Reported To: Glovo
🔹 Reported By: #battle_angel
🔹 State: 🟢 Resolved
🔹 Disclosed: July 11, 2022, 8:42am (UTC)
288 views
Bugpoint
Getting a free delivery by singing up from "admin_@glovoapp.com"

👉 https://hackerone.com/reports/1296584

🔹 Severity: Medium
🔹 Reported To: Glovo
🔹 Reported By: #cmuppin
🔹 State: 🟢 Resolved
🔹 Disclosed: July 11, 2022, 8:42am (UTC)
287 views
Bugpoint
Mass Account Takeover at https://app.taxjar.com/ - No user Interaction

👉 https://hackerone.com/reports/1581240

🔹 Severity: Critical | 💰 11,500 USD
🔹 Reported To: Stripe
🔹 Reported By: #beerboy_ankit
🔹 State: 🟢 Resolved
🔹 Disclosed: July 11, 2022, 1:50pm (UTC)
👏3👍2
282 views