SSRF on http://www.███████/crossdomain.php via url parameter
👉 https://hackerone.com/reports/971590
🔹 Severity: Critical
🔹 Reported To: Sony
🔹 Reported By: #n0x496n
🔹 State: 🟢 Resolved
🔹 Disclosed: October 6, 2022, 3:44pm (UTC)
👉 https://hackerone.com/reports/971590
🔹 Severity: Critical
🔹 Reported To: Sony
🔹 Reported By: #n0x496n
🔹 State: 🟢 Resolved
🔹 Disclosed: October 6, 2022, 3:44pm (UTC)
Path Traversal issue at https://████/blaze/
👉 https://hackerone.com/reports/1320084
🔹 Severity: High
🔹 Reported To: Sony
🔹 Reported By: #lu3ky-13
🔹 State: 🟢 Resolved
🔹 Disclosed: October 6, 2022, 3:53pm (UTC)
👉 https://hackerone.com/reports/1320084
🔹 Severity: High
🔹 Reported To: Sony
🔹 Reported By: #lu3ky-13
🔹 State: 🟢 Resolved
🔹 Disclosed: October 6, 2022, 3:53pm (UTC)
SQL Injection through /include/findusers.php
👉 https://hackerone.com/reports/1081145
🔹 Severity: Critical
🔹 Reported To: ImpressCMS
🔹 Reported By: #egix
🔹 State: 🟢 Resolved
🔹 Disclosed: October 6, 2022, 6:51pm (UTC)
👉 https://hackerone.com/reports/1081145
🔹 Severity: Critical
🔹 Reported To: ImpressCMS
🔹 Reported By: #egix
🔹 State: 🟢 Resolved
🔹 Disclosed: October 6, 2022, 6:51pm (UTC)
Remote Command Execution via Github import
👉 https://hackerone.com/reports/1679624
🔹 Severity: Critical | 💰 33,510 USD
🔹 Reported To: GitLab
🔹 Reported By: #vakzz
🔹 State: 🟢 Resolved
🔹 Disclosed: October 6, 2022, 8:19pm (UTC)
👉 https://hackerone.com/reports/1679624
🔹 Severity: Critical | 💰 33,510 USD
🔹 Reported To: GitLab
🔹 Reported By: #vakzz
🔹 State: 🟢 Resolved
🔹 Disclosed: October 6, 2022, 8:19pm (UTC)
Relative Path Traversal vulnerability in fabric-private-chaincode
👉 https://hackerone.com/reports/1690377
🔹 Severity: No Rating
🔹 Reported To: Hyperledger
🔹 Reported By: #bhaskar_ram
🔹 State: ⚪️ Informative
🔹 Disclosed: October 9, 2022, 7:41am (UTC)
👉 https://hackerone.com/reports/1690377
🔹 Severity: No Rating
🔹 Reported To: Hyperledger
🔹 Reported By: #bhaskar_ram
🔹 State: ⚪️ Informative
🔹 Disclosed: October 9, 2022, 7:41am (UTC)
Email Address Exposure via Gratipay Migration Tool
👉 https://hackerone.com/reports/1727044
🔹 Severity: Medium | 💰 100 USD
🔹 Reported To: Liberapay
🔹 Reported By: #suprnova
🔹 State: 🟢 Resolved
🔹 Disclosed: October 9, 2022, 11:50am (UTC)
👉 https://hackerone.com/reports/1727044
🔹 Severity: Medium | 💰 100 USD
🔹 Reported To: Liberapay
🔹 Reported By: #suprnova
🔹 State: 🟢 Resolved
🔹 Disclosed: October 9, 2022, 11:50am (UTC)
CORS Misconfiguration on trust.yelp.com
👉 https://hackerone.com/reports/1716286
🔹 Severity: Medium
🔹 Reported To: Yelp
🔹 Reported By: #ajayjachak
🔹 State: 🔴 N/A
🔹 Disclosed: October 10, 2022, 4:59am (UTC)
👉 https://hackerone.com/reports/1716286
🔹 Severity: Medium
🔹 Reported To: Yelp
🔹 Reported By: #ajayjachak
🔹 State: 🔴 N/A
🔹 Disclosed: October 10, 2022, 4:59am (UTC)
Deny of service via malicious Content-Type
👉 https://hackerone.com/reports/1715536
🔹 Severity: High
🔹 Reported To: Fastify
🔹 Reported By: #bitk
🔹 State: 🟢 Resolved
🔹 Disclosed: October 10, 2022, 8:43am (UTC)
👉 https://hackerone.com/reports/1715536
🔹 Severity: High
🔹 Reported To: Fastify
🔹 Reported By: #bitk
🔹 State: 🟢 Resolved
🔹 Disclosed: October 10, 2022, 8:43am (UTC)
Stored XSS in the ticketing system
👉 https://hackerone.com/reports/1694037
🔹 Severity: Medium | 💰 1,000 USD
🔹 Reported To: TikTok
🔹 Reported By: #codeslayer137
🔹 State: 🟢 Resolved
🔹 Disclosed: October 10, 2022, 10:35pm (UTC)
👉 https://hackerone.com/reports/1694037
🔹 Severity: Medium | 💰 1,000 USD
🔹 Reported To: TikTok
🔹 Reported By: #codeslayer137
🔹 State: 🟢 Resolved
🔹 Disclosed: October 10, 2022, 10:35pm (UTC)
Autofill/Autosave password on login
👉 https://hackerone.com/reports/1720621
🔹 Severity: Medium
🔹 Reported To: Yelp
🔹 Reported By: #zero_990
🔹 State: 🔴 N/A
🔹 Disclosed: October 11, 2022, 5:15pm (UTC)
👉 https://hackerone.com/reports/1720621
🔹 Severity: Medium
🔹 Reported To: Yelp
🔹 Reported By: #zero_990
🔹 State: 🔴 N/A
🔹 Disclosed: October 11, 2022, 5:15pm (UTC)
IDOR [mtnmobad.mtnbusiness.com.ng]
👉 https://hackerone.com/reports/1698006
🔹 Severity: Critical
🔹 Reported To: MTN Group
🔹 Reported By: #insomnia_hax
🔹 State: 🟢 Resolved
🔹 Disclosed: October 13, 2022, 7:18am (UTC)
👉 https://hackerone.com/reports/1698006
🔹 Severity: Critical
🔹 Reported To: MTN Group
🔹 Reported By: #insomnia_hax
🔹 State: 🟢 Resolved
🔹 Disclosed: October 13, 2022, 7:18am (UTC)
DoS of https://research.adobe.com/ via CVE-2018-6389 exploitation
👉 https://hackerone.com/reports/1511628
🔹 Severity: Medium
🔹 Reported To: Adobe
🔹 Reported By: #shirshak
🔹 State: 🟢 Resolved
🔹 Disclosed: October 13, 2022, 9:52am (UTC)
👉 https://hackerone.com/reports/1511628
🔹 Severity: Medium
🔹 Reported To: Adobe
🔹 Reported By: #shirshak
🔹 State: 🟢 Resolved
🔹 Disclosed: October 13, 2022, 9:52am (UTC)
Misconfigured build on websites "abuse.cloudflare.com"
👉 https://hackerone.com/reports/1624911
🔹 Severity: Low | 💰 100 USD
🔹 Reported To: Cloudflare Public Bug Bounty
🔹 Reported By: #paradessia_
🔹 State: 🟢 Resolved
🔹 Disclosed: October 13, 2022, 10:02am (UTC)
👉 https://hackerone.com/reports/1624911
🔹 Severity: Low | 💰 100 USD
🔹 Reported To: Cloudflare Public Bug Bounty
🔹 Reported By: #paradessia_
🔹 State: 🟢 Resolved
🔹 Disclosed: October 13, 2022, 10:02am (UTC)
mail.acronis.com is vulnerable to zero day vulnerability CVE-2022-41040
👉 https://hackerone.com/reports/1719719
🔹 Severity: Critical | 💰 1,000 USD
🔹 Reported To: Acronis
🔹 Reported By: #aplis
🔹 State: 🟢 Resolved
🔹 Disclosed: October 13, 2022, 5:12pm (UTC)
👉 https://hackerone.com/reports/1719719
🔹 Severity: Critical | 💰 1,000 USD
🔹 Reported To: Acronis
🔹 Reported By: #aplis
🔹 State: 🟢 Resolved
🔹 Disclosed: October 13, 2022, 5:12pm (UTC)
Cross-site noscripting on api.collabs.shopify.com
👉 https://hackerone.com/reports/1672459
🔹 Severity: Medium | 💰 1,600 USD
🔹 Reported To: Shopify
🔹 Reported By: #kun_19
🔹 State: 🟢 Resolved
🔹 Disclosed: October 13, 2022, 6:12pm (UTC)
👉 https://hackerone.com/reports/1672459
🔹 Severity: Medium | 💰 1,600 USD
🔹 Reported To: Shopify
🔹 Reported By: #kun_19
🔹 State: 🟢 Resolved
🔹 Disclosed: October 13, 2022, 6:12pm (UTC)
XSS seems to work again after change to linkpop at https://linkpop.com/testnaglinagli
👉 https://hackerone.com/reports/1569940
🔹 Severity: Medium | 💰 1,600 USD
🔹 Reported To: Shopify
🔹 Reported By: #nagli
🔹 State: 🟢 Resolved
🔹 Disclosed: October 13, 2022, 6:22pm (UTC)
👉 https://hackerone.com/reports/1569940
🔹 Severity: Medium | 💰 1,600 USD
🔹 Reported To: Shopify
🔹 Reported By: #nagli
🔹 State: 🟢 Resolved
🔹 Disclosed: October 13, 2022, 6:22pm (UTC)
Staff can create workflows in Shopify Admin without apps permission
👉 https://hackerone.com/reports/1521336
🔹 Severity: Medium | 💰 1,600 USD
🔹 Reported To: Shopify
🔹 Reported By: #jmp_35p
🔹 State: 🟢 Resolved
🔹 Disclosed: October 13, 2022, 6:53pm (UTC)
👉 https://hackerone.com/reports/1521336
🔹 Severity: Medium | 💰 1,600 USD
🔹 Reported To: Shopify
🔹 Reported By: #jmp_35p
🔹 State: 🟢 Resolved
🔹 Disclosed: October 13, 2022, 6:53pm (UTC)
Self XSS in https://linkpop.com/dashboard/admin
👉 https://hackerone.com/reports/1591403
🔹 Severity: Low | 💰 500 USD
🔹 Reported To: Shopify
🔹 Reported By: #hazemhussien99
🔹 State: 🟢 Resolved
🔹 Disclosed: October 13, 2022, 9:20pm (UTC)
👉 https://hackerone.com/reports/1591403
🔹 Severity: Low | 💰 500 USD
🔹 Reported To: Shopify
🔹 Reported By: #hazemhussien99
🔹 State: 🟢 Resolved
🔹 Disclosed: October 13, 2022, 9:20pm (UTC)
Account takeover on ███████ [HtUS]
👉 https://hackerone.com/reports/1627961
🔹 Severity: High | 💰 500 USD
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #nightm4re
🔹 State: 🟢 Resolved
🔹 Disclosed: October 14, 2022, 1:05pm (UTC)
👉 https://hackerone.com/reports/1627961
🔹 Severity: High | 💰 500 USD
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #nightm4re
🔹 State: 🟢 Resolved
🔹 Disclosed: October 14, 2022, 1:05pm (UTC)
IDOR leaking PII data via VendorId parameter
👉 https://hackerone.com/reports/1690044
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #0x1int
🔹 State: 🟢 Resolved
🔹 Disclosed: October 14, 2022, 1:24pm (UTC)
👉 https://hackerone.com/reports/1690044
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #0x1int
🔹 State: 🟢 Resolved
🔹 Disclosed: October 14, 2022, 1:24pm (UTC)
Account Takeover and Information update due to cross site request forgery via POST █████████/registration/my-account.cfm
👉 https://hackerone.com/reports/1626356
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #snifyak
🔹 State: 🟢 Resolved
🔹 Disclosed: October 14, 2022, 1:28pm (UTC)
👉 https://hackerone.com/reports/1626356
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #snifyak
🔹 State: 🟢 Resolved
🔹 Disclosed: October 14, 2022, 1:28pm (UTC)