Account Takeover and Information update due to cross site request forgery via POST █████████/registration/my-account.cfm
👉 https://hackerone.com/reports/1626356
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #snifyak
🔹 State: 🟢 Resolved
🔹 Disclosed: October 14, 2022, 1:28pm (UTC)
👉 https://hackerone.com/reports/1626356
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #snifyak
🔹 State: 🟢 Resolved
🔹 Disclosed: October 14, 2022, 1:28pm (UTC)
Blind SSRF via image upload URL downloader on https://██████/
👉 https://hackerone.com/reports/1691501
🔹 Severity: High
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #0x1int
🔹 State: 🟢 Resolved
🔹 Disclosed: October 14, 2022, 1:36pm (UTC)
👉 https://hackerone.com/reports/1691501
🔹 Severity: High
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #0x1int
🔹 State: 🟢 Resolved
🔹 Disclosed: October 14, 2022, 1:36pm (UTC)
[HTA2] Receiving████ access request on @wearehackerone.com email address
👉 https://hackerone.com/reports/715740
🔹 Severity: Medium | 💰 750 USD
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #jr0ch17
🔹 State: 🟢 Resolved
🔹 Disclosed: October 14, 2022, 1:41pm (UTC)
👉 https://hackerone.com/reports/715740
🔹 Severity: Medium | 💰 750 USD
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #jr0ch17
🔹 State: 🟢 Resolved
🔹 Disclosed: October 14, 2022, 1:41pm (UTC)
[hta3] Chain of ESI Injection & Reflected XSS leading to Account Takeover on [███]
👉 https://hackerone.com/reports/1073780
🔹 Severity: High | 💰 750 USD
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #jr0ch17
🔹 State: 🟢 Resolved
🔹 Disclosed: October 14, 2022, 1:44pm (UTC)
👉 https://hackerone.com/reports/1073780
🔹 Severity: High | 💰 750 USD
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #jr0ch17
🔹 State: 🟢 Resolved
🔹 Disclosed: October 14, 2022, 1:44pm (UTC)
Local file read at https://████/ [HtUS]
👉 https://hackerone.com/reports/1626210
🔹 Severity: Critical | 💰 1,000 USD
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #sudi
🔹 State: 🟢 Resolved
🔹 Disclosed: October 14, 2022, 1:51pm (UTC)
👉 https://hackerone.com/reports/1626210
🔹 Severity: Critical | 💰 1,000 USD
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #sudi
🔹 State: 🟢 Resolved
🔹 Disclosed: October 14, 2022, 1:51pm (UTC)
Broken access discloses users and PII at https://███████ [HtUS]
👉 https://hackerone.com/reports/1624374
🔹 Severity: High
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #g4mb4
🔹 State: 🟢 Resolved
🔹 Disclosed: October 14, 2022, 1:53pm (UTC)
👉 https://hackerone.com/reports/1624374
🔹 Severity: High
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #g4mb4
🔹 State: 🟢 Resolved
🔹 Disclosed: October 14, 2022, 1:53pm (UTC)
Found Origin IP's Lead To Access ████
👉 https://hackerone.com/reports/1556808
🔹 Severity: Low
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #ibrahim0936356
🔹 State: 🟢 Resolved
🔹 Disclosed: October 14, 2022, 2:28pm (UTC)
👉 https://hackerone.com/reports/1556808
🔹 Severity: Low
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #ibrahim0936356
🔹 State: 🟢 Resolved
🔹 Disclosed: October 14, 2022, 2:28pm (UTC)
Subdomain Takeover at http://██.get8x8.com/
👉 https://hackerone.com/reports/1697402
🔹 Severity: Medium
🔹 Reported To: 8x8
🔹 Reported By: #testingforbugs
🔹 State: 🟢 Resolved
🔹 Disclosed: October 14, 2022, 3:05pm (UTC)
👉 https://hackerone.com/reports/1697402
🔹 Severity: Medium
🔹 Reported To: 8x8
🔹 Reported By: #testingforbugs
🔹 State: 🟢 Resolved
🔹 Disclosed: October 14, 2022, 3:05pm (UTC)
SSRF to read AWS metaData at https://█████/ [HtUS]
👉 https://hackerone.com/reports/1624140
🔹 Severity: Critical | 💰 1,000 USD
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #720922
🔹 State: 🟢 Resolved
🔹 Disclosed: October 14, 2022, 3:12pm (UTC)
👉 https://hackerone.com/reports/1624140
🔹 Severity: Critical | 💰 1,000 USD
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #720922
🔹 State: 🟢 Resolved
🔹 Disclosed: October 14, 2022, 3:12pm (UTC)
👍1
Authentication bypass leads to Information Disclosure at U.S Air Force "https://███"
👉 https://hackerone.com/reports/1690548
🔹 Severity: High
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #ludv1k
🔹 State: 🟢 Resolved
🔹 Disclosed: October 14, 2022, 5:01pm (UTC)
👉 https://hackerone.com/reports/1690548
🔹 Severity: High
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #ludv1k
🔹 State: 🟢 Resolved
🔹 Disclosed: October 14, 2022, 5:01pm (UTC)
Unauthenticated PII leak on verified/requested to be verified profiles on ███████/app/org/{id}/profile/{id}/version/{id} [HtUS]
👉 https://hackerone.com/reports/1627962
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #shreky
🔹 State: 🟢 Resolved
🔹 Disclosed: October 14, 2022, 5:04pm (UTC)
👉 https://hackerone.com/reports/1627962
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #shreky
🔹 State: 🟢 Resolved
🔹 Disclosed: October 14, 2022, 5:04pm (UTC)
.git folder exposed [HtUS]
👉 https://hackerone.com/reports/1624157
🔹 Severity: Critical
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #sudi
🔹 State: 🟤 Duplicate
🔹 Disclosed: October 14, 2022, 5:44pm (UTC)
👉 https://hackerone.com/reports/1624157
🔹 Severity: Critical
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #sudi
🔹 State: 🟤 Duplicate
🔹 Disclosed: October 14, 2022, 5:44pm (UTC)
Unauthenticated SQL Injection at █████████ [HtUS]
👉 https://hackerone.com/reports/1626226
🔹 Severity: Critical | 💰 1,000 USD
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #0xd0ff9
🔹 State: 🟢 Resolved
🔹 Disclosed: October 14, 2022, 5:54pm (UTC)
👉 https://hackerone.com/reports/1626226
🔹 Severity: Critical | 💰 1,000 USD
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #0xd0ff9
🔹 State: 🟢 Resolved
🔹 Disclosed: October 14, 2022, 5:54pm (UTC)
Host Header Injection on https://███/████████/Account/ForgotPassword
👉 https://hackerone.com/reports/1679969
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #0x1int
🔹 State: 🟢 Resolved
🔹 Disclosed: October 14, 2022, 6:03pm (UTC)
👉 https://hackerone.com/reports/1679969
🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #0x1int
🔹 State: 🟢 Resolved
🔹 Disclosed: October 14, 2022, 6:03pm (UTC)
Otp bypass in verifying nin
👉 https://hackerone.com/reports/1314172
🔹 Severity: High
🔹 Reported To: MTN Group
🔹 Reported By: #mr_sparrow
🔹 State: 🟢 Resolved
🔹 Disclosed: October 17, 2022, 6:27am (UTC)
👉 https://hackerone.com/reports/1314172
🔹 Severity: High
🔹 Reported To: MTN Group
🔹 Reported By: #mr_sparrow
🔹 State: 🟢 Resolved
🔹 Disclosed: October 17, 2022, 6:27am (UTC)
XSS in www.shopify.com/markets?utm_source=
👉 https://hackerone.com/reports/1699762
🔹 Severity: No Rating | 💰 500 USD
🔹 Reported To: Shopify
🔹 Reported By: #noblesix
🔹 State: 🟢 Resolved
🔹 Disclosed: October 18, 2022, 7:14am (UTC)
👉 https://hackerone.com/reports/1699762
🔹 Severity: No Rating | 💰 500 USD
🔹 Reported To: Shopify
🔹 Reported By: #noblesix
🔹 State: 🟢 Resolved
🔹 Disclosed: October 18, 2022, 7:14am (UTC)
CVE-2017-5929: Hyperledger - Arbitrary Deserialization of Untrusted Data
👉 https://hackerone.com/reports/1739099
🔹 Severity: No Rating
🔹 Reported To: Hyperledger
🔹 Reported By: #mik-patient
🔹 State: 🟢 Resolved
🔹 Disclosed: October 18, 2022, 3:36pm (UTC)
👉 https://hackerone.com/reports/1739099
🔹 Severity: No Rating
🔹 Reported To: Hyperledger
🔹 Reported By: #mik-patient
🔹 State: 🟢 Resolved
🔹 Disclosed: October 18, 2022, 3:36pm (UTC)
TikTok Account Creation Date Information Disclosure
👉 https://hackerone.com/reports/1562020
🔹 Severity: Low | 💰 100 USD
🔹 Reported To: TikTok
🔹 Reported By: #f15
🔹 State: 🟢 Resolved
🔹 Disclosed: October 18, 2022, 8:50pm (UTC)
👉 https://hackerone.com/reports/1562020
🔹 Severity: Low | 💰 100 USD
🔹 Reported To: TikTok
🔹 Reported By: #f15
🔹 State: 🟢 Resolved
🔹 Disclosed: October 18, 2022, 8:50pm (UTC)
Access to private file's of helpdesk.
👉 https://hackerone.com/reports/804534
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Lark Technologies
🔹 Reported By: #imran_nisar
🔹 State: 🟢 Resolved
🔹 Disclosed: October 18, 2022, 9:05pm (UTC)
👉 https://hackerone.com/reports/804534
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Lark Technologies
🔹 Reported By: #imran_nisar
🔹 State: 🟢 Resolved
🔹 Disclosed: October 18, 2022, 9:05pm (UTC)
Sub-Dept User Can Add User's To Main Department.
👉 https://hackerone.com/reports/890209
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Lark Technologies
🔹 Reported By: #imran_nisar
🔹 State: 🟢 Resolved
🔹 Disclosed: October 18, 2022, 9:08pm (UTC)
👉 https://hackerone.com/reports/890209
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Lark Technologies
🔹 Reported By: #imran_nisar
🔹 State: 🟢 Resolved
🔹 Disclosed: October 18, 2022, 9:08pm (UTC)
Users Without Permission Can Download Restricted Files
👉 https://hackerone.com/reports/794904
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Lark Technologies
🔹 Reported By: #imran_nisar
🔹 State: 🟢 Resolved
🔹 Disclosed: October 18, 2022, 9:10pm (UTC)
👉 https://hackerone.com/reports/794904
🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Lark Technologies
🔹 Reported By: #imran_nisar
🔹 State: 🟢 Resolved
🔹 Disclosed: October 18, 2022, 9:10pm (UTC)