Brute force protections don't work
👉 https://hackerone.com/reports/1596918
🔹 Severity: Low
🔹 Reported To: Nextcloud
🔹 Reported By: #nickvergessen
🔹 State: 🟢 Resolved
🔹 Disclosed: September 3, 2022, 6:25am (UTC)
👉 https://hackerone.com/reports/1596918
🔹 Severity: Low
🔹 Reported To: Nextcloud
🔹 Reported By: #nickvergessen
🔹 State: 🟢 Resolved
🔹 Disclosed: September 3, 2022, 6:25am (UTC)
Unauthenticated SSRF in 3rd party module "cerdic/csstidy"
👉 https://hackerone.com/reports/1595006
🔹 Severity: Medium | 💰 250 USD
🔹 Reported To: Nextcloud
🔹 Reported By: #eg42
🔹 State: 🟢 Resolved
🔹 Disclosed: September 3, 2022, 6:29am (UTC)
👉 https://hackerone.com/reports/1595006
🔹 Severity: Medium | 💰 250 USD
🔹 Reported To: Nextcloud
🔹 Reported By: #eg42
🔹 State: 🟢 Resolved
🔹 Disclosed: September 3, 2022, 6:29am (UTC)
path traversal vulnerability in Grafana 8.x allows " local file read "
👉 https://hackerone.com/reports/1427086
🔹 Severity: Critical
🔹 Reported To: MTN Group
🔹 Reported By: #a-heybati
🔹 State: 🟢 Resolved
🔹 Disclosed: September 3, 2022, 12:14pm (UTC)
👉 https://hackerone.com/reports/1427086
🔹 Severity: Critical
🔹 Reported To: MTN Group
🔹 Reported By: #a-heybati
🔹 State: 🟢 Resolved
🔹 Disclosed: September 3, 2022, 12:14pm (UTC)
IDOR Leads To Account Takeover Without User Interaction
👉 https://hackerone.com/reports/1272478
🔹 Severity: Critical
🔹 Reported To: MTN Group
🔹 Reported By: #theranger
🔹 State: 🟢 Resolved
🔹 Disclosed: September 4, 2022, 1:23pm (UTC)
👉 https://hackerone.com/reports/1272478
🔹 Severity: Critical
🔹 Reported To: MTN Group
🔹 Reported By: #theranger
🔹 State: 🟢 Resolved
🔹 Disclosed: September 4, 2022, 1:23pm (UTC)
API key (api.semrush.com) leak in JS-file
👉 https://hackerone.com/reports/1218754
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Semrush
🔹 Reported By: #a_d_a_m
🔹 State: 🟢 Resolved
🔹 Disclosed: September 5, 2022, 12:17pm (UTC)
👉 https://hackerone.com/reports/1218754
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Semrush
🔹 Reported By: #a_d_a_m
🔹 State: 🟢 Resolved
🔹 Disclosed: September 5, 2022, 12:17pm (UTC)
Information disclosure through django debug mode
👉 https://hackerone.com/reports/1434276
🔹 Severity: Medium
🔹 Reported To: MTN Group
🔹 Reported By: #aliyugombe
🔹 State: 🟢 Resolved
🔹 Disclosed: September 5, 2022, 10:56pm (UTC)
👉 https://hackerone.com/reports/1434276
🔹 Severity: Medium
🔹 Reported To: MTN Group
🔹 Reported By: #aliyugombe
🔹 State: 🟢 Resolved
🔹 Disclosed: September 5, 2022, 10:56pm (UTC)
Exposed gitlab repo at https://adammanco.mtn.com/api/v4/projects
👉 https://hackerone.com/reports/1351359
🔹 Severity: Low
🔹 Reported To: MTN Group
🔹 Reported By: #aliyugombe
🔹 State: 🟢 Resolved
🔹 Disclosed: September 5, 2022, 10:57pm (UTC)
👉 https://hackerone.com/reports/1351359
🔹 Severity: Low
🔹 Reported To: MTN Group
🔹 Reported By: #aliyugombe
🔹 State: 🟢 Resolved
🔹 Disclosed: September 5, 2022, 10:57pm (UTC)
CVE-2021-38314 @ https://www.mtn.co.rw
👉 https://hackerone.com/reports/1351341
🔹 Severity: No Rating
🔹 Reported To: MTN Group
🔹 Reported By: #aliyugombe
🔹 State: 🟢 Resolved
🔹 Disclosed: September 5, 2022, 10:58pm (UTC)
👉 https://hackerone.com/reports/1351341
🔹 Severity: No Rating
🔹 Reported To: MTN Group
🔹 Reported By: #aliyugombe
🔹 State: 🟢 Resolved
🔹 Disclosed: September 5, 2022, 10:58pm (UTC)
CVE-2021-38314 @ https://www.mtn.ci
👉 https://hackerone.com/reports/1351338
🔹 Severity: Medium
🔹 Reported To: MTN Group
🔹 Reported By: #aliyugombe
🔹 State: 🟢 Resolved
🔹 Disclosed: September 5, 2022, 10:58pm (UTC)
👉 https://hackerone.com/reports/1351338
🔹 Severity: Medium
🔹 Reported To: MTN Group
🔹 Reported By: #aliyugombe
🔹 State: 🟢 Resolved
🔹 Disclosed: September 5, 2022, 10:58pm (UTC)
firebase credentials leaks @ https://mpulse.mtnonline.com
👉 https://hackerone.com/reports/1351329
🔹 Severity: Medium
🔹 Reported To: MTN Group
🔹 Reported By: #aliyugombe
🔹 State: 🟢 Resolved
🔹 Disclosed: September 5, 2022, 10:59pm (UTC)
👉 https://hackerone.com/reports/1351329
🔹 Severity: Medium
🔹 Reported To: MTN Group
🔹 Reported By: #aliyugombe
🔹 State: 🟢 Resolved
🔹 Disclosed: September 5, 2022, 10:59pm (UTC)
firebase credentials leaks @ https://mtnhottseat.mtn.com.gh
👉 https://hackerone.com/reports/1351326
🔹 Severity: Medium
🔹 Reported To: MTN Group
🔹 Reported By: #aliyugombe
🔹 State: 🟢 Resolved
🔹 Disclosed: September 5, 2022, 10:59pm (UTC)
👉 https://hackerone.com/reports/1351326
🔹 Severity: Medium
🔹 Reported To: MTN Group
🔹 Reported By: #aliyugombe
🔹 State: 🟢 Resolved
🔹 Disclosed: September 5, 2022, 10:59pm (UTC)
No password length restriction in reset password endpoint at http://suppliers.mtn.cm
👉 https://hackerone.com/reports/1285694
🔹 Severity: Critical
🔹 Reported To: MTN Group
🔹 Reported By: #aliyugombe
🔹 State: 🟢 Resolved
🔹 Disclosed: September 5, 2022, 11:00pm (UTC)
👉 https://hackerone.com/reports/1285694
🔹 Severity: Critical
🔹 Reported To: MTN Group
🔹 Reported By: #aliyugombe
🔹 State: 🟢 Resolved
🔹 Disclosed: September 5, 2022, 11:00pm (UTC)
IDOR Payments Status
👉 https://hackerone.com/reports/1538669
🔹 Severity: Low | 💰 100 USD
🔹 Reported To: Omise
🔹 Reported By: #codeslayer137
🔹 State: 🟢 Resolved
🔹 Disclosed: September 6, 2022, 8:58am (UTC)
👉 https://hackerone.com/reports/1538669
🔹 Severity: Low | 💰 100 USD
🔹 Reported To: Omise
🔹 Reported By: #codeslayer137
🔹 State: 🟢 Resolved
🔹 Disclosed: September 6, 2022, 8:58am (UTC)
Modifying Sprunk vs eCola crew data
👉 https://hackerone.com/reports/1680818
🔹 Severity: Low | 💰 250 USD
🔹 Reported To: Rockstar Games
🔹 Reported By: #bugstar
🔹 State: 🟢 Resolved
🔹 Disclosed: September 6, 2022, 6:24pm (UTC)
👉 https://hackerone.com/reports/1680818
🔹 Severity: Low | 💰 250 USD
🔹 Reported To: Rockstar Games
🔹 Reported By: #bugstar
🔹 State: 🟢 Resolved
🔹 Disclosed: September 6, 2022, 6:24pm (UTC)
Subdomain takeover of █████████
👉 https://hackerone.com/reports/1457928
🔹 Severity: Critical
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #martinvw
🔹 State: 🟢 Resolved
🔹 Disclosed: September 6, 2022, 6:50pm (UTC)
👉 https://hackerone.com/reports/1457928
🔹 Severity: Critical
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #martinvw
🔹 State: 🟢 Resolved
🔹 Disclosed: September 6, 2022, 6:50pm (UTC)
The dashboard is exposed in https://███
👉 https://hackerone.com/reports/1566758
🔹 Severity: Critical
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #alitoni224
🔹 State: 🟢 Resolved
🔹 Disclosed: September 6, 2022, 6:53pm (UTC)
👉 https://hackerone.com/reports/1566758
🔹 Severity: Critical
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #alitoni224
🔹 State: 🟢 Resolved
🔹 Disclosed: September 6, 2022, 6:53pm (UTC)
XSS DUE TO CVE-2020-3580
👉 https://hackerone.com/reports/1606068
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #cruxn3t
🔹 State: 🟢 Resolved
🔹 Disclosed: September 6, 2022, 6:55pm (UTC)
👉 https://hackerone.com/reports/1606068
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #cruxn3t
🔹 State: 🟢 Resolved
🔹 Disclosed: September 6, 2022, 6:55pm (UTC)
Access to admininstrative resources/account via path traversal
👉 https://hackerone.com/reports/1326352
🔹 Severity: Critical
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #j4k3d
🔹 State: 🟢 Resolved
🔹 Disclosed: September 6, 2022, 6:59pm (UTC)
👉 https://hackerone.com/reports/1326352
🔹 Severity: Critical
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #j4k3d
🔹 State: 🟢 Resolved
🔹 Disclosed: September 6, 2022, 6:59pm (UTC)
RXSS on ███████
👉 https://hackerone.com/reports/1626962
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #tmz900
🔹 State: 🟢 Resolved
🔹 Disclosed: September 6, 2022, 7:01pm (UTC)
👉 https://hackerone.com/reports/1626962
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #tmz900
🔹 State: 🟢 Resolved
🔹 Disclosed: September 6, 2022, 7:01pm (UTC)
Stored XSS at https://█████
👉 https://hackerone.com/reports/1620247
🔹 Severity: High
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #shanekag
🔹 State: 🟢 Resolved
🔹 Disclosed: September 6, 2022, 7:04pm (UTC)
👉 https://hackerone.com/reports/1620247
🔹 Severity: High
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #shanekag
🔹 State: 🟢 Resolved
🔹 Disclosed: September 6, 2022, 7:04pm (UTC)
██████_log4j - https://██████
👉 https://hackerone.com/reports/1631364
🔹 Severity: Critical
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #hachimanxienim
🔹 State: 🟢 Resolved
🔹 Disclosed: September 6, 2022, 7:07pm (UTC)
👉 https://hackerone.com/reports/1631364
🔹 Severity: Critical
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #hachimanxienim
🔹 State: 🟢 Resolved
🔹 Disclosed: September 6, 2022, 7:07pm (UTC)