├── .gitignore ├── README.md ├── data.csv ├── fetcher.py ├── filler.py ├── rater.py ├── requirements.txt ├── tops_100 ├── TOP100PAID.md └── TOP100UPVOTED.md ├── tops_by_bug_type ├── TOPCLICKJACKING.md ├── TOPCSRF.md ├── TOPDOS.md ├── TOPIDOR.md ├── TOPOAUTH.md ├── TOPOPENREDIRECT.md ├── TOPRACECONDITION.md ├── TOPRCE.md ├── TOPSQLI.md ├── TOPSSRF.md ├── TOPSUBDOMAINTAKEOVER.md ├── TOPXSS.md └── TOPXXE.md └── tops_by_program ├── TOPAUTOMATTIC.md ├── TOPBRAVESOFTWARE.md ├── TOPCOINBASE.md ├── TOPCONCRETE5.md ├── TOPGITHUBSECURITYLAB.md ├── TOPGITLAB.md ├── TOPGRATIPAY.md ├── TOPH1CTF.md ├── TOPHACKERONE.md ├── TOPLEGALROBOT.md ├── TOPLOCALIZE.md ├── TOPLOCALTAPIOLA.md ├── TOPMAILRU.md ├── TOPNEWRELIC.md ├── TOPNEXTCLOUD.md ├── TOPNODEJSTHIRDPARTYMODULES.md ├── TOPOLX.md ├── TOPOPENXCHANGE.md ├── TOPOWNCLOUD.md ├── TOPPARAGONINITIATIVEENTERPRISES.md ├── TOPPHABRICATOR.md ├── TOPPHP(IBB).md ├── TOPPORNHUB.md ├── TOPQIWI.md ├── TOPRAZER.md ├── TOPROCKSTARGAMES.md ├── TOPSHOPIFY.md ├── TOPSHOPIFYSCRIPTS.md ├── TOPSLACK.md ├── TOPSTARBUCKS.md ├── TOPTHEINTERNET.md ├── TOPTWITTER.md ├── TOPUBER.md ├── TOPUBIQUITIINC.md ├── TOPUSDEPTOFDEFENSE.md ├── TOPVERIZONMEDIA.md ├── TOPVIMEO.md ├── TOPVKCOM.md ├── TOPWEBLATE.md ├── TOPWORDPRESS.md └── TOPZOMATO.md /.gitignore: -------------------------------------------------------------------------------- 1 | .idea/ 2 | venv/ 3 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | Tops of HackerOne reports. All reports' raw info stored in `data.csv`. 2 | Scripts to update `data.csv` are written in Python 3 and require `selenium`. 3 | Every script contains some info about how it works. 4 | The run order of scripts: 5 | 6 | 1) `fetcher.py` 7 | 1) `filler.py` 8 | 1) `rater.py` 9 | 10 | Tops 100. 11 | 12 | - [Top 100 upvoted reports](tops_100/TOP100UPVOTED.md) 13 | - [Top 100 paid reports](tops_100/TOP100PAID.md) 14 | 15 | Tops by bug type. 16 | 17 | - [Top XSS reports](tops_by_bug_type/TOPXSS.md) 18 | - [Top XXE reports](tops_by_bug_type/TOPXXE.md) 19 | - [Top CSRF reports](tops_by_bug_type/TOPCSRF.md) 20 | - [Top IDOR reports](tops_by_bug_type/TOPIDOR.md) 21 | - [Top RCE reports](tops_by_bug_type/TOPRCE.md) 22 | - [Top SQLi reports](tops_by_bug_type/TOPSQLI.md) 23 | - [Top SSRF reports](tops_by_bug_type/TOPSSRF.md) 24 | - [Top Race Condition reports](tops_by_bug_type/TOPRACECONDITION.md) 25 | - [Top Subdomain Takeover reports](tops_by_bug_type/TOPSUBDOMAINTAKEOVER.md) 26 | - [Top Open Redirect reports](tops_by_bug_type/TOPOPENREDIRECT.md) 27 | - [Top Clickjacking reports](tops_by_bug_type/TOPCLICKJACKING.md) 28 | - [Top DoS reports](tops_by_bug_type/TOPDOS.md) 29 | - [Top OAuth reports](tops_by_bug_type/TOPOAUTH.md) 30 | 31 | Tops by program. 32 | 33 | - [Top Mail.ru reports](tops_by_program/TOPMAILRU.md) 34 | - [Top HackerOne reports](tops_by_program/TOPHACKERONE.md) 35 | - [Top Shopify reports](tops_by_program/TOPSHOPIFY.md) 36 | - [Top Nextcloud reports](tops_by_program/TOPNEXTCLOUD.md) 37 | - [Top Twitter reports](tops_by_program/TOPTWITTER.md) 38 | - [Top Uber reports](tops_by_program/TOPUBER.md) 39 | - [Top Node.js reports](tops_by_program/TOPNODEJSTHIRDPARTYMODULES.md) 40 | - [Top shopify-scripts reports](tops_by_program/TOPSHOPIFYSCRIPTS.md) 41 | - [Top Legal Robot reports](tops_by_program/TOPLEGALROBOT.md) 42 | - [Top U.S. Dept of Defense reports](tops_by_program/TOPUSDEPTOFDEFENSE.md) 43 | - [Top Gratipay reports](tops_by_program/TOPGRATIPAY.md) 44 | - [Top Weblate reports](tops_by_program/TOPWEBLATE.md) 45 | - [Top VK.com reports](tops_by_program/TOPVKCOM.md) 46 | - [Top New Relic reports](tops_by_program/TOPNEWRELIC.md) 47 | - [Top LocalTapiola reports](tops_by_program/TOPLOCALTAPIOLA.md) 48 | - [Top Zomato reports](tops_by_program/TOPZOMATO.md) 49 | - [Top Slack reports](tops_by_program/TOPSLACK.md) 50 | - [Top ownCloud reports](tops_by_program/TOPOWNCLOUD.md) 51 | - [Top GitLab reports](tops_by_program/TOPGITLAB.md) 52 | - [Top Ubiquiti Inc. reports](tops_by_program/TOPUBIQUITIINC.md) 53 | - [Top Automattic reports](tops_by_program/TOPAUTOMATTIC.md) 54 | - [Top Coinbase reports](tops_by_program/TOPCOINBASE.md) 55 | - [Top Verizon Media reports](tops_by_program/TOPVERIZONMEDIA.md) 56 | - [Top Starbucks reports](tops_by_program/TOPSTARBUCKS.md) 57 | - [Top Paragon Initiative Enterprises reports](tops_by_program/TOPPARAGONINITIATIVEENTERPRISES.md) 58 | - [Top PHP (IBB) reports](tops_by_program/TOPPHP(IBB).md) 59 | - [Top Brave Software reports](tops_by_program/TOPBRAVESOFTWARE.md) 60 | - [Top Vimeo reports](tops_by_program/TOPVIMEO.md) 61 | - [Top OLX reports](tops_by_program/TOPOLX.md) 62 | - [Top concrete5 reports](tops_by_program/TOPCONCRETE5.md) 63 | - [Top Phabricator reports](tops_by_program/TOPPHABRICATOR.md) 64 | - [Top Pornhub reports](tops_by_program/TOPPORNHUB.md) 65 | - [Top Localize reports](tops_by_program/TOPLOCALIZE.md) 66 | - [Top Qiwi reports](tops_by_program/TOPQIWI.md) 67 | - [Top WordPress reports](tops_by_program/TOPWORDPRESS.md) 68 | - [Top The Internet reports](tops_by_program/TOPTHEINTERNET.md) 69 | - [Top Open-Xchange reports](tops_by_program/TOPOPENXCHANGE.md) 70 | - [Top Razer reports](tops_by_program/TOPRAZER.md) 71 | - [Top Rockstar Games reports](tops_by_program/TOPROCKSTARGAMES.md) 72 | - [Top GitHub Security Lab](tops_by_program/TOPGITHUBSECURITYLAB.md) 73 | - [Top h1-ctf](tops_by_program/TOPH1CTF.md) 74 | -------------------------------------------------------------------------------- /fetcher.py: -------------------------------------------------------------------------------- 1 | """ 2 | This script runs first. 3 | Works via headless Chrome, so you should add path of chromedriver executable to the PATH. 4 | 5 | It will scroll through hacktivity until the appearance of URL of the first report in data.csv. 6 | Then script searches for all new reports' URLs and add them to data.csv. 7 | 8 | To use it without modifications you should put non-empty data.csv file 9 | in the same directory with this script (current data.csv is good), because 10 | scrolling through the whole hacktivity is almost impossible for now. 11 | """ 12 | 13 | import time 14 | import csv 15 | from selenium.webdriver import Chrome, ChromeOptions 16 | 17 | hacktivity_url = 'https://hackerone.com/hacktivity?order_field=latest_disclosable_activity_at&filter=type%3Apublic' 18 | page_loading_timeout = 10 19 | 20 | 21 | def extract_reports(raw_reports): 22 | reports = [] 23 | for raw_report in raw_reports: 24 | html = raw_report.get_attribute('innerHTML') 25 | try: 26 | index = html.index('hackerone.com/reports/') 27 | except ValueError: 28 | continue 29 | link = '' 30 | for i in range(index, index + 50): 31 | if html[i] == '"': 32 | break 33 | else: 34 | link += html[i] 35 | report = { 36 | 'program': '', 37 | 'title': '', 38 | 'link': link, 39 | 'upvotes': 0, 40 | 'bounty': 0., 41 | 'vuln_type': '' 42 | } 43 | reports.append(report) 44 | 45 | return reports 46 | 47 | 48 | def fetch(): 49 | options = ChromeOptions() 50 | options.add_argument('no-sandbox') 51 | options.add_argument('headless') 52 | driver = Chrome(options=options) 53 | 54 | reports = [] 55 | with open('data.csv', 'r', newline='', encoding='utf-8') as file: 56 | reader = csv.DictReader(file) 57 | for row in reader: 58 | reports.append(dict(row)) 59 | first_report_link = reports[0]['link'] 60 | 61 | driver.get(hacktivity_url) 62 | driver.implicitly_wait(page_loading_timeout) 63 | 64 | counter = 0 65 | page = 0 66 | last_height = driver.execute_script("return document.body.scrollHeight") 67 | while True: 68 | driver.execute_script("window.scrollTo(0, document.body.scrollHeight);") 69 | time.sleep(page_loading_timeout) 70 | new_height = driver.execute_script("return document.body.scrollHeight") 71 | if new_height == last_height: 72 | counter += 1 73 | if counter > 1: 74 | break 75 | else: 76 | counter = 0 77 | last_height = new_height 78 | 79 | raw_reports = driver.find_elements_by_class_name('fade') 80 | new_reports = extract_reports(raw_reports) 81 | found = False 82 | for i in range(len(new_reports)): 83 | if new_reports[i]['link'] == first_report_link: 84 | reports = new_reports[:i] + reports 85 | found = True 86 | break 87 | if found: 88 | break 89 | 90 | page += 1 91 | print('Page:', page) 92 | 93 | driver.close() 94 | 95 | with open('data.csv', 'w', newline='', encoding='utf-8') as file: 96 | keys = reports[0].keys() 97 | writer = csv.DictWriter(file, fieldnames=keys) 98 | writer.writeheader() 99 | writer.writerows(reports) 100 | 101 | 102 | if __name__ == '__main__': 103 | fetch() 104 | -------------------------------------------------------------------------------- /filler.py: -------------------------------------------------------------------------------- 1 | """ 2 | This script runs second. 3 | 4 | It will get every report in json and take necessary information. 5 | It takes a lot of time to fetch because there are so much reports. 6 | 7 | To use it without modifications you should put non-empty data.csv file 8 | in the same directory with this script (current data.csv is good). 9 | """ 10 | 11 | import csv 12 | import requests 13 | 14 | 15 | def fill(): 16 | reports = [] 17 | with open('data.csv', 'r', newline='', encoding='utf-8') as file: 18 | reader = csv.DictReader(file) 19 | for row in reader: 20 | reports.append(dict(row)) 21 | count_of_reports = len(reports) 22 | for i in range(count_of_reports): 23 | print('Fetching report ' + str(i + 1) + ' out of ' + str(count_of_reports)) 24 | report_url = 'https://' + reports[i]['link'] + '.json' 25 | try: 26 | json_info = requests.get(report_url).json() 27 | reports[i]['title'] = json_info['title'] 28 | reports[i]['program'] = json_info['team']['profile']['name'] 29 | reports[i]['upvotes'] = int(json_info['vote_count']) 30 | reports[i]['bounty'] = float(json_info['bounty_amount']) if json_info['has_bounty?'] else 0.0 31 | reports[i]['vuln_type'] = json_info['weakness']['name'] if 'weakness' in json_info else '' 32 | except Exception: 33 | print('error at report ' + str(i + 1)) 34 | continue 35 | 36 | print(reports[i]) 37 | 38 | with open('data.csv', 'w', newline='', encoding='utf-8') as file: 39 | keys = reports[0].keys() 40 | writer = csv.DictWriter(file, fieldnames=keys) 41 | writer.writeheader() 42 | writer.writerows(reports) 43 | 44 | 45 | if __name__ == '__main__': 46 | fill() 47 | -------------------------------------------------------------------------------- /rater.py: -------------------------------------------------------------------------------- 1 | """ 2 | This script runs third (optional). 3 | 4 | It simply takes info from data.csv and aggregate it. 5 | You can use this script as an example to create your custom lists of reports. 6 | 7 | To use it without modifications you should put non-empty data.csv file 8 | in the same directory with this script (current data.csv is good). 9 | """ 10 | 11 | import csv 12 | 13 | index = [] 14 | 15 | 16 | def clean_title(title): 17 | return ' '.join(title.split()).lower().replace('-', ' ').replace('—', ' ').replace(',', '').replace('.', '') \ 18 | .replace(':', '').replace(';', '') 19 | 20 | 21 | def check_title(title, keywords): 22 | for keyword in keywords: 23 | if len(keyword.split()) == 1: 24 | for word in title.split(): 25 | if word == keyword: 26 | return True 27 | else: 28 | if keyword in title: 29 | return True 30 | return False 31 | 32 | 33 | def top_100_upvoted(reports): 34 | upvotes_sorted_reports = list(reversed(sorted(reports, key=lambda k: k['upvotes']))) 35 | with open('tops_100/TOP100UPVOTED.md', 'w', encoding='utf-8') as file: 36 | file.write('[Back](../README.md)\n\n') 37 | file.write('Top 100 upvoted reports from HackerOne:\n\n') 38 | for i in range(0, 100): 39 | report = upvotes_sorted_reports[i] 40 | file.write( 41 | '{0}. [{1}](https://{2}) to {3} - {4} upvotes, ${5}\n'.format(i + 1, report['title'], report['link'], 42 | report['program'], 43 | report['upvotes'], int(report['bounty']))) 44 | file.write('\n\n[Back](../README.md)') 45 | 46 | 47 | def top_100_paid(reports): 48 | bounty_sorted_reports = list(reversed(sorted(reports, key=lambda k: (k['bounty'], k['upvotes'])))) 49 | with open('tops_100/TOP100PAID.md', 'w', encoding='utf-8') as file: 50 | file.write('[Back](../README.md)\n\n') 51 | file.write('Top 100 paid reports from HackerOne:\n\n') 52 | for i in range(0, 100): 53 | report = bounty_sorted_reports[i] 54 | file.write( 55 | '{0}. [{1}](https://{2}) to {3} - ${4}, {5} upvotes\n'.format(i + 1, report['title'], report['link'], 56 | report['program'], 57 | int(report['bounty']), report['upvotes'])) 58 | file.write('\n\n[Back](../README.md)') 59 | 60 | 61 | def top_by_bug_type(reports, bug_type, bug_name, keywords): 62 | filtered_reports = [report for report in reports if check_title(clean_title(report['title']), keywords)] 63 | for filtered_report in filtered_reports: 64 | index.append(filtered_report['link']) 65 | bug_sorted_reports = list(reversed(sorted(filtered_reports, key=lambda k: (k['upvotes'], k['bounty'])))) 66 | with open('tops_by_bug_type/TOP{0}.md'.format(bug_type), 'w', encoding='utf-8') as file: 67 | file.write('[Back](../README.md)\n\n') 68 | file.write('Top {0} reports from HackerOne:\n\n'.format(bug_name)) 69 | for i in range(0, len(bug_sorted_reports)): 70 | report = bug_sorted_reports[i] 71 | file.write('{0}. [{1}](https://{2}) to {3} - {4} upvotes, ${5}\n' 72 | .format(i + 1, report['title'], report['link'], report['program'], report['upvotes'], int(report['bounty']))) 73 | file.write('\n\n[Back](../README.md)') 74 | 75 | 76 | def top_by_program(reports, program): 77 | filtered_reports = [report for report in reports if report['program'] == program] 78 | bug_sorted_reports = list(reversed(sorted(filtered_reports, key=lambda k: (k['upvotes'], k['bounty'])))) 79 | with open('tops_by_program/TOP{0}.md'.format(program.upper().replace('.', '').replace('-', '').replace(' ', '')), 80 | 'w', encoding='utf-8') as file: 81 | file.write('[Back](../README.md)\n\n') 82 | file.write('Top reports from {0} program at HackerOne:\n\n'.format(program)) 83 | for i in range(0, len(bug_sorted_reports)): 84 | report = bug_sorted_reports[i] 85 | file.write('{0}. [{1}](https://{2}) to {3} - {4} upvotes, ${5}\n' 86 | .format(i + 1, report['title'], report['link'], report['program'], report['upvotes'], int(report['bounty']))) 87 | file.write('\n\n[Back](../README.md)') 88 | 89 | 90 | def main(): 91 | reports = [] 92 | max_title_length = 0 93 | with open('data.csv', 'r', newline='', encoding='utf-8') as file: 94 | reader = csv.DictReader(file) 95 | for row in reader: 96 | row_dict = dict(row) 97 | row_dict['bounty'] = float(row_dict['bounty'].replace('"', '').replace('$', '').replace(',', '')) 98 | row_dict['upvotes'] = int(row_dict['upvotes']) 99 | row_dict['title'] = row_dict['title'].replace('<', '\<').replace('>', '\>') 100 | if len(row_dict['title']) > max_title_length: 101 | max_title_length = len(row_dict['title']) 102 | reports.append(row_dict) 103 | print('Max title length:', max_title_length) 104 | 105 | top_100_upvoted(reports) 106 | top_100_paid(reports) 107 | 108 | top_by_bug_type(reports, 'XSS', 'XSS', ['css', 'xss', 'domxss', 'cross site scripting', ]) 109 | top_by_bug_type(reports, 'XXE', 'XXE', ['xxe', 'xml external entity', 'xml entity']) 110 | top_by_bug_type(reports, 'CSRF', 'CSRF', ['csrf', 'xsrf', 'cross site request forgery']) 111 | top_by_bug_type(reports, 'IDOR', 'IDOR', ['idor', 'insecure direct object reference']) 112 | top_by_bug_type(reports, 'RCE', 'RCE', ['rce', 'remote code execution']) 113 | top_by_bug_type(reports, 'SQLI', 'SQLI', ['sqli', 'sql inj', 'sql command injection']) 114 | top_by_bug_type(reports, 'SSRF', 'SSRF', ['ssrf', 'server side request forgery']) 115 | top_by_bug_type(reports, 'RACECONDITION', 'Race Condition', ['race condition']) 116 | top_by_bug_type(reports, 'SUBDOMAINTAKEOVER', 'Subdomain Takeover', 117 | ['domain takeover', 'domain takeover', 'domain take over']) 118 | top_by_bug_type(reports, 'OPENREDIRECT', 'Open Redirect', ['open redirect']) 119 | top_by_bug_type(reports, 'CLICKJACKING', 'Clickjacking', ['clickjacking', 'click jacking', 'clicjacking']) 120 | top_by_bug_type(reports, 'DOS', 'DoS', ['dos', 'denial of service', 'service denial']) 121 | top_by_bug_type(reports, 'OAUTH', 'OAuth', ['oauth']) 122 | 123 | programs = {} 124 | for report in reports: 125 | if report['program'] not in programs: 126 | programs[report['program']] = [report] 127 | else: 128 | programs[report['program']].append(report) 129 | top_programs = sorted(programs, key=lambda k: len(programs[k]), reverse=True) 130 | for program in top_programs[:35]: 131 | print(program) 132 | top_by_program(reports, program) 133 | 134 | count_of_not_indexed = 0 135 | for report in reports: 136 | if report['link'] not in index: 137 | count_of_not_indexed += 1 138 | print(report['title']) 139 | print('Count of all reports:', len(reports)) 140 | print('Count of not indexed reports:', count_of_not_indexed) 141 | 142 | 143 | if __name__ == '__main__': 144 | main() 145 | -------------------------------------------------------------------------------- /requirements.txt: -------------------------------------------------------------------------------- 1 | selenium 2 | requests -------------------------------------------------------------------------------- /tops_by_bug_type/TOPCLICKJACKING.md: -------------------------------------------------------------------------------- 1 | [Back](../README.md) 2 | 3 | Top Clickjacking reports from HackerOne: 4 | 5 | 1. [Highly wormable clickjacking in player card](https://hackerone.com/reports/85624) to Twitter - 127 upvotes, $5040 6 | 2. [Twitter Periscope Clickjacking Vulnerability](https://hackerone.com/reports/591432) to Twitter - 125 upvotes, $1120 7 | 3. [Clickjacking on donation page](https://hackerone.com/reports/921709) to WordPress - 88 upvotes, $50 8 | 4. [Viral Direct Message Clickjacking via link truncation leading to capture of both Google credentials & installation of malicious 3rd party Twitter App](https://hackerone.com/reports/643274) to Twitter - 64 upvotes, $1120 9 | 5. [Sensitive Clickjacking on admin login page.](https://hackerone.com/reports/389145) to Shipt - 51 upvotes, $100 10 | 6. [Stealing User emails by clickjacking cards.twitter.com/xxx/xxx](https://hackerone.com/reports/154963) to Twitter - 49 upvotes, $1120 11 | 7. [Clickjacking vkpay](https://hackerone.com/reports/374817) to VK.com - 44 upvotes, $0 12 | 8. [[api.tumblr.com] Exploiting clickjacking vulnerability to trigger self DOM-based XSS](https://hackerone.com/reports/953579) to Automattic - 30 upvotes, $150 13 | 9. [URL is vulnerable to clickjacking https://app.passit.io/](https://hackerone.com/reports/530008) to Passit - 28 upvotes, $0 14 | 10. [CRITICAL-CLICKJACKING at Yelp Reservations Resulting in exposure of victim Private Data (Email info) + Victim Credit Card MissUse. ](https://hackerone.com/reports/355859) to Yelp - 17 upvotes, $500 15 | 11. [Clickjacking at join.nordvpn.com](https://hackerone.com/reports/765955) to Nord Security - 17 upvotes, $100 16 | 12. [Clickjacking in the admin page](https://hackerone.com/reports/728004) to Rocket.Chat - 16 upvotes, $0 17 | 13. [Clickjacking on cas.acronis.com login page](https://hackerone.com/reports/971234) to Acronis - 16 upvotes, $0 18 | 14. [Clickjacking at ylands.com](https://hackerone.com/reports/405342) to BOHEMIA INTERACTIVE a.s. - 15 upvotes, $80 19 | 15. [Clickjacking In jobs.wordpress.net](https://hackerone.com/reports/223024) to WordPress - 15 upvotes, $0 20 | 16. [Clickjacking in [exchangemarketplace.com]](https://hackerone.com/reports/658217) to Shopify - 15 upvotes, $0 21 | 17. [Make user buy items via clickjacking possibility](https://hackerone.com/reports/471967) to Mail.ru - 14 upvotes, $200 22 | 18. [Clickjacking wordcamp.org](https://hackerone.com/reports/230581) to WordPress - 14 upvotes, $0 23 | 19. [Modifying application settings via clickjacking on o2.mail.ru](https://hackerone.com/reports/355774) to Mail.ru - 13 upvotes, $150 24 | 20. [Clickjacking Vulnerability found on Yelp](https://hackerone.com/reports/214087) to Yelp - 13 upvotes, $100 25 | 21. [self-xss with ClickJacking can leads to account takeover in Firefox](https://hackerone.com/reports/892289) to Imgur - 13 upvotes, $100 26 | 22. [Modify account details by exploiting clickjacking vulnerability on refer.wordpress.com](https://hackerone.com/reports/765355) to Automattic - 12 upvotes, $75 27 | 23. [Clickjacking on Mixmax.com](https://hackerone.com/reports/234713) to Mixmax - 12 upvotes, $0 28 | 24. [Clickjacking on https://www.goodhire.com/api](https://hackerone.com/reports/298028) to Inflection - 12 upvotes, $0 29 | 25. [URL is vulnerable to clickjacking](https://hackerone.com/reports/712376) to MyCrypto - 12 upvotes, $0 30 | 26. [Single Sing On - Clickjacking](https://hackerone.com/reports/299009) to Semrush - 11 upvotes, $150 31 | 27. [AWS S3 website can't serve security headers, may allow clickjacking](https://hackerone.com/reports/149572) to Legal Robot - 11 upvotes, $40 32 | 28. [Clickjacking mercantile.wordpress.org](https://hackerone.com/reports/264125) to WordPress - 11 upvotes, $0 33 | 29. [Clickjacking Periscope.tv on Chrome](https://hackerone.com/reports/198622) to Twitter - 10 upvotes, $560 34 | 30. [clickjacking в /lead_forms_app.php](https://hackerone.com/reports/294334) to VK.com - 10 upvotes, $0 35 | 31. [Certificate warnings and similar UI elements in Web protection of Anti-Virus products family are susceptible to clickjacking](https://hackerone.com/reports/463695) to Kaspersky - 10 upvotes, $0 36 | 32. [Following links are vulnerable to clickjacking](https://hackerone.com/reports/289246) to Semrush - 9 upvotes, $150 37 | 33. [Delete images of users with clickjacking in https://pw.mail.ru](https://hackerone.com/reports/675614) to Mail.ru - 9 upvotes, $0 38 | 34. [Get ip and Geo location any user via Clickjacking with inspectlet technology](https://hackerone.com/reports/998555) to Acronis - 9 upvotes, $0 39 | 35. [Clickjacking on authorized page https://wakatime.com/share/embed](https://hackerone.com/reports/244967) to WakaTime - 8 upvotes, $0 40 | 36. [Clickjacking - https://mercantile.wordpress.org/](https://hackerone.com/reports/258283) to WordPress - 8 upvotes, $0 41 | 37. [Clickjacking in Legalrobot app](https://hackerone.com/reports/270454) to Legal Robot - 8 upvotes, $0 42 | 38. [OAuth authorization page vulnerable to clickjacking](https://hackerone.com/reports/65825) to Coinbase - 7 upvotes, $5000 43 | 39. [UI Redressing ( ClickJacking ) Issue on Information submit form ](https://hackerone.com/reports/163753) to Legal Robot - 7 upvotes, $0 44 | 40. [Clickjacking](https://hackerone.com/reports/200419) to Pushwoosh - 7 upvotes, $0 45 | 41. [Click Jacking Nextcloud](https://hackerone.com/reports/347782) to Nextcloud - 7 upvotes, $0 46 | 42. [Clickjacking on my.stripo.email for MailChimp credentials ](https://hackerone.com/reports/737625) to Stripo Inc - 7 upvotes, $0 47 | 43. [Clickjacking URLS](https://hackerone.com/reports/1039805) to Nextcloud - 7 upvotes, $0 48 | 44. [Account takeover vulnerability by editor role privileged users/attackers via clickjacking](https://hackerone.com/reports/388254) to WordPress - 6 upvotes, $0 49 | 45. [Clickjacking lead to remove review](https://hackerone.com/reports/965141) to Yelp - 6 upvotes, $0 50 | 46. [ClickJacking on IMPORTANT Functions of Yelp](https://hackerone.com/reports/305128) to Yelp - 5 upvotes, $500 51 | 47. [Bypass of the Clickjacking protection on Flickr using data URL in iframes](https://hackerone.com/reports/7264) to Verizon Media - 5 upvotes, $250 52 | 48. [Click Jacking](https://hackerone.com/reports/163888) to Legal Robot - 5 upvotes, $0 53 | 49. [https://admin.corp.cuvva.co/ is vulnerable to Clickjacking attacks due to missing X-Frame-Options ](https://hackerone.com/reports/231434) to Cuvva - 5 upvotes, $0 54 | 50. [Clickjacking docs.weblate.org](https://hackerone.com/reports/223391) to Weblate - 5 upvotes, $0 55 | 51. [clickjacking on https://gratipay.com/on/npm/[text]](https://hackerone.com/reports/267189) to Gratipay - 5 upvotes, $0 56 | 52. [Found clickjacking vulnerability](https://hackerone.com/reports/119828) to LeaseWeb - 4 upvotes, $0 57 | 53. [Clickjacking In https://demo.nextcloud.com](https://hackerone.com/reports/222762) to Nextcloud - 4 upvotes, $0 58 | 54. [Clickjacking Full account takeover and editing the personal information at [account.my.com]](https://hackerone.com/reports/261652) to Mail.ru - 4 upvotes, $0 59 | 55. [Clickjacking Vulnerability via https://webagent.mail.ru leading to protection bypass for https://web.icq.com/ end point](https://hackerone.com/reports/918923) to Mail.ru - 3 upvotes, $150 60 | 56. [Missing security headers, possible clickjacking](https://hackerone.com/reports/64645) to Legal Robot - 3 upvotes, $20 61 | 57. [Clickjacking login page of http://book.zomato.com/](https://hackerone.com/reports/146948) to Zomato - 3 upvotes, $0 62 | 58. [Clickjacking: Delete Account, Change privacy settings, Rate business, follow/unfollow (IE)](https://hackerone.com/reports/338569) to Zomato - 3 upvotes, $0 63 | 59. [Settings page in https://support.my.com is vulnerable to clickjacking](https://hackerone.com/reports/667400) to Mail.ru - 3 upvotes, $0 64 | 60. [Site-wide clickjacking at IE11](https://hackerone.com/reports/614947) to New Relic - 2 upvotes, $500 65 | 61. [Clickjacking Vulnerability via https://www.donationalerts.com/help/support leads to bypass for widget.support.my.games X-Frame Options](https://hackerone.com/reports/1027192) to Mail.ru - 2 upvotes, $150 66 | 62. [Click-Jacking due to missing X-frame header](https://hackerone.com/reports/17664) to Factlink - 2 upvotes, $0 67 | 63. [Clickjacking at surveylink.yahoo.com](https://hackerone.com/reports/3578) to Verizon Media - 2 upvotes, $0 68 | 64. [Vulnerable to clickjacking](https://hackerone.com/reports/123782) to Gratipay - 2 upvotes, $0 69 | 65. [newrelic.com vulnerable to clickjacking !](https://hackerone.com/reports/123126) to New Relic - 2 upvotes, $0 70 | 66. [Clickjacking: X-Frame-Options header missing](https://hackerone.com/reports/163646) to Legal Robot - 2 upvotes, $0 71 | 67. [ClickJacking on Debug](https://hackerone.com/reports/225555) to Weblate - 2 upvotes, $0 72 | 68. [Clickjacking irclogs.wordpress.org](https://hackerone.com/reports/267075) to WordPress - 2 upvotes, $0 73 | 69. [Click jacking in delete image of user in Yelp](https://hackerone.com/reports/201848) to Yelp - 2 upvotes, $0 74 | 70. [URL is vulnerable to clickjacking](https://hackerone.com/reports/337219) to Zomato - 2 upvotes, $0 75 | 71. [Clickjacking Vulnerability on https://support.my.com/games/ticket/xxxx/](https://hackerone.com/reports/357954) to Mail.ru - 2 upvotes, $0 76 | 72. [Clickjacking in ops.cuvva.com](https://hackerone.com/reports/583624) to Cuvva - 2 upvotes, $0 77 | 73. [Clickjacking](https://hackerone.com/reports/832593) to Kubernetes - 2 upvotes, $0 78 | 74. [ClickJacking](https://hackerone.com/reports/947690) to Acronis - 2 upvotes, $0 79 | 75. [Khan Academy ClickJacking to Steal Users's Credintials](https://hackerone.com/reports/639682) to Khan Academy - 2 upvotes, $0 80 | 76. [Clickjacking](https://hackerone.com/reports/8724) to Mail.ru - 1 upvotes, $150 81 | 77. [Clickjacking at https://www.mavenlink.com/ main website ](https://hackerone.com/reports/14631) to Mavenlink - 1 upvotes, $50 82 | 78. [ClickJacking on http://au.launch.yahoo.com](https://hackerone.com/reports/1229) to Verizon Media - 1 upvotes, $0 83 | 79. [Possible clickjacking at shop.khanacademy.org](https://hackerone.com/reports/6370) to Khan Academy - 1 upvotes, $0 84 | 80. [Click jacking](https://hackerone.com/reports/13550) to Factlink - 1 upvotes, $0 85 | 81. [Clickjacking & CSRF attack can be done at https://app.mavenlink.com/login](https://hackerone.com/reports/14494) to Mavenlink - 1 upvotes, $0 86 | 82. [clickjacking on leaving group(flick)](https://hackerone.com/reports/7745) to Verizon Media - 1 upvotes, $0 87 | 83. [Clickjacking: X-Frame-Options header missing](https://hackerone.com/reports/129650) to APITest.IO - 1 upvotes, $0 88 | 84. [Clickjacking on authenticated pages which is inscope for New Relic](https://hackerone.com/reports/128645) to New Relic - 1 upvotes, $0 89 | 85. [Clickjacking in love.uber.com](https://hackerone.com/reports/137152) to Uber - 1 upvotes, $0 90 | 86. [ClickJacking](https://hackerone.com/reports/183127) to OWOX, Inc. - 1 upvotes, $0 91 | 87. [Clickjacking vulnerability in support-dashboard.corp.cuvva.co](https://hackerone.com/reports/231694) to Cuvva - 1 upvotes, $0 92 | 88. [Clickjacking or URL Masking ](https://hackerone.com/reports/204198) to Brave Software - 1 upvotes, $0 93 | 89. [aspen | clickjacking](https://hackerone.com/reports/272387) to Aspen - 1 upvotes, $0 94 | 90. [ClickJacking ](https://hackerone.com/reports/179839) to Yelp - 1 upvotes, $0 95 | 91. [Clickjacking: X-Frame Header Missing](https://hackerone.com/reports/168358) to Yelp - 1 upvotes, $0 96 | 92. [clickjacking to Semrush auth login](https://hackerone.com/reports/318295) to Semrush - 1 upvotes, $0 97 | 93. [Clickjacking on https://download.nextcloud.com/](https://hackerone.com/reports/662155) to Nextcloud - 1 upvotes, $0 98 | 94. [Clickjacking on https://download.nextcloud.com](https://hackerone.com/reports/658011) to Nextcloud - 1 upvotes, $0 99 | 95. [Nextcloud Clickjacking Vulnerability](https://hackerone.com/reports/710996) to Nextcloud - 1 upvotes, $0 100 | 96. [Clickjacking](https://hackerone.com/reports/21110) to Mavenlink - 0 upvotes, $50 101 | 97. [Clickjacking - changing role](https://hackerone.com/reports/7924) to Respondly - 0 upvotes, $0 102 | 98. [ClickJacking](https://hackerone.com/reports/7862) to Localize - 0 upvotes, $0 103 | 99. [Clicjacking on Login panel](https://hackerone.com/reports/8459) to Mail.ru - 0 upvotes, $0 104 | 100. [Clickjacking at https://staging.uzbey.com/](https://hackerone.com/reports/17315) to Uzbey - 0 upvotes, $0 105 | 101. [Clickjacking: X-Frame-Options header missing](https://hackerone.com/reports/27594) to GlassWire - 0 upvotes, $0 106 | 102. [clickjacking ](https://hackerone.com/reports/1207) to Verizon Media - 0 upvotes, $0 107 | 103. [Clickjacking : https://partners.cloudflare.com/](https://hackerone.com/reports/106362) to Cloudflare Vulnerability Disclosure - 0 upvotes, $0 108 | 104. [clickjacking at http://mailboxes.legalrobot-uat.com/](https://hackerone.com/reports/165542) to Legal Robot - 0 upvotes, $0 109 | 105. [Clickjacking https://blockstack.org/](https://hackerone.com/reports/269047) to Hiro - 0 upvotes, $0 110 | 106. [ClickJacking in editing business name](https://hackerone.com/reports/227837) to Yelp - 0 upvotes, $0 111 | 107. [User can be fooled to Bookmark any restaurant by clickjacking](https://hackerone.com/reports/228295) to Yelp - 0 upvotes, $0 112 | 108. [Clickjacking @ Main Domain[www.yelp.com]](https://hackerone.com/reports/197115) to Yelp - 0 upvotes, $0 113 | 109. [Clickjacking on https://nextcloud.com/](https://hackerone.com/reports/661768) to Nextcloud - 0 upvotes, $0 114 | 115 | 116 | [Back](../README.md) -------------------------------------------------------------------------------- /tops_by_bug_type/TOPOAUTH.md: -------------------------------------------------------------------------------- 1 | [Back](../README.md) 2 | 3 | Top OAuth reports from HackerOne: 4 | 5 | 1. [Shopify Stocky App OAuth Misconfiguration](https://hackerone.com/reports/740989) to Shopify - 508 upvotes, $5000 6 | 2. [Chained Bugs to Leak Victim's Uber's FB Oauth Token](https://hackerone.com/reports/202781) to Uber - 375 upvotes, $7500 7 | 3. [Insufficient OAuth callback validation which leads to Periscope account takeover](https://hackerone.com/reports/110293) to Twitter - 256 upvotes, $5040 8 | 4. [Unauthenticated blind SSRF in OAuth Jira authorization controller](https://hackerone.com/reports/398799) to GitLab - 215 upvotes, $4000 9 | 5. [Ability to bypass email verification for OAuth grants results in accounts takeovers on 3rd parties](https://hackerone.com/reports/922456) to GitLab - 206 upvotes, $3000 10 | 6. [OAuth `redirect_uri` bypass using IDN homograph attack resulting in user's access token leakage](https://hackerone.com/reports/861940) to Semrush - 201 upvotes, $1000 11 | 7. [Stealing Facebook OAuth Code Through Screenshot viewer](https://hackerone.com/reports/488269) to Rockstar Games - 186 upvotes, $750 12 | 8. [Referer Leakage Vulnerability in socialclub.rockstargames.com/crew/ leads to FB'S OAuth token theft.](https://hackerone.com/reports/787160) to Rockstar Games - 103 upvotes, $750 13 | 9. [User account compromised authentication bypass via oauth token impersonation](https://hackerone.com/reports/739321) to PicsArt - 89 upvotes, $0 14 | 10. [Incorrect details on OAuth permissions screen allows DMs to be read without permission](https://hackerone.com/reports/434763) to Twitter - 71 upvotes, $2940 15 | 11. [Facebook OAuth Code Theft through referer leakage on support.rockstargames.com](https://hackerone.com/reports/482743) to Rockstar Games - 66 upvotes, $750 16 | 12. [CSRF on Periscope Web OAuth authorization endpoint ](https://hackerone.com/reports/215381) to Twitter - 61 upvotes, $2520 17 | 13. [Stealing Users OAuth Tokens through redirect_uri parameter](https://hackerone.com/reports/665651) to TTS Bug Bounty - 50 upvotes, $750 18 | 14. [[auth2.zomato.com] Reflected XSS at `oauth2/fallbacks/error` | ORY Hydra an OAuth 2.0 and OpenID Connect Provider](https://hackerone.com/reports/456333) to Zomato - 42 upvotes, $250 19 | 15. [Misconfigured oauth leads to Pre account takeover ](https://hackerone.com/reports/1074047) to Bumble - 40 upvotes, $300 20 | 16. [Ability to bypass social OAuth and take over any account [d2c-api]](https://hackerone.com/reports/729960) to Genasys Technologies - 40 upvotes, $0 21 | 17. [Oauth flow on the comments widget login can lead to the access code leakage](https://hackerone.com/reports/292783) to Ed - 38 upvotes, $0 22 | 18. [Broken OAuth leads to change photo profile users .](https://hackerone.com/reports/642475) to Dropbox - 37 upvotes, $512 23 | 19. [Stealing Users OAUTH Tokens via redirect_uri ](https://hackerone.com/reports/405100) to BOHEMIA INTERACTIVE a.s. - 37 upvotes, $0 24 | 20. [Gitlab Oauth Misconfiguration Lead To Account Takeover ](https://hackerone.com/reports/541701) to Vercel - 37 upvotes, $0 25 | 21. [Race Conditions in OAuth 2 API implementations](https://hackerone.com/reports/55140) to The Internet - 35 upvotes, $2500 26 | 22. [Smuggle SocialClub's Facebook OAuth Code via Referer Leakage](https://hackerone.com/reports/342709) to Rockstar Games - 35 upvotes, $750 27 | 23. [Twitter iOS fails to validate server certificate and sends oauth token](https://hackerone.com/reports/168538) to Twitter - 34 upvotes, $2100 28 | 24. [Open Redirect on Gitllab Oauth leading to Acount Takeover](https://hackerone.com/reports/677617) to Vercel - 33 upvotes, $0 29 | 25. [Image Injection vulnerability on screenshot-viewer/responsive/image may allow Facebook OAuth token theft.](https://hackerone.com/reports/655288) to Rockstar Games - 31 upvotes, $500 30 | 26. [`account_info.read` scope OAuth app access token can change token owner's account name.](https://hackerone.com/reports/1031240) to Dropbox - 30 upvotes, $1728 31 | 27. [User session access due to Oauth whitelist host bypass and postMessage](https://hackerone.com/reports/875938) to Mail.ru - 30 upvotes, $0 32 | 28. [OAuth 2 Authorization Bypass via CSRF and Cross Site Flashing](https://hackerone.com/reports/136582) to Vimeo - 28 upvotes, $1000 33 | 29. [Debug information disclosure on oauth-redirector.services.greenhouse.io](https://hackerone.com/reports/315205) to Greenhouse.io - 27 upvotes, $100 34 | 30. [[Critical] - Steal OAuth Tokens](https://hackerone.com/reports/131202) to Twitter - 22 upvotes, $840 35 | 31. [XSS in OAuth Redirect Url](https://hackerone.com/reports/163707) to Dropbox - 19 upvotes, $0 36 | 32. [Open redirect in https://www.rockstargames.com/GTAOnline/restricted-content/agegate/form may lead to Facebook OAuth token theft](https://hackerone.com/reports/798121) to Rockstar Games - 18 upvotes, $750 37 | 33. [Account takeover via Pornhub Oauth](https://hackerone.com/reports/192648) to YouPorn - 17 upvotes, $1000 38 | 34. [[qiwi.com] Oauth захват аккаунта](https://hackerone.com/reports/159507) to QIWI - 17 upvotes, $950 39 | 35. [XSS on OAuth authorize/authenticate endpoint](https://hackerone.com/reports/87040) to Twitter - 15 upvotes, $2520 40 | 36. [Insecure OAuth redirection at [admin.8x8.vc]](https://hackerone.com/reports/770548) to 8x8 - 14 upvotes, $0 41 | 37. [SocialClub's Facebook OAuth Theft through Warehouse XSS.](https://hackerone.com/reports/316948) to Rockstar Games - 13 upvotes, $750 42 | 38. [configure a redirect URI for Facebook OAuth](https://hackerone.com/reports/140432) to Gratipay - 13 upvotes, $10 43 | 39. [Image Injection on www.rockstargames.com/screenshot-viewer/responsive/image may allow facebook oauth token theft.](https://hackerone.com/reports/497655) to Rockstar Games - 11 upvotes, $500 44 | 40. [leaking Digits OAuth authorization to third party websites](https://hackerone.com/reports/166942) to Twitter - 10 upvotes, $560 45 | 41. [Stored XSS in OAuth redirect URI ](https://hackerone.com/reports/261138) to Nextcloud - 10 upvotes, $0 46 | 42. [Coinbase Android Application - Bitcoin Wallet Leaks OAuth Response Code](https://hackerone.com/reports/5314) to Coinbase - 9 upvotes, $1000 47 | 43. [Image Injection on `/bully/anniversaryedition` may lead to FB's OAuth Token Theft.](https://hackerone.com/reports/659784) to Rockstar Games - 8 upvotes, $500 48 | 44. [Race Condition in Oauth 2.0 flow can lead to malicious applications create multiple valid sessions](https://hackerone.com/reports/699112) to Razer - 8 upvotes, $250 49 | 45. [Open redirection in OAuth](https://hackerone.com/reports/405697) to Shopify - 8 upvotes, $0 50 | 46. [OAuth authorization page vulnerable to clickjacking](https://hackerone.com/reports/65825) to Coinbase - 7 upvotes, $5000 51 | 47. [Bug in OAuth Success Redirect URI Validation](https://hackerone.com/reports/753547) to Polymail, Inc. - 6 upvotes, $0 52 | 48. [Open redirection in OAuth](https://hackerone.com/reports/55525) to Shopify - 5 upvotes, $500 53 | 49. [Image Injection vulnerability affecting www.rockstargames.com/careers may lead to Facebook OAuth Theft](https://hackerone.com/reports/491654) to Rockstar Games - 5 upvotes, $500 54 | 50. [OAuth Stealing Attack (New)](https://hackerone.com/reports/3930) to Phabricator - 5 upvotes, $400 55 | 51. [Wordpress.com REST API oauth bypass via Cross Site Flashing](https://hackerone.com/reports/176308) to Automattic - 5 upvotes, $150 56 | 52. [Image Injection on /bully/anniversaryedition may lead to OAuth token theft.](https://hackerone.com/reports/498358) to Rockstar Games - 4 upvotes, $500 57 | 53. [Registration bypass using OAuth logical bug](https://hackerone.com/reports/64946) to Legal Robot - 4 upvotes, $40 58 | 54. [XSS in uber oauth](https://hackerone.com/reports/131052) to Uber - 4 upvotes, $0 59 | 55. [API OAuth Public Key disclosure in mobile app](https://hackerone.com/reports/160120) to Instacart - 4 upvotes, $0 60 | 56. [Image injection /br/games/info may lead to phishing attacks or FB OAuth theft.](https://hackerone.com/reports/510388) to Rockstar Games - 3 upvotes, $500 61 | 57. [OAuth access_token stealing in Phabricator](https://hackerone.com/reports/3596) to Phabricator - 3 upvotes, $450 62 | 58. [Login CSRF using Twitter OAuth](https://hackerone.com/reports/2228) to Phabricator - 3 upvotes, $300 63 | 59. [Problem with OAuth](https://hackerone.com/reports/46485) to Twitter - 2 upvotes, $1260 64 | 60. [Attach Pinterest account - no State/CSRF parameter in Oauth Call back](https://hackerone.com/reports/111218) to Shopify - 2 upvotes, $500 65 | 61. [Flaw in login with twitter to steal Oauth tokens](https://hackerone.com/reports/44492) to Twitter - 2 upvotes, $140 66 | 62. [Broken Authentication (including Slack OAuth bugs)](https://hackerone.com/reports/2559) to Slack - 2 upvotes, $100 67 | 63. [OAUTH pemission set as true= lead to authorize malicious application](https://hackerone.com/reports/87561) to Coinbase - 1 upvotes, $100 68 | 64. [Cryptographic Side Channel in OAuth Library](https://hackerone.com/reports/31168) to WP API - 1 upvotes, $50 69 | 65. [State parameter missing on google OAuth](https://hackerone.com/reports/2688) to Slack - 1 upvotes, $0 70 | 66. [OAuth Bug](https://hackerone.com/reports/9460) to Respondly - 1 upvotes, $0 71 | 67. [Login CSRF using Twitter oauth](https://hackerone.com/reports/13555) to Factlink - 1 upvotes, $0 72 | 68. [OAuth open redirect](https://hackerone.com/reports/7900) to Respondly - 0 upvotes, $0 73 | 69. [oauth redirect uri validation bug leads to open redirect and account compromise](https://hackerone.com/reports/20661) to WePay - 0 upvotes, $0 74 | 70. [Login CSRF using Google OAuth](https://hackerone.com/reports/118737) to ThisData - 0 upvotes, $0 75 | 76 | 77 | [Back](../README.md) -------------------------------------------------------------------------------- /tops_by_bug_type/TOPRACECONDITION.md: -------------------------------------------------------------------------------- 1 | [Back](../README.md) 2 | 3 | Top Race Condition reports from HackerOne: 4 | 5 | 1. [Race Condition allows to redeem multiple times gift cards which leads to free "money"](https://hackerone.com/reports/759247) to Reverb.com - 258 upvotes, $1500 6 | 2. [Race condition in performing retest allows duplicated payments](https://hackerone.com/reports/429026) to HackerOne - 196 upvotes, $2100 7 | 3. [Client-Side Race Condition using Marketo, allows sending user to data-protocol in Safari when form without onSuccess is submitted on www.hackerone.com](https://hackerone.com/reports/381356) to HackerOne - 136 upvotes, $1250 8 | 4. [Race condition in activating email resulting in infinite amount of diamonds received](https://hackerone.com/reports/509629) to InnoGames - 135 upvotes, $2000 9 | 5. [Race Condition leads to undeletable group member](https://hackerone.com/reports/604534) to HackerOne - 114 upvotes, $500 10 | 6. [Race Conditions in Popular reports feature.](https://hackerone.com/reports/146845) to HackerOne - 102 upvotes, $500 11 | 7. [Race Condition when following a user](https://hackerone.com/reports/927384) to Staging.every.org - 89 upvotes, $0 12 | 8. [Race Condition : Exploiting the loyalty claim https://xxx.vendhq.com/loyalty/claim/email/xxxxx url and gain x amount of loyalty bonus/cash](https://hackerone.com/reports/331940) to Vend VDP - 87 upvotes, $0 13 | 9. [Race Condition in Flag Submission](https://hackerone.com/reports/454949) to HackerOne - 70 upvotes, $500 14 | 10. [Race condition leads to duplicate payouts](https://hackerone.com/reports/220445) to HackerOne - 60 upvotes, $750 15 | 11. [Race Condition of Transfer data Credits to Organization Leads to Add Extra free Data Credits to the Organization](https://hackerone.com/reports/974892) to Helium - 58 upvotes, $250 16 | 12. [Race Condition on "Get free Badoo Premium" which allows to get more days of free premium for Free. ](https://hackerone.com/reports/1037430) to Bumble - 49 upvotes, $200 17 | 13. [Race condition in claiming program credentials ](https://hackerone.com/reports/488985) to HackerOne - 43 upvotes, $500 18 | 14. [Race Conditions in OAuth 2 API implementations](https://hackerone.com/reports/55140) to The Internet - 35 upvotes, $2500 19 | 15. [Race Condition in Redeeming Coupons](https://hackerone.com/reports/157996) to Instacart - 31 upvotes, $200 20 | 16. [Race conditions can be used to bypass invitation limit](https://hackerone.com/reports/115007) to Keybase - 29 upvotes, $350 21 | 17. [Race condition на market.games.mail.ru](https://hackerone.com/reports/317557) to Mail.ru - 28 upvotes, $1000 22 | 18. [Race condition while removing the love react in community files.](https://hackerone.com/reports/996141) to Figma - 28 upvotes, $150 23 | 19. [JSBeautifier BApp: Race condition leads to memory disclosure](https://hackerone.com/reports/187134) to PortSwigger Web Security - 28 upvotes, $0 24 | 20. [Race condition at create new Location](https://hackerone.com/reports/413759) to Shopify - 23 upvotes, $500 25 | 21. [Race Condition in account survey](https://hackerone.com/reports/165570) to Slack - 20 upvotes, $150 26 | 22. [Race condition vulnerability on "This Rocks" button.](https://hackerone.com/reports/474021) to Rockstar Games - 17 upvotes, $250 27 | 23. [Race condition in GitLab import, giving access to other people their imports due to filename collision](https://hackerone.com/reports/214028) to GitLab - 17 upvotes, $0 28 | 24. [Register multiple users using one invitation (race condition)](https://hackerone.com/reports/148609) to Keybase - 16 upvotes, $350 29 | 25. [Race condition on the Federalist API endpoints can lead to the Denial of Service attack](https://hackerone.com/reports/249319) to TTS Bug Bounty - 15 upvotes, $150 30 | 26. [Race condition при покупке подарков на games.mail.ru](https://hackerone.com/reports/685432) to Mail.ru - 14 upvotes, $0 31 | 27. [race condition in adding team members](https://hackerone.com/reports/176127) to Shopify - 12 upvotes, $500 32 | 28. [Race condition (TOCTOU) in NordVPN can result in local privilege escalation](https://hackerone.com/reports/768110) to Nord Security - 12 upvotes, $500 33 | 29. [Issue in the implementation of captcha and race condition](https://hackerone.com/reports/67562) to VK.com - 12 upvotes, $100 34 | 30. [Race Condition Vulnerability On Pornhubpremium.com](https://hackerone.com/reports/183624) to Pornhub - 11 upvotes, $520 35 | 31. [Race condition на покупке призов за баллы](https://hackerone.com/reports/700833) to Mail.ru - 11 upvotes, $150 36 | 32. [Race condition in Flash workers may cause an exploitabl​e double free](https://hackerone.com/reports/37240) to Flash (IBB) - 10 upvotes, $10000 37 | 33. [Race Condition in Definition Votes](https://hackerone.com/reports/152717) to Urban Dictionary - 10 upvotes, $0 38 | 34. [Race Condition allows to get more free trials and get more than 100 languages and strings for free](https://hackerone.com/reports/1087188) to Weblate - 9 upvotes, $0 39 | 35. [Race Condition in Oauth 2.0 flow can lead to malicious applications create multiple valid sessions](https://hackerone.com/reports/699112) to Razer - 8 upvotes, $250 40 | 36. [Bypass subdomain limits using race condition](https://hackerone.com/reports/395351) to Chaturbate - 8 upvotes, $100 41 | 37. [Race Condition in Article "Helpful" Indicator](https://hackerone.com/reports/109485) to Zendesk - 8 upvotes, $50 42 | 38. [Race condition when redeeming coupon codes](https://hackerone.com/reports/59179) to Dropbox - 4 upvotes, $216 43 | 39. [Race condition allowing user to review app multiple times](https://hackerone.com/reports/106360) to Coinbase - 4 upvotes, $100 44 | 40. [Race Conditions Exist When Accepting Invitations](https://hackerone.com/reports/119354) to HackerOne - 4 upvotes, $0 45 | 41. [Race condition in workers may cause an exploitable double free by abusing bytearray.compress() ](https://hackerone.com/reports/47227) to Flash (IBB) - 2 upvotes, $10000 46 | 42. [Race condition on my.stripo.email at /cabinet/stripeapi/v1/projects/298427/emails/folders uri](https://hackerone.com/reports/994051) to Stripo Inc - 2 upvotes, $0 47 | 43. [Adobe Flash Player Race Condition Vulnerability](https://hackerone.com/reports/119657) to Flash (IBB) - 1 upvotes, $2000 48 | 44. [Race condition with CURL_LOCK_DATA_CONNECT can cause connections to be used at the same time](https://hackerone.com/reports/724134) to curl - 1 upvotes, $0 49 | 45. [Data race conditions reported by helgrind when performing parallel DNS queries in libcurl](https://hackerone.com/reports/1019457) to curl - 0 upvotes, $0 50 | 51 | 52 | [Back](../README.md) -------------------------------------------------------------------------------- /tops_by_bug_type/TOPXXE.md: -------------------------------------------------------------------------------- 1 | [Back](../README.md) 2 | 3 | Top XXE reports from HackerOne: 4 | 5 | 1. [XXE at ecjobs.starbucks.com.cn/retail/hxpublic_v6/hxdynamicpage6.aspx](https://hackerone.com/reports/500515) to Starbucks - 300 upvotes, $4000 6 | 2. [XXE on pulse.mail.ru](https://hackerone.com/reports/505947) to Mail.ru - 262 upvotes, $6000 7 | 3. [XXE on sms-be-vip.twitter.com in SXMP Processor](https://hackerone.com/reports/248668) to Twitter - 247 upvotes, $10080 8 | 4. [XXE on https://duckduckgo.com](https://hackerone.com/reports/483774) to DuckDuckGo - 204 upvotes, $0 9 | 5. [Phone Call to XXE via Interactive Voice Response](https://hackerone.com/reports/395296) to ██████ - 165 upvotes, $0 10 | 6. [Partial bypass of #483774 with Blind XXE on https://duckduckgo.com](https://hackerone.com/reports/486732) to DuckDuckGo - 148 upvotes, $0 11 | 7. [Multiple endpoints are vulnerable to XML External Entity injection (XXE) ](https://hackerone.com/reports/72272) to Pornhub - 135 upvotes, $2500 12 | 8. [XXE through injection of a payload in the XMP metadata of a JPEG file](https://hackerone.com/reports/836877) to Informatica - 128 upvotes, $0 13 | 9. [XXE Injection through SVG image upload leads to SSRF](https://hackerone.com/reports/897244) to Zivver - 107 upvotes, $0 14 | 10. [XXE in Site Audit function exposing file and directory contents](https://hackerone.com/reports/312543) to Semrush - 97 upvotes, $2000 15 | 11. [[RCE] Unserialize to XXE - file disclosure on ams.upload.pornhub.com](https://hackerone.com/reports/142562) to Pornhub - 88 upvotes, $10000 16 | 12. [XXE in DoD website that may lead to RCE](https://hackerone.com/reports/227880) to U.S. Dept Of Defense - 87 upvotes, $0 17 | 13. [Blind XXE via Powerpoint files](https://hackerone.com/reports/334488) to Open-Xchange - 83 upvotes, $2000 18 | 14. [blind XXE in autodiscover parser](https://hackerone.com/reports/315837) to Mail.ru - 70 upvotes, $5000 19 | 15. [LFI and SSRF via XXE in emblem editor](https://hackerone.com/reports/347139) to Rockstar Games - 67 upvotes, $1500 20 | 16. [XXE на webdav.mail.ru - PROPFIND/PROPPATCH](https://hackerone.com/reports/758978) to Mail.ru - 53 upvotes, $10000 21 | 17. [Blind OOB XXE At "http://ubermovement.com/"](https://hackerone.com/reports/154096) to Uber - 53 upvotes, $500 22 | 18. [XXE on ██████████ by bypassing WAF ████](https://hackerone.com/reports/433996) to QIWI - 49 upvotes, $5000 23 | 19. [[rev-app.informatica.com] - XXE](https://hackerone.com/reports/105434) to Informatica - 43 upvotes, $0 24 | 20. [XML External Entity (XXE) in qiwi.com + waf bypass](https://hackerone.com/reports/99279) to QIWI - 39 upvotes, $3137 25 | 21. [RCE via Local File Read -\> php unserialization-\> XXE -\> unpickling](https://hackerone.com/reports/415501) to h1-5411-CTF - 39 upvotes, $0 26 | 22. [XML Parser Bug: XXE over which leads to RCE](https://hackerone.com/reports/55431) to drchrono - 31 upvotes, $700 27 | 23. [XXE on DoD web server](https://hackerone.com/reports/188743) to U.S. Dept Of Defense - 30 upvotes, $0 28 | 24. [Singapore - XXE at https://www.starbucks.com.sg/RestApi/soap11](https://hackerone.com/reports/762251) to Starbucks - 27 upvotes, $500 29 | 25. [Blind XXE on my.mail.ru](https://hackerone.com/reports/276276) to Mail.ru - 23 upvotes, $800 30 | 26. [[app.informaticaondemand.com] XXE](https://hackerone.com/reports/105753) to Informatica - 23 upvotes, $0 31 | 27. [Non-production Open Database In Combination With XXE Leads To SSRF](https://hackerone.com/reports/742808) to Evernote - 23 upvotes, $0 32 | 28. [ XXE in upload file feature](https://hackerone.com/reports/105787) to Informatica - 21 upvotes, $0 33 | 29. [[send.qiwi.ru] Soap-based XXE vulnerability /soapserver/ ](https://hackerone.com/reports/36450) to QIWI - 17 upvotes, $1000 34 | 30. [Blind XXE on pu.vk.com](https://hackerone.com/reports/296622) to VK.com - 16 upvotes, $500 35 | 31. [XXE in the Connector Designer](https://hackerone.com/reports/112116) to Bime - 13 upvotes, $750 36 | 32. [[marketplace.informatica.com] - XXE](https://hackerone.com/reports/106797) to Informatica - 13 upvotes, $0 37 | 33. [OOB XXE ](https://hackerone.com/reports/690387) to Mail.ru - 12 upvotes, $500 38 | 34. [blind XXE when uploading avatar in mymail phone app](https://hackerone.com/reports/277341) to Mail.ru - 11 upvotes, $1000 39 | 35. [[rev-app.informatica.com] - XXE via SAML](https://hackerone.com/reports/106865) to Informatica - 11 upvotes, $0 40 | 36. [[marketplace.informatica.com] - XXE](https://hackerone.com/reports/106802) to Informatica - 11 upvotes, $0 41 | 37. [XXE issue](https://hackerone.com/reports/130661) to Moneybird - 10 upvotes, $150 42 | 38. [[usuppliers.uber.com] - Server Side Request Forgery via XXE OOB](https://hackerone.com/reports/448598) to Uber - 8 upvotes, $500 43 | 39. [h1-5411-CTF report: LFI / Deserialization / XXE vulnerability, ](https://hackerone.com/reports/415233) to h1-5411-CTF - 8 upvotes, $0 44 | 40. [XXE крит](https://hackerone.com/reports/449627) to Mail.ru - 7 upvotes, $300 45 | 41. [XXE at Informatica sub-domain](https://hackerone.com/reports/150520) to Informatica - 6 upvotes, $0 46 | 42. [OOB XXE ](https://hackerone.com/reports/690295) to Mail.ru - 5 upvotes, $500 47 | 43. [XXE and SSRF on webmaster.mail.ru](https://hackerone.com/reports/12583) to Mail.ru - 3 upvotes, $700 48 | 44. [XXE in OAuth2 Applications gallery profile App logo](https://hackerone.com/reports/104620) to Coinbase - 2 upvotes, $0 49 | 45. [XXE at host vpn.owncloud.com](https://hackerone.com/reports/105980) to ownCloud - 1 upvotes, $0 50 | 46. [Pippo XML Entity Expansion (Billion Laughs Attack)](https://hackerone.com/reports/506791) to Central Security Project - 1 upvotes, $0 51 | 52 | 53 | [Back](../README.md) -------------------------------------------------------------------------------- /tops_by_program/TOPBRAVESOFTWARE.md: -------------------------------------------------------------------------------- 1 | [Back](../README.md) 2 | 3 | Top reports from Brave Software program at HackerOne: 4 | 5 | 1. [Stored XSS in localhost:* via integrated torrent downloader](https://hackerone.com/reports/681617) to Brave Software - 119 upvotes, $0 6 | 2. [Local files reading from the web using `brave://`](https://hackerone.com/reports/390013) to Brave Software - 70 upvotes, $5000 7 | 3. [Sending arbitrary IPC messages via overriding Function.prototype.apply](https://hackerone.com/reports/188086) to Brave Software - 51 upvotes, $5300 8 | 4. [Lack of quarantine meta-attribute for downloaded files leads to GateKeeper bypass](https://hackerone.com/reports/374106) to Brave Software - 51 upvotes, $50 9 | 5. [`chrome://brave` available for navigation in Release build [-\> RCE] + navigation to `chrome://*` using tab_helper ["Open in new tab"]](https://hackerone.com/reports/395737) to Brave Software - 46 upvotes, $2000 10 | 6. [Local files reading using `link[rel="import"]`](https://hackerone.com/reports/375329) to Brave Software - 42 upvotes, $400 11 | 7. [[Android] HTML Injection in BatterySaveArticleRenderer WebView](https://hackerone.com/reports/176065) to Brave Software - 41 upvotes, $150 12 | 8. [[iOS/Android] Address Bar Spoofing Vulnerability ](https://hackerone.com/reports/175958) to Brave Software - 29 upvotes, $200 13 | 9. [Navigation to protocol handler URL from the opened page displayed as a request from this page.](https://hackerone.com/reports/374969) to Brave Software - 25 upvotes, $200 14 | 10. [Local files reading from the "file://" origin through `brave://`](https://hackerone.com/reports/390362) to Brave Software - 23 upvotes, $400 15 | 11. [chrome://brave navigation from web](https://hackerone.com/reports/415967) to Brave Software - 21 upvotes, $650 16 | 12. [URL Spoof / Brave Shield Bypass](https://hackerone.com/reports/255991) to Brave Software - 19 upvotes, $200 17 | 13. [RCE: DnDing shortcut files to chrome://brave allows loading HTML files in Muon's context](https://hackerone.com/reports/415258) to Brave Software - 16 upvotes, $300 18 | 14. [DMARC RECORD MISSING](https://hackerone.com/reports/491753) to Brave Software - 16 upvotes, $50 19 | 15. [Username Information Disclosure via Json response - Using parameter number Intruder](https://hackerone.com/reports/812351) to Brave Software - 16 upvotes, $0 20 | 16. [Homograph Attack Bypass [ Tested on Linux & Windows ]](https://hackerone.com/reports/268984) to Brave Software - 15 upvotes, $100 21 | 17. [https://publishers.basicattentiontoken.org/favicon.ico is Vulnerable to CVE-2017-7529](https://hackerone.com/reports/980856) to Brave Software - 15 upvotes, $100 22 | 18. [Bypassing Homograph Attack Using /@ [ Tested On Windows ]](https://hackerone.com/reports/317931) to Brave Software - 15 upvotes, $50 23 | 19. [Homograph attack](https://hackerone.com/reports/175286) to Brave Software - 14 upvotes, $100 24 | 20. [URL spoofing in Brave for macOS](https://hackerone.com/reports/369086) to Brave Software - 14 upvotes, $50 25 | 21. [No rate limiting for confirmation email lead to email flooding and leads to enumeration of emails in publishers.basicattentiontoken.org](https://hackerone.com/reports/854793) to Brave Software - 14 upvotes, $50 26 | 22. [Access to local file system using javascript](https://hackerone.com/reports/175979) to Brave Software - 13 upvotes, $100 27 | 23. [chrome://brave can still be navigated to, leading to RCE](https://hackerone.com/reports/415178) to Brave Software - 12 upvotes, $300 28 | 24. [[ios] Address bar spoofing in Brave for iOS](https://hackerone.com/reports/176929) to Brave Software - 12 upvotes, $50 29 | 25. [Torrent extension: Cross-origin downloading + "URL spoofing" + CSP-blocked XSS](https://hackerone.com/reports/378864) to Brave Software - 12 upvotes, $0 30 | 26. [HTTP Request Smuggling](https://hackerone.com/reports/866382) to Brave Software - 12 upvotes, $0 31 | 27. [Navigation to `chrome-extension://` origin (internal pages) from the web](https://hackerone.com/reports/378805) to Brave Software - 11 upvotes, $300 32 | 28. [Download attribute allows downloading local files](https://hackerone.com/reports/258710) to Brave Software - 11 upvotes, $100 33 | 29. [Unsafe handling of protocol handlers](https://hackerone.com/reports/369185) to Brave Software - 11 upvotes, $50 34 | 30. [application/x-brave-tab should not be readable.](https://hackerone.com/reports/258578) to Brave Software - 10 upvotes, $250 35 | 31. [Cross-origin page stays focused before/after downloading + uninformative modal window for download](https://hackerone.com/reports/375259) to Brave Software - 10 upvotes, $50 36 | 32. [Navigation to restricted origins via "Open in new tab"](https://hackerone.com/reports/369218) to Brave Software - 10 upvotes, $50 37 | 33. [Brave Browser unexpectedly allows to send arbitrary IPC messages](https://hackerone.com/reports/187542) to Brave Software - 9 upvotes, $300 38 | 34. [Torrent Viewer extension web service available on all interfaces](https://hackerone.com/reports/300181) to Brave Software - 9 upvotes, $200 39 | 35. [[Brave browser] WebTorrent has DNS rebinding vulnerability](https://hackerone.com/reports/663729) to Brave Software - 9 upvotes, $100 40 | 36. [URL spoofing using protocol handlers](https://hackerone.com/reports/373721) to Brave Software - 9 upvotes, $75 41 | 37. [[DOS] Browser hangs on loading the code snippet](https://hackerone.com/reports/181686) to Brave Software - 9 upvotes, $25 42 | 38. [Field Day With Protocol Handlers](https://hackerone.com/reports/416040) to Brave Software - 8 upvotes, $150 43 | 39. [Address Bar Spoofing - Already resolved - Retroactive report](https://hackerone.com/reports/175779) to Brave Software - 8 upvotes, $100 44 | 40. [DoS in Brave browser for iOS](https://hackerone.com/reports/357665) to Brave Software - 8 upvotes, $80 45 | 41. [[website] Script injection in newsletter signup https://brave.com/brave_youth_program_signup.html](https://hackerone.com/reports/175403) to Brave Software - 8 upvotes, $50 46 | 42. [Status Bar Obfuscation](https://hackerone.com/reports/175701) to Brave Software - 8 upvotes, $0 47 | 43. [Command Execution because of extension handling](https://hackerone.com/reports/188078) to Brave Software - 8 upvotes, $0 48 | 44. [URI Obfuscation](https://hackerone.com/reports/175529) to Brave Software - 7 upvotes, $150 49 | 45. [There is vulnebility Click Here TO fix](https://hackerone.com/reports/319036) to Brave Software - 7 upvotes, $0 50 | 46. [[iOS] URL can be replaceState by blob URL in iOS Brave](https://hackerone.com/reports/215044) to Brave Software - 6 upvotes, $100 51 | 47. [OS username disclosure](https://hackerone.com/reports/258585) to Brave Software - 6 upvotes, $100 52 | 48. [Brave Browser potentially logs the last time a Tor window was used](https://hackerone.com/reports/1024668) to Brave Software - 6 upvotes, $100 53 | 49. [2 Directory Listing on ledger.brave.com & vault-staging.brave.com](https://hackerone.com/reports/175320) to Brave Software - 6 upvotes, $50 54 | 50. [[DOS] denial of service using code snippet on brave browser](https://hackerone.com/reports/181558) to Brave Software - 6 upvotes, $25 55 | 51. [Subdomain Takeover of Brave.com](https://hackerone.com/reports/175397) to Brave Software - 6 upvotes, $0 56 | 52. [Sending arbitrary IPC messages via overriding Array.prototype.push](https://hackerone.com/reports/188561) to Brave Software - 6 upvotes, $0 57 | 53. [`alert()` dialogs on `chrome-extension://` origin (internal pages)](https://hackerone.com/reports/378809) to Brave Software - 6 upvotes, $0 58 | 54. [Denial of service attack on Brave Browser.](https://hackerone.com/reports/176066) to Brave Software - 5 upvotes, $50 59 | 55. [`settingcontent-ms` files lacks "mark of the web" =\> execute code by dbl click in Downloads toolbar](https://hackerone.com/reports/377206) to Brave Software - 5 upvotes, $0 60 | 56. [JavaScript URL Issues in the latest version of Brave Browser](https://hackerone.com/reports/176083) to Brave Software - 4 upvotes, $0 61 | 57. [invalid homepage URL causes 'uncaught typeerror' or blank state](https://hackerone.com/reports/177184) to Brave Software - 4 upvotes, $0 62 | 58. [Address bar spoofing in Brave browser via. window close warnings](https://hackerone.com/reports/208834) to Brave Software - 4 upvotes, $0 63 | 59. [Directory Listing on https://promo-services-staging.brave.com](https://hackerone.com/reports/371464) to Brave Software - 4 upvotes, $0 64 | 60. [Link obfuscation bug](https://hackerone.com/reports/669440) to Brave Software - 4 upvotes, $0 65 | 61. [[iOS] URI Obfuscation in iOS application](https://hackerone.com/reports/176159) to Brave Software - 3 upvotes, $0 66 | 62. [Javascript confirm() crashes Brave on PC](https://hackerone.com/reports/176076) to Brave Software - 3 upvotes, $0 67 | 63. [Information disclosure of website](https://hackerone.com/reports/179121) to Brave Software - 3 upvotes, $0 68 | 64. [No user confirmation when an auto-updated extension gets more permissions](https://hackerone.com/reports/199243) to Brave Software - 3 upvotes, $0 69 | 65. [Denial of service attack(window object) on brave browser](https://hackerone.com/reports/176197) to Brave Software - 2 upvotes, $100 70 | 66. [links the user may download can be a malicious files](https://hackerone.com/reports/182557) to Brave Software - 2 upvotes, $0 71 | 67. [Brave payments remembers history even after clearing all browser data.](https://hackerone.com/reports/203088) to Brave Software - 2 upvotes, $0 72 | 68. [Brave: Admin Panel Access](https://hackerone.com/reports/175366) to Brave Software - 2 upvotes, $0 73 | 69. [OPEN REDIRECTION at every 302 HTTP CODE](https://hackerone.com/reports/369447) to Brave Software - 2 upvotes, $0 74 | 70. [Cross domain tracking even with 3rd party cookies disabled.](https://hackerone.com/reports/331428) to Brave Software - 2 upvotes, $0 75 | 71. [Clickjacking or URL Masking ](https://hackerone.com/reports/204198) to Brave Software - 1 upvotes, $0 76 | 72. [homograph-attack (unicode vuln)](https://hackerone.com/reports/221461) to Brave Software - 1 upvotes, $0 77 | 73. [Remote Stack Overflow Vulnerability (DoS)](https://hackerone.com/reports/181061) to Brave Software - 1 upvotes, $0 78 | 74. [Download of (later executed) .NET installer over insecure channel](https://hackerone.com/reports/272231) to Brave Software - 1 upvotes, $0 79 | 75. [Arbitrary local code execution via DLL hijacking from executable installer](https://hackerone.com/reports/272221) to Brave Software - 1 upvotes, $0 80 | 76. [DOS in browser using window.print() function](https://hackerone.com/reports/176364) to Brave Software - 0 upvotes, $0 81 | 77. [Denial of service(POP UP Recursion) on Brave browser](https://hackerone.com/reports/179248) to Brave Software - 0 upvotes, $0 82 | 78. [Brave allows flash to follow 307 redirects to other origins with arbitrary content-types](https://hackerone.com/reports/449478) to Brave Software - 0 upvotes, $0 83 | 79. [Cross-origin resource sharing misconfiguration (CORS)](https://hackerone.com/reports/954512) to Brave Software - 0 upvotes, $0 84 | 85 | 86 | [Back](../README.md) -------------------------------------------------------------------------------- /tops_by_program/TOPCOINBASE.md: -------------------------------------------------------------------------------- 1 | [Back](../README.md) 2 | 3 | Top reports from Coinbase program at HackerOne: 4 | 5 | 1. [Ethereum account balance manipulation](https://hackerone.com/reports/300748) to Coinbase - 243 upvotes, $10000 6 | 2. [Double Payout via PayPal](https://hackerone.com/reports/307239) to Coinbase - 242 upvotes, $10000 7 | 3. [ETH contract handling errors](https://hackerone.com/reports/328526) to Coinbase - 198 upvotes, $21000 8 | 4. [Authentication Issue](https://hackerone.com/reports/176979) to Coinbase - 22 upvotes, $200 9 | 5. [HTML injection in apps user review ](https://hackerone.com/reports/104543) to Coinbase - 21 upvotes, $200 10 | 6. [[buy.coinbase.com]Content Injection](https://hackerone.com/reports/218680) to Coinbase - 20 upvotes, $100 11 | 7. [Prepopulation of email address and name leaks information provided to other merchants](https://hackerone.com/reports/316290) to Coinbase - 15 upvotes, $250 12 | 8. [Stored CSS Injection](https://hackerone.com/reports/315865) to Coinbase - 15 upvotes, $100 13 | 9. [XSSI (Cross Site Script Inclusion)](https://hackerone.com/reports/118631) to Coinbase - 13 upvotes, $200 14 | 10. [Captcha Bypass in Coinbase SignUp Form](https://hackerone.com/reports/246801) to Coinbase - 13 upvotes, $100 15 | 11. [Requestor Email Disclosure via Email Notification](https://hackerone.com/reports/202361) to Coinbase - 13 upvotes, $0 16 | 12. [Application error message](https://hackerone.com/reports/147577) to Coinbase - 11 upvotes, $100 17 | 13. [Bypassing 2FA for BTC transfers](https://hackerone.com/reports/10554) to Coinbase - 10 upvotes, $1000 18 | 14. [Email leak in transcations in Android app](https://hackerone.com/reports/126376) to Coinbase - 10 upvotes, $500 19 | 15. [Blacklist bypass on Callback URLs](https://hackerone.com/reports/53004) to Coinbase - 10 upvotes, $100 20 | 16. [Coinbase Android Application - Bitcoin Wallet Leaks OAuth Response Code](https://hackerone.com/reports/5314) to Coinbase - 9 upvotes, $1000 21 | 17. [Session Issue Maybe Can lead to huge loss [CRITICAL]](https://hackerone.com/reports/112496) to Coinbase - 9 upvotes, $1000 22 | 18. [Stored-XSS in https://www.coinbase.com/](https://hackerone.com/reports/100829) to Coinbase - 8 upvotes, $5000 23 | 19. [Information disclosure same issue #176002](https://hackerone.com/reports/248599) to Coinbase - 8 upvotes, $100 24 | 20. [OAuth authorization page vulnerable to clickjacking](https://hackerone.com/reports/65825) to Coinbase - 7 upvotes, $5000 25 | 21. [Information disclosure of user by email using buy widget](https://hackerone.com/reports/176002) to Coinbase - 6 upvotes, $100 26 | 22. [Information leakage on https://docs.gdax.com](https://hackerone.com/reports/168509) to Coinbase - 6 upvotes, $100 27 | 23. [Content Injection error page](https://hackerone.com/reports/148952) to Coinbase - 6 upvotes, $0 28 | 24. [Create Multiple Account Using Similar X-CSRF token](https://hackerone.com/reports/155726) to Coinbase - 5 upvotes, $0 29 | 25. [coinbase Email leak while sending and requesting](https://hackerone.com/reports/168289) to Coinbase - 5 upvotes, $0 30 | 26. [window.opener is leaking to external domains upon redirect on Safari](https://hackerone.com/reports/160498) to Coinbase - 4 upvotes, $300 31 | 27. [Coinbase Android Security Vulnerabilities](https://hackerone.com/reports/5786) to Coinbase - 4 upvotes, $100 32 | 28. [Race condition allowing user to review app multiple times](https://hackerone.com/reports/106360) to Coinbase - 4 upvotes, $100 33 | 29. [No authorization required in iOS device web-application](https://hackerone.com/reports/148538) to Coinbase - 4 upvotes, $0 34 | 30. [The 'Create a New Account' action is vulnerable to CSRF](https://hackerone.com/reports/109810) to Coinbase - 4 upvotes, $0 35 | 31. [Transactions visible on Unconfirmed devices](https://hackerone.com/reports/100186) to Coinbase - 3 upvotes, $500 36 | 32. [New Device confirmation tokens are not properly validated.](https://hackerone.com/reports/30238) to Coinbase - 3 upvotes, $100 37 | 33. [User email enumuration using Gmail](https://hackerone.com/reports/90308) to Coinbase - 3 upvotes, $100 38 | 34. [ByPassing the email Validation Email on Sign up process in mobile apps](https://hackerone.com/reports/57764) to Coinbase - 3 upvotes, $100 39 | 35. [No authorization required in Windows phone web-application](https://hackerone.com/reports/148537) to Coinbase - 3 upvotes, $0 40 | 36. [Open redirect on sign in ](https://hackerone.com/reports/231760) to Coinbase - 3 upvotes, $0 41 | 37. [Multiple Issues related to registering applications](https://hackerone.com/reports/5933) to Coinbase - 2 upvotes, $1000 42 | 38. [Leaking CSRF token over HTTP resulting in CSRF protection bypass](https://hackerone.com/reports/15412) to Coinbase - 2 upvotes, $1000 43 | 39. [CSRF on "Set as primary" option on the accounts page](https://hackerone.com/reports/10563) to Coinbase - 2 upvotes, $100 44 | 40. [User's legal name could be changed despite front end controls being disabled](https://hackerone.com/reports/131192) to Coinbase - 2 upvotes, $100 45 | 41. [Information Disclosure That shows the webroot of CoinBase Server](https://hackerone.com/reports/5073) to Coinbase - 2 upvotes, $0 46 | 42. [2FA settings allowed to be changed with no delay/freeze on funds](https://hackerone.com/reports/16696) to Coinbase - 2 upvotes, $0 47 | 43. [XXE in OAuth2 Applications gallery profile App logo](https://hackerone.com/reports/104620) to Coinbase - 2 upvotes, $0 48 | 44. [An adversary can overwhelm the resources by automating Forgot password/Sign Up requests](https://hackerone.com/reports/119605) to Coinbase - 2 upvotes, $0 49 | 45. [Invoice Details activate JS that filled in ](https://hackerone.com/reports/21034) to Coinbase - 1 upvotes, $1000 50 | 46. [Sandboxed iframes don't show confirmation screen](https://hackerone.com/reports/54733) to Coinbase - 1 upvotes, $1000 51 | 47. [Sending payments via QR code does not require confirmation](https://hackerone.com/reports/126784) to Coinbase - 1 upvotes, $1000 52 | 48. [Direct URL access to completed reports](https://hackerone.com/reports/109815) to Coinbase - 1 upvotes, $200 53 | 49. [Credit Card Validation Issue](https://hackerone.com/reports/29234) to Coinbase - 1 upvotes, $100 54 | 50. [OAUTH pemission set as true= lead to authorize malicious application](https://hackerone.com/reports/87561) to Coinbase - 1 upvotes, $100 55 | 51. [Window.opener bug at www.coinbase.com](https://hackerone.com/reports/181088) to Coinbase - 1 upvotes, $100 56 | 52. [User Enumeration, Information Disclosure and Lack of Rate Limitation on API](https://hackerone.com/reports/5200) to Coinbase - 1 upvotes, $0 57 | 53. [Improper Validation of the Referrer header leading to Open URL Redirection](https://hackerone.com/reports/5199) to Coinbase - 1 upvotes, $0 58 | 54. [IFRAME loaded from External Domains ](https://hackerone.com/reports/5205) to Coinbase - 1 upvotes, $0 59 | 55. [Simultaneous Session Logon : Improper Session Management](https://hackerone.com/reports/11722) to Coinbase - 1 upvotes, $0 60 | 56. [Cookie not secure](https://hackerone.com/reports/140742) to Coinbase - 1 upvotes, $0 61 | 57. [Transaction Pending Via Ip Change ](https://hackerone.com/reports/143541) to Coinbase - 1 upvotes, $0 62 | 58. [X-Frame-Options](https://hackerone.com/reports/237071) to Coinbase - 1 upvotes, $0 63 | 59. [Csrf bug on signup session](https://hackerone.com/reports/230428) to Coinbase - 1 upvotes, $0 64 | 60. [New Device Confirmation Bug](https://hackerone.com/reports/266288) to Coinbase - 1 upvotes, $0 65 | 61. [User provided values passed to PHP unset() function](https://hackerone.com/reports/292500) to Coinbase - 1 upvotes, $0 66 | 62. [Big Bug with Vault which i have already reported: Case #606962](https://hackerone.com/reports/65084) to Coinbase - 0 upvotes, $5000 67 | 63. [Misconfiguration in 2 factor allows sensitive data expose](https://hackerone.com/reports/119129) to Coinbase - 0 upvotes, $500 68 | 64. [2 factor authentication design flaw](https://hackerone.com/reports/7369) to Coinbase - 0 upvotes, $100 69 | 65. [CSRF in function "Set as primary" on accounts page](https://hackerone.com/reports/10829) to Coinbase - 0 upvotes, $100 70 | 66. [open authentication bug](https://hackerone.com/reports/48065) to Coinbase - 0 upvotes, $100 71 | 67. [New Device Confirmation, token is valid until not used. ](https://hackerone.com/reports/36594) to Coinbase - 0 upvotes, $100 72 | 68. [SPF records not found](https://hackerone.com/reports/92740) to Coinbase - 0 upvotes, $100 73 | 69. [ Cookie missing the HttpOnly flag ](https://hackerone.com/reports/5204) to Coinbase - 0 upvotes, $0 74 | 70. [Two-factor authentication (via SMS)](https://hackerone.com/reports/66223) to Coinbase - 0 upvotes, $0 75 | 71. [iframes considered harmful](https://hackerone.com/reports/55827) to Coinbase - 0 upvotes, $0 76 | 72. [Potential for Double Spend via Sign Message Utility](https://hackerone.com/reports/106315) to Coinbase - 0 upvotes, $0 77 | 73. [Balance Manipulation - BUG](https://hackerone.com/reports/94925) to Coinbase - 0 upvotes, $0 78 | 74. [Runtime manipulation iOS app breaking the PIN](https://hackerone.com/reports/80512) to Coinbase - 0 upvotes, $0 79 | 75. [Device confirmation Flaw](https://hackerone.com/reports/254869) to Coinbase - 0 upvotes, $0 80 | 76. [CSRF bug on password change](https://hackerone.com/reports/230436) to Coinbase - 0 upvotes, $0 81 | 77. [Information disclosue in Android Application](https://hackerone.com/reports/201855) to Coinbase - 0 upvotes, $0 82 | 78. [ Information disclosure in coinbase android app](https://hackerone.com/reports/192197) to Coinbase - 0 upvotes, $0 83 | 79. [Inaccurate Payment receipt ](https://hackerone.com/reports/121417) to Coinbase - 0 upvotes, $0 84 | 80. [User provided values trusted in sensitive actions](https://hackerone.com/reports/327867) to Coinbase - 0 upvotes, $0 85 | 86 | 87 | [Back](../README.md) -------------------------------------------------------------------------------- /tops_by_program/TOPCONCRETE5.md: -------------------------------------------------------------------------------- 1 | [Back](../README.md) 2 | 3 | Top reports from concrete5 program at HackerOne: 4 | 5 | 1. [Remote Code Execution (Reverse Shell) - File Manager](https://hackerone.com/reports/768322) to concrete5 - 111 upvotes, $0 6 | 2. [Time-base SQL Injection in Search Users](https://hackerone.com/reports/876800) to concrete5 - 54 upvotes, $0 7 | 3. [Password Reset link hijacking via Host Header Poisoning ](https://hackerone.com/reports/226659) to concrete5 - 51 upvotes, $0 8 | 4. [SVG file that HTML Included is able to upload via File Manager](https://hackerone.com/reports/437863) to concrete5 - 25 upvotes, $0 9 | 5. [XSS in select attribute options](https://hackerone.com/reports/753567) to concrete5 - 20 upvotes, $0 10 | 6. [SSRF thru File Replace](https://hackerone.com/reports/243865) to concrete5 - 17 upvotes, $0 11 | 7. [Reflected XSS vulnerability in Database name field on installation screen](https://hackerone.com/reports/289330) to concrete5 - 17 upvotes, $0 12 | 8. ['cnvID' parameter vulnerable to Insecure Direct Object References](https://hackerone.com/reports/265284) to concrete5 - 15 upvotes, $0 13 | 9. [Cross Site Scripting (XSS) Stored - Private messaging](https://hackerone.com/reports/768313) to concrete5 - 15 upvotes, $0 14 | 10. [Remote Code Execution through Extension Bypass on Log Functionality](https://hackerone.com/reports/841947) to concrete5 - 14 upvotes, $0 15 | 11. [Local File Inclusion path bypass](https://hackerone.com/reports/147570) to concrete5 - 13 upvotes, $0 16 | 12. [Stored XSS in Headline TextControl element in Express forms [ concrete5 8.1.0 ]](https://hackerone.com/reports/230278) to concrete5 - 12 upvotes, $0 17 | 13. [Unauthenticated reflected XSS in preview_as_user function](https://hackerone.com/reports/643442) to concrete5 - 12 upvotes, $0 18 | 14. [Bypass auth.email-domains](https://hackerone.com/reports/4795) to concrete5 - 9 upvotes, $0 19 | 15. [Local File Inclusion Vulnerability in Concrete5 version 5.7.3.1](https://hackerone.com/reports/59665) to concrete5 - 9 upvotes, $0 20 | 16. [CSRF Full Account Takeover](https://hackerone.com/reports/152052) to concrete5 - 9 upvotes, $0 21 | 17. [Stored XSS in Pages SEO dialog Name field (concrete5 8.1.0)](https://hackerone.com/reports/230029) to concrete5 - 9 upvotes, $0 22 | 18. [Stored XSS vulnerability in RSS Feeds Description field](https://hackerone.com/reports/248133) to concrete5 - 9 upvotes, $0 23 | 19. [Stored XSS in Private Messages 'Reply' allows to execute malicious JavaScript against any user while replying to the message which contains payload](https://hackerone.com/reports/247517) to concrete5 - 8 upvotes, $0 24 | 20. [HttpOnly flag not set for cookie on concrete5.org](https://hackerone.com/reports/4792) to concrete5 - 7 upvotes, $0 25 | 21. [Stored XSS in Express Objects - Concrete5 v8.1.0](https://hackerone.com/reports/221325) to concrete5 - 7 upvotes, $0 26 | 22. [Stored XSS vulnerability in additional URLs in 'Location' dialog [Sitemap]](https://hackerone.com/reports/251358) to concrete5 - 7 upvotes, $0 27 | 23. [Stored XSS on Add Event in Calendar](https://hackerone.com/reports/300532) to concrete5 - 7 upvotes, $0 28 | 24. [Stored XSS on Add Calendar](https://hackerone.com/reports/300571) to concrete5 - 7 upvotes, $0 29 | 25. [Stored XSS in the file search filter](https://hackerone.com/reports/873584) to concrete5 - 7 upvotes, $0 30 | 26. [Stored XSS in Name field in User Groups/Group Details form](https://hackerone.com/reports/247521) to concrete5 - 6 upvotes, $0 31 | 27. [Unauthenticated HTML Injection Stored - ContactUs form](https://hackerone.com/reports/768327) to concrete5 - 6 upvotes, $0 32 | 28. [Stored XSS on express entries](https://hackerone.com/reports/873474) to concrete5 - 5 upvotes, $0 33 | 29. [XSS in private message](https://hackerone.com/reports/4826) to concrete5 - 4 upvotes, $0 34 | 30. [XSS on [/concrete/concrete/elements/dashboard/sitemap.php]](https://hackerone.com/reports/6853) to concrete5 - 4 upvotes, $0 35 | 31. [Stored XSS in RSS Feeds Title (Concrete5 v8.1.0)](https://hackerone.com/reports/221380) to concrete5 - 4 upvotes, $0 36 | 32. [XSS IN member List (Because of City Textbox)](https://hackerone.com/reports/4839) to concrete5 - 3 upvotes, $0 37 | 33. [FULL PATH DISCLOSUR ](https://hackerone.com/reports/7736) to concrete5 - 3 upvotes, $0 38 | 34. [/index.php/dashboard/sitemap/explore/ Cross-site scripting](https://hackerone.com/reports/4808) to concrete5 - 2 upvotes, $0 39 | 35. [stored XSS in concrete5 5.7.2.1](https://hackerone.com/reports/38890) to concrete5 - 2 upvotes, $0 40 | 36. [SQL injection in conc/index.php/ccm/system/search/users/submit](https://hackerone.com/reports/38778) to concrete5 - 2 upvotes, $0 41 | 37. [Multiple Cross Site Request Forgery Vulnerabilities in Concrete5 version 5.7.3.1](https://hackerone.com/reports/59660) to concrete5 - 2 upvotes, $0 42 | 38. [Multiple Stored Cross Site Scripting Vulnerabilities in Concrete5 version 5.7.3.1](https://hackerone.com/reports/59662) to concrete5 - 2 upvotes, $0 43 | 39. [Content Spoofing possible in concrete5.org](https://hackerone.com/reports/168078) to concrete5 - 2 upvotes, $0 44 | 40. [Administrators can add other administrators](https://hackerone.com/reports/304642) to concrete5 - 2 upvotes, $0 45 | 41. [page_controls_menu_js can reveal collection version of page](https://hackerone.com/reports/4938) to concrete5 - 1 upvotes, $0 46 | 42. [https://concrete5.org ::: HeartBleed Attack (CVE-2014-0160)](https://hackerone.com/reports/6475) to concrete5 - 1 upvotes, $0 47 | 43. [dashboard/pages/types [Unknown column 'Array' in 'where clause'] disclosure.](https://hackerone.com/reports/4811) to concrete5 - 1 upvotes, $0 48 | 44. [CONCRETE5 - path disclosure.](https://hackerone.com/reports/4931) to concrete5 - 1 upvotes, $0 49 | 45. [broken authentication](https://hackerone.com/reports/23921) to concrete5 - 1 upvotes, $0 50 | 46. [Weak random number generator used in concrete/authentication/concrete/controller.php](https://hackerone.com/reports/31171) to concrete5 - 1 upvotes, $0 51 | 47. [Sendmail Remote Code Execution Vulnerability in Concrete5 version 5.7.3.1](https://hackerone.com/reports/59663) to concrete5 - 1 upvotes, $0 52 | 48. [No CSRF protection when creating new community points actions, and related stored XSS](https://hackerone.com/reports/65808) to concrete5 - 1 upvotes, $0 53 | 49. [Stored XSS in adding fileset](https://hackerone.com/reports/42248) to concrete5 - 1 upvotes, $0 54 | 50. [ProBlog 2.6.6 CSRF Exploit](https://hackerone.com/reports/133847) to concrete5 - 1 upvotes, $0 55 | 51. [Full Page Caching Stored XSS Vulnerability](https://hackerone.com/reports/148300) to concrete5 - 1 upvotes, $0 56 | 52. [Unsafe usage of Host HTTP header in Concrete5 version 5.7.3.1](https://hackerone.com/reports/59666) to concrete5 - 1 upvotes, $0 57 | 53. [Cross-Site Scripting in getMarketplacePurchaseFrame](https://hackerone.com/reports/6843) to concrete5 - 0 upvotes, $0 58 | 54. [XSS in Theme Preview Tools File](https://hackerone.com/reports/4777) to concrete5 - 0 upvotes, $0 59 | 55. [Stored XSS in concrete5 5.7.0.4.](https://hackerone.com/reports/30019) to concrete5 - 0 upvotes, $0 60 | 56. [Multiple Reflected Cross Site Scripting Vulnerabilities in Concrete5 version 5.7.3.1](https://hackerone.com/reports/59661) to concrete5 - 0 upvotes, $0 61 | 57. [SQL Injection Vulnerability in Concrete5 version 5.7.3.1](https://hackerone.com/reports/59664) to concrete5 - 0 upvotes, $0 62 | 58. [Stored XSS on Title of Page List in edit page list](https://hackerone.com/reports/50554) to concrete5 - 0 upvotes, $0 63 | 59. [Stored XSS on Search Title](https://hackerone.com/reports/50556) to concrete5 - 0 upvotes, $0 64 | 60. [Stored XSS in Contact Form](https://hackerone.com/reports/50564) to concrete5 - 0 upvotes, $0 65 | 61. [Stored XSS in Title of the topic List](https://hackerone.com/reports/50626) to concrete5 - 0 upvotes, $0 66 | 62. [Stored XSS in title of date navigation](https://hackerone.com/reports/50627) to concrete5 - 0 upvotes, $0 67 | 63. [Stored XSS in Feature tile ](https://hackerone.com/reports/50639) to concrete5 - 0 upvotes, $0 68 | 64. [Stored Xss in Feature Paragraph](https://hackerone.com/reports/50642) to concrete5 - 0 upvotes, $0 69 | 65. [Stored XSS in Testimonial name](https://hackerone.com/reports/50644) to concrete5 - 0 upvotes, $0 70 | 66. [Stored XSS in testimonial Company](https://hackerone.com/reports/50656) to concrete5 - 0 upvotes, $0 71 | 67. [Stored XSS in Testimonial Position](https://hackerone.com/reports/50645) to concrete5 - 0 upvotes, $0 72 | 68. [Stored XSS In Company URL](https://hackerone.com/reports/50662) to concrete5 - 0 upvotes, $0 73 | 69. [Stored XSS in Image Alt. Text](https://hackerone.com/reports/50782) to concrete5 - 0 upvotes, $0 74 | 70. [Stored XSS in Message to Display When No Pages Listed.](https://hackerone.com/reports/50780) to concrete5 - 0 upvotes, $0 75 | 71. [Stored XSS in Bio/Quote](https://hackerone.com/reports/50779) to concrete5 - 0 upvotes, $0 76 | 72. [Stored XSS on Blog's page Tile](https://hackerone.com/reports/50552) to concrete5 - 0 upvotes, $0 77 | 73. [Self Xss on File Replace](https://hackerone.com/reports/50481) to concrete5 - 0 upvotes, $0 78 | 74. [Multiple XSS Vulnerabilities in Concrete5 5.7.3.1](https://hackerone.com/reports/62294) to concrete5 - 0 upvotes, $0 79 | 75. [No csrf protection on index.php/ccm/system/user/add_group, index.php/ccm/system/user/remove_group](https://hackerone.com/reports/64184) to concrete5 - 0 upvotes, $0 80 | 76. [Host Header Injection allow HiJack Password Reset Link](https://hackerone.com/reports/301592) to concrete5 - 0 upvotes, $0 81 | 82 | 83 | [Back](../README.md) -------------------------------------------------------------------------------- /tops_by_program/TOPH1CTF.md: -------------------------------------------------------------------------------- 1 | [Back](../README.md) 2 | 3 | Top reports from h1-ctf program at HackerOne: 4 | 5 | 1. [How The Hackers Saved Christmas](https://hackerone.com/reports/1069335) to h1-ctf - 154 upvotes, $250 6 | 2. [[H1-415 2020] CTF Writeup](https://hackerone.com/reports/776634) to h1-ctf - 101 upvotes, $500 7 | 3. [[H1-415 2020] CTF Writeup](https://hackerone.com/reports/776634) to h1-ctf - 101 upvotes, $500 8 | 4. [[h1-415 2020] Spent a week and failed at solving the last step.](https://hackerone.com/reports/781265) to h1-ctf - 96 upvotes, $0 9 | 5. [[H1-2006 2020] I successfully solved it!](https://hackerone.com/reports/887818) to h1-ctf - 61 upvotes, $0 10 | 6. [[h1-415 2020] Multiple vulnerabilities leading to leaking of secret user files](https://hackerone.com/reports/780036) to h1-ctf - 55 upvotes, $0 11 | 7. [12 Days of Hacky Holidays write-up, but as a text-based RPG?](https://hackerone.com/reports/1066851) to h1-ctf - 39 upvotes, $250 12 | 8. [[H1-2006 2020] Connecting the dots to send hackers their Bug Bounty](https://hackerone.com/reports/889886) to h1-ctf - 27 upvotes, $0 13 | 9. [[H1-2006 2020] I made the CEO's bounty payment!](https://hackerone.com/reports/887816) to h1-ctf - 26 upvotes, $0 14 | 10. [[h1-415 2020] I got the flag](https://hackerone.com/reports/777099) to h1-ctf - 19 upvotes, $0 15 | 11. [[H1-2006 2020] H1-2006 CTF Writeup](https://hackerone.com/reports/887611) to h1-ctf - 19 upvotes, $0 16 | 12. [[h1-415 2020] I found Joberts missing file!](https://hackerone.com/reports/780676) to h1-ctf - 18 upvotes, $0 17 | 13. [[h1-415 2020] Multiple chained vulnerabilities lead to leaking secret document](https://hackerone.com/reports/777241) to h1-ctf - 18 upvotes, $0 18 | 14. [[h1-415 2020] h1ctf{y3s_1m_c0sm1c_n0w}](https://hackerone.com/reports/781253) to h1-ctf - 17 upvotes, $0 19 | 15. [[H1-2006 2020] Bypassing access control checks by modifying the URL, internal application state, or the HTML page, or using a custom API attack tool](https://hackerone.com/reports/895172) to h1-ctf - 17 upvotes, $0 20 | 16. [[H1-2006 2020] Flag for H1-CTF](https://hackerone.com/reports/888141) to h1-ctf - 15 upvotes, $0 21 | 17. [[H1-2006 2020] [Multiple Vulnerability] CTF Writeup - @abdilahrf_](https://hackerone.com/reports/888484) to h1-ctf - 15 upvotes, $0 22 | 18. [[H1-2006 2020] 36 hours of brain cycles utilized on solving a neat puzzle](https://hackerone.com/reports/889793) to h1-ctf - 12 upvotes, $0 23 | 19. [[h1-2006 2020] Bounty payments are done !](https://hackerone.com/reports/895824) to h1-ctf - 12 upvotes, $0 24 | 20. [Solution for hackyholiday](https://hackerone.com/reports/1065495) to h1-ctf - 11 upvotes, $500 25 | 21. [[h1-415 2020] Solution for h1415's CTF challenge](https://hackerone.com/reports/776699) to h1-ctf - 11 upvotes, $0 26 | 22. [[h1-415 2020] H1-415 CTF Writeup by W--](https://hackerone.com/reports/780285) to h1-ctf - 11 upvotes, $0 27 | 23. [[H1-2006 2020] CTF Writeup!](https://hackerone.com/reports/889293) to h1-ctf - 11 upvotes, $0 28 | 24. [[H1-2006 2020] Bounty Pay CTF challenge](https://hackerone.com/reports/895798) to h1-ctf - 11 upvotes, $0 29 | 25. [[H1-2006 2020] CTF Writeup](https://hackerone.com/reports/888939) to h1-ctf - 11 upvotes, $0 30 | 26. [[H1-2006 2020] CTF Writeup](https://hackerone.com/reports/893305) to h1-ctf - 11 upvotes, $0 31 | 27. [[h1-415 2020] Chain of vulnerabilities leading to account takeover and unauthorized access of sensitive internal resources](https://hackerone.com/reports/781281) to h1-ctf - 10 upvotes, $0 32 | 28. [[h1-415 2020] My writeup on how to retrieve the special secret document](https://hackerone.com/reports/776684) to h1-ctf - 10 upvotes, $0 33 | 29. [[h1-415 2020] SSRF in a headless chrome with remote debugging leads to sensible information leak](https://hackerone.com/reports/781295) to h1-ctf - 10 upvotes, $0 34 | 30. [[H1-2006] CTF Writeup](https://hackerone.com/reports/895778) to h1-ctf - 10 upvotes, $0 35 | 31. [[H1-2006 2020] CTF Writeup](https://hackerone.com/reports/888253) to h1-ctf - 10 upvotes, $0 36 | 32. [Invading Grinch Network and Saving Christmas](https://hackerone.com/reports/1065829) to h1-ctf - 10 upvotes, $0 37 | 33. [[h1-415 2020] finally](https://hackerone.com/reports/779910) to h1-ctf - 9 upvotes, $0 38 | 34. [Stopping Grinch to ruin XMas!](https://hackerone.com/reports/1065485) to h1-ctf - 9 upvotes, $0 39 | 35. [[H1-2006 2020] Multiple vulnerabilities allow to leak sensitive information ](https://hackerone.com/reports/895202) to h1-ctf - 8 upvotes, $0 40 | 36. [Flags for hackyholidays CTF](https://hackerone.com/reports/1065516) to h1-ctf - 8 upvotes, $0 41 | 37. [[h1-415 2020] @_bayotop h1-415-ctf writeup](https://hackerone.com/reports/779113) to h1-ctf - 7 upvotes, $0 42 | 38. [[h1-2006 2020] Write up for H1-2006 CTF](https://hackerone.com/reports/895772) to h1-ctf - 7 upvotes, $0 43 | 39. [[H1-2006 2020] CTF Writeup](https://hackerone.com/reports/887766) to h1-ctf - 7 upvotes, $0 44 | 40. [[h1-2006 2020] CTF Walkthrough](https://hackerone.com/reports/895780) to h1-ctf - 6 upvotes, $0 45 | 41. [[h1-ctf] 12 Days of Adventure to stop Grinch from ruining Christmas](https://hackerone.com/reports/1067087) to h1-ctf - 6 upvotes, $0 46 | 42. [A Visit from The Grinch ~ 'Twas the night before Hackmas...](https://hackerone.com/reports/1067912) to h1-ctf - 6 upvotes, $0 47 | 43. [Taking Grinch Down To Save Holidays](https://hackerone.com/reports/1067037) to h1-ctf - 5 upvotes, $500 48 | 44. [[H1-2006 2020] Multiple vulnerabilities leading account takeover](https://hackerone.com/reports/887700) to h1-ctf - 5 upvotes, $0 49 | 45. [[H1-2006 2020] Writeup](https://hackerone.com/reports/894170) to h1-ctf - 5 upvotes, $0 50 | 46. [h1-ctf writeup , finally paid the payments by chaining multiple bugs](https://hackerone.com/reports/894110) to h1-ctf - 5 upvotes, $0 51 | 47. [[ Hacky Holidays CTF ] Completely taken down the Grinch Networks](https://hackerone.com/reports/1066914) to h1-ctf - 5 upvotes, $0 52 | 48. [hackyholidays CTF Writeup](https://hackerone.com/reports/1069080) to h1-ctf - 5 upvotes, $0 53 | 49. [[H1-2006 2020] ^FLAG^736c635d8842751b8aafa556154eb9f3$FLAG$](https://hackerone.com/reports/888331) to h1-ctf - 4 upvotes, $0 54 | 50. [[H1-2006 2020] "Swiss Cheese" design style leads to helping Mårten Mickos pay poor hackers](https://hackerone.com/reports/890272) to h1-ctf - 4 upvotes, $0 55 | 51. [[H1-2006 2020] CTF write-up](https://hackerone.com/reports/894604) to h1-ctf - 4 upvotes, $0 56 | 52. [[H1-2006 2020] From multiple vulnerabilities to complete ATO on any customer account and staff admin](https://hackerone.com/reports/894863) to h1-ctf - 4 upvotes, $0 57 | 53. [Hackyholidays [ h1-ctf] writeup [mission:- stop the grinch ]](https://hackerone.com/reports/1069396) to h1-ctf - 4 upvotes, $0 58 | 54. [Grinchs website takendown with various other exploits](https://hackerone.com/reports/1069034) to h1-ctf - 4 upvotes, $0 59 | 55. [[H1-2006 2020] Exploiting multiple vulnerabilities to get hacker's payment ensured](https://hackerone.com/reports/894949) to h1-ctf - 3 upvotes, $0 60 | 56. [[H1-2006 2020] CTF write-up](https://hackerone.com/reports/890555) to h1-ctf - 3 upvotes, $0 61 | 57. [[h1-2006 2020] Chained vulnerabilities lead to account takeover](https://hackerone.com/reports/895650) to h1-ctf - 3 upvotes, $0 62 | 58. [[H1-2006 2020] Solution for the h1-2006 CTF challenge](https://hackerone.com/reports/891093) to h1-ctf - 3 upvotes, $0 63 | 59. [[H1-2006 2020] H1-CTF writeup](https://hackerone.com/reports/887889) to h1-ctf - 3 upvotes, $0 64 | 60. [[H1-2006 2020] CTF](https://hackerone.com/reports/887993) to h1-ctf - 3 upvotes, $0 65 | 61. [[H1-2006 2020] [CTF Writeup] A story about Bounty Payments, Collaboration & Community](https://hackerone.com/reports/892337) to h1-ctf - 3 upvotes, $0 66 | 62. [[H1-2006 2020] CTF writeup](https://hackerone.com/reports/892632) to h1-ctf - 3 upvotes, $0 67 | 63. [[H1-2006 2020] In-depth resolution of the h1-2006 CTF](https://hackerone.com/reports/894174) to h1-ctf - 3 upvotes, $0 68 | 64. [[H1-2006 2020] The Story of Making Bounty Hunters Happy](https://hackerone.com/reports/889333) to h1-ctf - 3 upvotes, $0 69 | 65. [[h1-2006 CTF] Payments for May have been processed!](https://hackerone.com/reports/894165) to h1-ctf - 3 upvotes, $0 70 | 66. [[H1-2006 2020] CTF Writeup](https://hackerone.com/reports/893395) to h1-ctf - 3 upvotes, $0 71 | 67. [[CTF] I've DDoSed Grinch Network](https://hackerone.com/reports/1065493) to h1-ctf - 3 upvotes, $0 72 | 68. [Grinch-Networks taken down - hacky holidays CTF ](https://hackerone.com/reports/1069189) to h1-ctf - 3 upvotes, $0 73 | 69. [Grinch Networks compromised!](https://hackerone.com/reports/1066504) to h1-ctf - 3 upvotes, $0 74 | 70. [h1-ctf : 12 days of hack holiday writeup](https://hackerone.com/reports/1069175) to h1-ctf - 3 upvotes, $0 75 | 71. [[H1-2006 2020] Includes 1 free content discovery](https://hackerone.com/reports/894198) to h1-ctf - 2 upvotes, $0 76 | 72. [[H1-2006 2020] Multiple vulnerabilities lead to CEO account takeover and paid bounties](https://hackerone.com/reports/890196) to h1-ctf - 2 upvotes, $0 77 | 73. [[H1-2006 2020] How I solved my first H1 CTF](https://hackerone.com/reports/895587) to h1-ctf - 2 upvotes, $0 78 | 74. [[h1-2006 CTF] Multiple vulnerabilities leading to account takeover and two-factor authentication bypass allows to send pending bounty payments](https://hackerone.com/reports/895722) to h1-ctf - 2 upvotes, $0 79 | 75. [H1 Hackyholidays CTF - The Grinch was defeated](https://hackerone.com/reports/1069467) to h1-ctf - 2 upvotes, $0 80 | 76. [h1 hacky holidays CTF solution](https://hackerone.com/reports/1065517) to h1-ctf - 2 upvotes, $0 81 | 77. [Hacky Holidays CTF Writeup](https://hackerone.com/reports/1066801) to h1-ctf - 2 upvotes, $0 82 | 78. [ctf walkthrough](https://hackerone.com/reports/1065468) to h1-ctf - 2 upvotes, $0 83 | 79. [[h1-2006 2020] Writeup h12006 CTF](https://hackerone.com/reports/895795) to h1-ctf - 1 upvotes, $0 84 | 80. [[H1-2006 2020] Got the flag](https://hackerone.com/reports/887744) to h1-ctf - 1 upvotes, $0 85 | 81. [@shakedko H1-2006 CTF writeup](https://hackerone.com/reports/894623) to h1-ctf - 1 upvotes, $0 86 | 82. [12 Days of CTF Walkthroughs](https://hackerone.com/reports/1068433) to h1-ctf - 1 upvotes, $0 87 | 83. [Writeup Submission](https://hackerone.com/reports/1068880) to h1-ctf - 1 upvotes, $0 88 | 84. [[h1ctf-Grinch Networks] MrR3b00t Saving the Christmas](https://hackerone.com/reports/1068934) to h1-ctf - 1 upvotes, $0 89 | 85. [HackyHolidays 2020 Full Write-up: Information Disclosure of 12 Flags](https://hackerone.com/reports/1068434) to h1-ctf - 1 upvotes, $0 90 | 86. [Hackyholidays CTF writeup](https://hackerone.com/reports/1065583) to h1-ctf - 1 upvotes, $0 91 | 87. [Hacky Holidays Writeup](https://hackerone.com/reports/1067835) to h1-ctf - 1 upvotes, $0 92 | 88. [Wholesome Hacky Holidays: A Writeup](https://hackerone.com/reports/1066135) to h1-ctf - 1 upvotes, $0 93 | 89. [Mission completed. Grinch Networks is down and Christmas saved.](https://hackerone.com/reports/1067090) to h1-ctf - 1 upvotes, $0 94 | 90. [HackyHolidays H1 CTF Writeup](https://hackerone.com/reports/1068881) to h1-ctf - 0 upvotes, $0 95 | 91. [Infiltrating into Grinch-Networks and saving Christmas!](https://hackerone.com/reports/1069141) to h1-ctf - 0 upvotes, $0 96 | 92. [First CTF ever!](https://hackerone.com/reports/1069263) to h1-ctf - 0 upvotes, $0 97 | 93. [Successfully took down the Grinch and saved the holidays from being ruined](https://hackerone.com/reports/1067530) to h1-ctf - 0 upvotes, $0 98 | 94. [Complete destruction of the Grinch server](https://hackerone.com/reports/1065885) to h1-ctf - 0 upvotes, $0 99 | 95. [[H1 hackyholidays] CTF Writeup](https://hackerone.com/reports/1069171) to h1-ctf - 0 upvotes, $0 100 | 96. [[hackyholidays] CTF write-up](https://hackerone.com/reports/1069376) to h1-ctf - 0 upvotes, $0 101 | 97. [[hacky-holidays] Grinch network is down](https://hackerone.com/reports/1066206) to h1-ctf - 0 upvotes, $0 102 | 98. [Hacky Holidays CTF Writeup](https://hackerone.com/reports/1066007) to h1-ctf - 0 upvotes, $0 103 | 99. [Writeup Hackyholiday CTF](https://hackerone.com/reports/1065731) to h1-ctf - 0 upvotes, $0 104 | 100. [It's just a man on a mission](https://hackerone.com/reports/1069388) to h1-ctf - 0 upvotes, $0 105 | 101. [CTF Writeup](https://hackerone.com/reports/1066233) to h1-ctf - 0 upvotes, $0 106 | 107 | 108 | [Back](../README.md) -------------------------------------------------------------------------------- /tops_by_program/TOPLOCALIZE.md: -------------------------------------------------------------------------------- 1 | [Back](../README.md) 2 | 3 | Top reports from Localize program at HackerOne: 4 | 5 | 1. [2-factor authentication can be disabled when logged in without confirming account password](https://hackerone.com/reports/783258) to Localize - 136 upvotes, $500 6 | 2. [Stored XSS in Name of Team Member Invitation](https://hackerone.com/reports/786301) to Localize - 11 upvotes, $50 7 | 3. [The password limit is not set, [DoS].](https://hackerone.com/reports/783356) to Localize - 11 upvotes, $50 8 | 4. [CSRF in adding phrase.](https://hackerone.com/reports/7962) to Localize - 10 upvotes, $0 9 | 5. [Full Path Disclosure / Info Disclosure in Creating New Group](https://hackerone.com/reports/8090) to Localize - 9 upvotes, $0 10 | 6. [Private Project Access Request Invitation Sent Via CSRF ](https://hackerone.com/reports/8226) to Localize - 6 upvotes, $0 11 | 7. [XSS & HTML injection](https://hackerone.com/reports/7876) to Localize - 5 upvotes, $0 12 | 8. [Sign-up Form CSRF](https://hackerone.com/reports/7865) to Localize - 5 upvotes, $0 13 | 9. [XSS in Groups](https://hackerone.com/reports/7868) to Localize - 4 upvotes, $0 14 | 10. [XSS in invite approval](https://hackerone.com/reports/7887) to Localize - 4 upvotes, $0 15 | 11. [XSS in main page](https://hackerone.com/reports/7882) to Localize - 4 upvotes, $0 16 | 12. [Nginx version is disclosed in HTTP response](https://hackerone.com/reports/783852) to Localize - 4 upvotes, $0 17 | 13. [XSS in main page (invitation)](https://hackerone.com/reports/7886) to Localize - 3 upvotes, $0 18 | 14. [Sensitive file](https://hackerone.com/reports/7968) to Localize - 3 upvotes, $0 19 | 15. [HTML/Javascript possible in "Discussion" section of reviews](https://hackerone.com/reports/7897) to Localize - 3 upvotes, $0 20 | 16. [Business logic Failure - Browser cache management and logout vulnerability.](https://hackerone.com/reports/7909) to Localize - 3 upvotes, $0 21 | 17. [Path Disclosure (Info Disclosure) in http://www.localize.io](https://hackerone.com/reports/7903) to Localize - 2 upvotes, $0 22 | 18. [Apache Documentation](https://hackerone.com/reports/8055) to Localize - 2 upvotes, $0 23 | 19. [Numerous open ports/services](https://hackerone.com/reports/8064) to Localize - 2 upvotes, $0 24 | 20. [Criptographic Issue: Strisct Transport Security with not good max age..(TOO SHORT!)](https://hackerone.com/reports/9008) to Localize - 2 upvotes, $0 25 | 21. [Full Path Disclosure (FPD) in www.localize.im](https://hackerone.com/reports/9256) to Localize - 2 upvotes, $0 26 | 22. [Atttacker can send "Invitation Request" to a Project that is not even created yet!](https://hackerone.com/reports/9088) to Localize - 2 upvotes, $0 27 | 23. [XSS in Localize.io](https://hackerone.com/reports/7890) to Localize - 1 upvotes, $0 28 | 24. [User credentials are sent in clear text](https://hackerone.com/reports/7950) to Localize - 1 upvotes, $0 29 | 25. [HTML Form Without CSRF protection](https://hackerone.com/reports/7863) to Localize - 1 upvotes, $0 30 | 26. [Full path disclosure](https://hackerone.com/reports/7894) to Localize - 1 upvotes, $0 31 | 27. [No Cross-Site Request Forgery protection at multiple locations](https://hackerone.com/reports/7916) to Localize - 1 upvotes, $0 32 | 28. [Unexpected array leaks information about the system](https://hackerone.com/reports/7888) to Localize - 1 upvotes, $0 33 | 29. [Information Disclosure (Directory Structure)](https://hackerone.com/reports/7930) to Localize - 1 upvotes, $0 34 | 30. [Uninitialized variable error message leaks information ](https://hackerone.com/reports/7915) to Localize - 1 upvotes, $0 35 | 31. [Full Path Disclosure (FPD) in www.localize.io](https://hackerone.com/reports/8088) to Localize - 1 upvotes, $0 36 | 32. [Full Path Disclosure / Info Disclosure in Importing XML Section!](https://hackerone.com/reports/8091) to Localize - 1 upvotes, $0 37 | 33. [Full Path Disclosure (2)](https://hackerone.com/reports/8013) to Localize - 1 upvotes, $0 38 | 34. [Full Path Disclosure](https://hackerone.com/reports/7972) to Localize - 1 upvotes, $0 39 | 35. [Assigning a non-existing role to user causes exception when opening project page](https://hackerone.com/reports/7921) to Localize - 1 upvotes, $0 40 | 36. [Password type input with auto-complete enabled](https://hackerone.com/reports/7954) to Localize - 1 upvotes, $0 41 | 37. [infinite number of new project creation!](https://hackerone.com/reports/8093) to Localize - 1 upvotes, $0 42 | 38. [XSS in password](https://hackerone.com/reports/7995) to Localize - 1 upvotes, $0 43 | 39. [Apache2 /icons/ folder accessible](https://hackerone.com/reports/7923) to Localize - 1 upvotes, $0 44 | 40. [Server header - information disclosure ](https://hackerone.com/reports/7914) to Localize - 1 upvotes, $0 45 | 41. [PHP PDOException and Full Path Disclosure](https://hackerone.com/reports/15899) to Localize - 1 upvotes, $0 46 | 42. [Full Path Disclosure (FPD) in www.localize.im](https://hackerone.com/reports/9745) to Localize - 1 upvotes, $0 47 | 43. [full path disclosure from false language](https://hackerone.com/reports/13237) to Localize - 1 upvotes, $0 48 | 44. [missing sender policy framework (SPF)](https://hackerone.com/reports/12836) to Localize - 1 upvotes, $0 49 | 45. [Deleting groups in any project without permission ](https://hackerone.com/reports/8104) to Localize - 0 upvotes, $0 50 | 46. [Making groups in any project without permission ](https://hackerone.com/reports/8102) to Localize - 0 upvotes, $0 51 | 47. [Stored XSS](https://hackerone.com/reports/7873) to Localize - 0 upvotes, $0 52 | 48. [Possible sensitive files](https://hackerone.com/reports/8019) to Localize - 0 upvotes, $0 53 | 49. [Login page password-guessing attack](https://hackerone.com/reports/8017) to Localize - 0 upvotes, $0 54 | 50. [Group Deletion Via CSRF](https://hackerone.com/reports/8218) to Localize - 0 upvotes, $0 55 | 51. [Group Creation Via CSRF](https://hackerone.com/reports/8216) to Localize - 0 upvotes, $0 56 | 52. [ Private Project Access Request Accpeted Via CSRF ](https://hackerone.com/reports/8224) to Localize - 0 upvotes, $0 57 | 53. [OPTIONS Method Enabled](https://hackerone.com/reports/8184) to Localize - 0 upvotes, $0 58 | 54. [No Wildcard DNS](https://hackerone.com/reports/8239) to Localize - 0 upvotes, $0 59 | 55. [A Serious Bug on SIGNUP Process!](https://hackerone.com/reports/7941) to Localize - 0 upvotes, $0 60 | 56. [No BruteForce Protection](https://hackerone.com/reports/7869) to Localize - 0 upvotes, $0 61 | 57. [ClickJacking](https://hackerone.com/reports/7862) to Localize - 0 upvotes, $0 62 | 58. [Change user settings through CSRF](https://hackerone.com/reports/7870) to Localize - 0 upvotes, $0 63 | 59. [Password Policy](https://hackerone.com/reports/7883) to Localize - 0 upvotes, $0 64 | 60. [X-Content-Type-Options header missing](https://hackerone.com/reports/8059) to Localize - 0 upvotes, $0 65 | 61. [Projects Watch or Notifications Settings Change Via CSRF](https://hackerone.com/reports/8273) to Localize - 0 upvotes, $0 66 | 62. [XSS in Team Only Area](https://hackerone.com/reports/10577) to Localize - 0 upvotes, $0 67 | 63. [Bug on registration as new Translator user](https://hackerone.com/reports/15679) to Localize - 0 upvotes, $0 68 | 64. [PHP PDOException and Full Path Disclosure](https://hackerone.com/reports/19363) to Localize - 0 upvotes, $0 69 | 65. [PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.](https://hackerone.com/reports/30787) to Localize - 0 upvotes, $0 70 | 66. [files likes of README.md is public](https://hackerone.com/reports/31255) to Localize - 0 upvotes, $0 71 | 72 | 73 | [Back](../README.md) -------------------------------------------------------------------------------- /tops_by_program/TOPOLX.md: -------------------------------------------------------------------------------- 1 | [Back](../README.md) 2 | 3 | Top reports from OLX program at HackerOne: 4 | 5 | 1. [XSS - main page - search[user_id] parameter](https://hackerone.com/reports/477771) to OLX - 135 upvotes, $0 6 | 2. [[Critical] Delete any account ](https://hackerone.com/reports/158872) to OLX - 112 upvotes, $0 7 | 3. [SQL Injection on https://www.olx.co.id](https://hackerone.com/reports/639876) to OLX - 71 upvotes, $0 8 | 4. [web cache deception in https://tradus.com lead to name/user_id enumeration and other info](https://hackerone.com/reports/537564) to OLX - 59 upvotes, $0 9 | 5. [SQL Injection https://www.olx.co.id](https://hackerone.com/reports/446293) to OLX - 48 upvotes, $0 10 | 6. [Reflected XSS on https://www.olx.co.id/iklan/*.html via "ad_type" parameter](https://hackerone.com/reports/630265) to OLX - 35 upvotes, $0 11 | 7. [XSS inside HTML Link Tag](https://hackerone.com/reports/504984) to OLX - 29 upvotes, $0 12 | 8. [Public Vulnerable Version of Confluence https://confluence.olx.com](https://hackerone.com/reports/207013) to OLX - 29 upvotes, $0 13 | 9. [Reflected XSS in www.olx.co.id](https://hackerone.com/reports/639796) to OLX - 27 upvotes, $0 14 | 10. [Able to list user's public name, username, phone number, address, facebook ID...](https://hackerone.com/reports/167206) to OLX - 19 upvotes, $0 15 | 11. [Search Page Reflected XSS on sharjah.dubizzle.com through unencoded output of GET parameter in JavaScript](https://hackerone.com/reports/363571) to OLX - 18 upvotes, $0 16 | 12. [Updating and Deleting any Ads on OLX Philippines ](https://hackerone.com/reports/150631) to OLX - 17 upvotes, $0 17 | 13. [Cross Site Scripting -\> Reflected XSS](https://hackerone.com/reports/150568) to OLX - 17 upvotes, $0 18 | 14. [XSS Reflected at SEARCH \>\>](https://hackerone.com/reports/429647) to OLX - 17 upvotes, $0 19 | 15. [Subdomain Takeover (http://docs.olx.ph/ , http://calendar.olx.ph/, http://sites.olx.ph/)](https://hackerone.com/reports/206516) to OLX - 16 upvotes, $0 20 | 16. [Reflective XSS at olx.ph](https://hackerone.com/reports/361647) to OLX - 15 upvotes, $0 21 | 17. [XSS @ *.letgo.com](https://hackerone.com/reports/150822) to OLX - 14 upvotes, $0 22 | 18. [Bypass CSP frame-ancestors at olx.co.za, olx.com.gh](https://hackerone.com/reports/371980) to OLX - 13 upvotes, $0 23 | 19. [Combined attacks leading to stealing user's account](https://hackerone.com/reports/205529) to OLX - 12 upvotes, $0 24 | 20. [Reflected XSS on www.olx.co.id via ad_type parameter](https://hackerone.com/reports/633751) to OLX - 12 upvotes, $0 25 | 21. [Manipulating joinolx.com Job Vacancy alert subscription emails (HTML Injection / Script Injection)](https://hackerone.com/reports/151149) to OLX - 11 upvotes, $0 26 | 22. [stored XSS in olx.pl - ogloszenie TITLE element - moderator acc can be hacked](https://hackerone.com/reports/150668) to OLX - 11 upvotes, $0 27 | 23. [I found a way to instantly take over ads by other users and change them (IDOR)](https://hackerone.com/reports/253929) to OLX - 11 upvotes, $0 28 | 24. [XSS @ yaman.olx.ph](https://hackerone.com/reports/150565) to OLX - 10 upvotes, $0 29 | 25. [Arbitrary File Reading](https://hackerone.com/reports/150783) to OLX - 10 upvotes, $0 30 | 26. [Stored XSS in buy topup OLX Gold Credits ](https://hackerone.com/reports/169625) to OLX - 10 upvotes, $0 31 | 27. [Reflected XSS on m.olx.co.id via ad_type parameter](https://hackerone.com/reports/636278) to OLX - 10 upvotes, $0 32 | 28. [Unauthorised access to olx.in user accounts. ](https://hackerone.com/reports/155130) to OLX - 9 upvotes, $0 33 | 29. [Full Account Takeover ](https://hackerone.com/reports/159202) to OLX - 9 upvotes, $0 34 | 30. [All Active user sessions should be destroyed when user change his password!](https://hackerone.com/reports/150540) to OLX - 9 upvotes, $0 35 | 31. [Bypass Rejected ads so user can view it as normal live ad.](https://hackerone.com/reports/669736) to OLX - 9 upvotes, $0 36 | 32. [load scripts DOS vulnerability](https://hackerone.com/reports/694467) to OLX - 9 upvotes, $0 37 | 33. [CSRF in account configuration leads to complete account compromise](https://hackerone.com/reports/150586) to OLX - 8 upvotes, $0 38 | 34. [Reflected XSS in www.olx.ph](https://hackerone.com/reports/150746) to OLX - 8 upvotes, $0 39 | 35. [Multiple vulnerabilities in http://blog.dubizzle.com/uae](https://hackerone.com/reports/188279) to OLX - 8 upvotes, $0 40 | 36. [Directory Listing of all the resource files of olx.com.eg ](https://hackerone.com/reports/175760) to OLX - 7 upvotes, $0 41 | 37. [XSS on Meta Tag at https://m.olx.ph](https://hackerone.com/reports/157813) to OLX - 7 upvotes, $0 42 | 38. [blog.praca.olx.pl database credentials exposure](https://hackerone.com/reports/448985) to OLX - 7 upvotes, $0 43 | 39. [XSS @ *.olx.com.ar](https://hackerone.com/reports/150560) to OLX - 6 upvotes, $0 44 | 40. [Name, email, phone and more disclosure on user ID (API)](https://hackerone.com/reports/171917) to OLX - 6 upvotes, $0 45 | 41. [Reflected XSS in [olx.qa]](https://hackerone.com/reports/191332) to OLX - 6 upvotes, $0 46 | 42. [CSRF in delete advertisement on olx.com.eg](https://hackerone.com/reports/178384) to OLX - 6 upvotes, $0 47 | 43. [XSS in OLX.pl ("title" in new advertisement)](https://hackerone.com/reports/267473) to OLX - 6 upvotes, $0 48 | 44. [XSS yaman.olx.ph](https://hackerone.com/reports/151147) to OLX - 5 upvotes, $0 49 | 45. [XSS on Home page olx.com.ar via auto save search text](https://hackerone.com/reports/151691) to OLX - 5 upvotes, $0 50 | 46. [Stored XSS on contact name](https://hackerone.com/reports/152069) to OLX - 5 upvotes, $0 51 | 47. [Reflective XSS at m.olx.ph](https://hackerone.com/reports/177230) to OLX - 5 upvotes, $0 52 | 48. [yaman.olx.ph/wordpress is using a very vulnerable version of WordPress and contains directory listing](https://hackerone.com/reports/202918) to OLX - 5 upvotes, $0 53 | 49. [Reflected XSS at yaman.olx.ph](https://hackerone.com/reports/151258) to OLX - 4 upvotes, $0 54 | 50. [these are my old reports and still i have not receive any good replys, these all are Cross Site Scripting(XSS) issues: POC1: https://www.youtube.com/w](https://hackerone.com/reports/157889) to OLX - 4 upvotes, $0 55 | 51. [full path disclosure vulnerability at https://security.olx.com/*](https://hackerone.com/reports/159481) to OLX - 4 upvotes, $0 56 | 52. [Reflected XSS at m.olx.ph](https://hackerone.com/reports/175410) to OLX - 4 upvotes, $0 57 | 53. [Reflected XSS in OLX.in](https://hackerone.com/reports/175801) to OLX - 4 upvotes, $0 58 | 54. [REFLECTED CROSS SITE SCRIPTING IN OLX](https://hackerone.com/reports/151305) to OLX - 4 upvotes, $0 59 | 55. [Reflected XSS in olx.pt](https://hackerone.com/reports/206125) to OLX - 4 upvotes, $0 60 | 56. [Bypassing Phone Verification For Posting AD On OLX](https://hackerone.com/reports/165854) to OLX - 3 upvotes, $0 61 | 57. [cross-site scripting in get request](https://hackerone.com/reports/150944) to OLX - 3 upvotes, $0 62 | 58. [ OLX is vulnerable to clickjaking](https://hackerone.com/reports/231713) to OLX - 3 upvotes, $0 63 | 59. [xss yaman.olx.ph](https://hackerone.com/reports/151310) to OLX - 2 upvotes, $0 64 | 60. [XSS and Open Redirect on https://jobs.dubizzle.com/](https://hackerone.com/reports/167107) to OLX - 2 upvotes, $0 65 | 61. [XSS and HTML Injection https://sharjah.dubizzle.com/](https://hackerone.com/reports/162296) to OLX - 2 upvotes, $0 66 | 62. [Full path disclosure vulnerability at http://corporate.olx.ph](https://hackerone.com/reports/171048) to OLX - 2 upvotes, $0 67 | 63. [Reflective XSS at dubai.dubizzle.com](https://hackerone.com/reports/177619) to OLX - 2 upvotes, $0 68 | 64. [olx.ph is vulnerable to POODLE attack](https://hackerone.com/reports/192284) to OLX - 2 upvotes, $0 69 | 65. [Server Version Of https://www.olx.ph/](https://hackerone.com/reports/197238) to OLX - 2 upvotes, $0 70 | 66. [Reflected Cross Site scripting Attack (XSS)](https://hackerone.com/reports/150837) to OLX - 0 upvotes, $0 71 | 72 | 73 | [Back](../README.md) -------------------------------------------------------------------------------- /tops_by_program/TOPOWNCLOUD.md: -------------------------------------------------------------------------------- 1 | [Back](../README.md) 2 | 3 | Top reports from ownCloud program at HackerOne: 4 | 5 | 1. [Banner Grabbing - Apache Server Version Disclousure](https://hackerone.com/reports/269467) to ownCloud - 19 upvotes, $0 6 | 2. [Arbitrary Code Injection in ownCloud’s Windows Client](https://hackerone.com/reports/155657) to ownCloud - 16 upvotes, $100 7 | 3. [Remote Code Execution through Deserialization Attack in OwnBackup app.](https://hackerone.com/reports/562335) to ownCloud - 15 upvotes, $0 8 | 4. [Password Complexity Not Enforced On Password Change](https://hackerone.com/reports/276123) to ownCloud - 9 upvotes, $0 9 | 5. [SMB User Authentication Bypass and Persistence](https://hackerone.com/reports/148151) to ownCloud - 7 upvotes, $150 10 | 6. [RCE in ci.owncloud.com / ci.owncloud.org](https://hackerone.com/reports/98559) to ownCloud - 7 upvotes, $0 11 | 7. [HTML Injection in Owncloud](https://hackerone.com/reports/215410) to ownCloud - 6 upvotes, $150 12 | 8. [[api.owncloud.org] CRLF Injection](https://hackerone.com/reports/154306) to ownCloud - 6 upvotes, $0 13 | 9. [User Information Disclosure via REST API](https://hackerone.com/reports/197786) to ownCloud - 6 upvotes, $0 14 | 10. [ownCloud 2.2.2.6192 DLL Hijacking Vulnerability](https://hackerone.com/reports/151475) to ownCloud - 5 upvotes, $50 15 | 11. [Accessable Htaccess](https://hackerone.com/reports/171272) to ownCloud - 5 upvotes, $0 16 | 12. [Outdated Jenkins server hosted at OwnCloud.org](https://hackerone.com/reports/208566) to ownCloud - 5 upvotes, $0 17 | 13. [HTML injection in Desktop Client](https://hackerone.com/reports/206877) to ownCloud - 5 upvotes, $0 18 | 14. [Exploiting unauthenticated encryption mode](https://hackerone.com/reports/108082) to ownCloud - 4 upvotes, $350 19 | 15. [Open Redirector via (apps/files_pdfviewer) for un-authenticated users.](https://hackerone.com/reports/131082) to ownCloud - 4 upvotes, $150 20 | 16. [apps.owncloud.com: Malicious file upload leads to remote code execution](https://hackerone.com/reports/84374) to ownCloud - 4 upvotes, $0 21 | 17. [[doc.owncloud.org] CRLF Injection](https://hackerone.com/reports/154275) to ownCloud - 4 upvotes, $0 22 | 18. [Stored xss](https://hackerone.com/reports/187380) to ownCloud - 4 upvotes, $0 23 | 19. [owncloud.com: Parameter pollution in social sharing buttons](https://hackerone.com/reports/106024) to ownCloud - 3 upvotes, $0 24 | 20. [Reflected XSS in owncloud.com](https://hackerone.com/reports/127259) to ownCloud - 3 upvotes, $0 25 | 21. [Cross site scripting in apps.owncloud.com](https://hackerone.com/reports/129551) to ownCloud - 3 upvotes, $0 26 | 22. [doc.owncloud.org: XSS via Referrer](https://hackerone.com/reports/130951) to ownCloud - 3 upvotes, $0 27 | 23. [bug reporting template encourages users to paste config file with passwords](https://hackerone.com/reports/196969) to ownCloud - 3 upvotes, $0 28 | 24. [doc.owncloud.com: CVE-2015-5477 BIND9 TKEY Vulnerability + Exploit (Denial of Service)](https://hackerone.com/reports/217381) to ownCloud - 3 upvotes, $0 29 | 25. [Password appears in user name field](https://hackerone.com/reports/85559) to ownCloud - 2 upvotes, $0 30 | 26. [apps.owncloud.com: SSL Server Allows Anonymous Authentication Vulnerability (SMTP)](https://hackerone.com/reports/83803) to ownCloud - 2 upvotes, $0 31 | 27. [Webview Vulnerablity [OwnCloudAndroid Application] ](https://hackerone.com/reports/87835) to ownCloud - 2 upvotes, $0 32 | 28. [apps.owncloud.com: XSS via referrer](https://hackerone.com/reports/83374) to ownCloud - 2 upvotes, $0 33 | 29. [owncloud.com: Content Sniffing not disabled](https://hackerone.com/reports/83251) to ownCloud - 2 upvotes, $0 34 | 30. [Lack of HSTS on https://apps.owncloud.com](https://hackerone.com/reports/84453) to ownCloud - 2 upvotes, $0 35 | 31. [CSRF in apps.owncloud.com](https://hackerone.com/reports/84395) to ownCloud - 2 upvotes, $0 36 | 32. [[forum.owncloud.org] IE, Edge XSS via Request-URI](https://hackerone.com/reports/154319) to ownCloud - 2 upvotes, $0 37 | 33. [password reset email spamming](https://hackerone.com/reports/224095) to ownCloud - 2 upvotes, $0 38 | 34. [owncloud.com open redirect](https://hackerone.com/reports/258632) to ownCloud - 2 upvotes, $0 39 | 35. [Information Exposure Through Directory Listing](https://hackerone.com/reports/110655) to ownCloud - 1 upvotes, $250 40 | 36. [Full Path Disclosure ](https://hackerone.com/reports/85201) to ownCloud - 1 upvotes, $25 41 | 37. [apps.owncloud.com: Edit Question didn't check ACLs](https://hackerone.com/reports/85532) to ownCloud - 1 upvotes, $0 42 | 38. [gallery_plus: Content Spoofing ](https://hackerone.com/reports/87752) to ownCloud - 1 upvotes, $0 43 | 39. [apps.owncloud.com: Path Disclosure](https://hackerone.com/reports/83801) to ownCloud - 1 upvotes, $0 44 | 40. [[s3.owncloud.com] Web Server HTTP Trace/Track Method Support ](https://hackerone.com/reports/90601) to ownCloud - 1 upvotes, $0 45 | 41. [demo.owncloud.org: HTTP compression is enabled potentially leading to BREACH attack](https://hackerone.com/reports/84105) to ownCloud - 1 upvotes, $0 46 | 42. [Config](https://hackerone.com/reports/84797) to ownCloud - 1 upvotes, $0 47 | 43. [apps.owncloud.com: Stored XSS in profile page](https://hackerone.com/reports/84371) to ownCloud - 1 upvotes, $0 48 | 44. [owncloud.com: Outdated plugins contains public exploits ](https://hackerone.com/reports/84581) to ownCloud - 1 upvotes, $0 49 | 45. [apps.owncloud.com: Potential XSS](https://hackerone.com/reports/85577) to ownCloud - 1 upvotes, $0 50 | 46. [Apache Range Header Denial of Service Attack (Confirmed PoC)](https://hackerone.com/reports/88904) to ownCloud - 1 upvotes, $0 51 | 47. [XXE at host vpn.owncloud.com](https://hackerone.com/reports/105980) to ownCloud - 1 upvotes, $0 52 | 48. [Self-XSS in mails sent by hello@owncloud.com](https://hackerone.com/reports/92111) to ownCloud - 1 upvotes, $0 53 | 49. [owncloud.com: Persistent XSS In Account Profile](https://hackerone.com/reports/116254) to ownCloud - 1 upvotes, $0 54 | 50. [owncloud.com: Account Compromise Through CSRF](https://hackerone.com/reports/84372) to ownCloud - 1 upvotes, $0 55 | 51. [doc.owncloud.org has missing PHP handler](https://hackerone.com/reports/121382) to ownCloud - 1 upvotes, $0 56 | 52. [doc.owncloud.org: X-XSS-Protection not enabled](https://hackerone.com/reports/128493) to ownCloud - 1 upvotes, $0 57 | 53. [doc.owncloud.com: PHP info page disclosure ](https://hackerone.com/reports/134216) to ownCloud - 1 upvotes, $0 58 | 54. [This is not the security issue.](https://hackerone.com/reports/257106) to ownCloud - 1 upvotes, $0 59 | 55. [Full Path Disclosure ](https://hackerone.com/reports/87505) to ownCloud - 0 upvotes, $25 60 | 56. [daily.owncloud.com: Information disclosure](https://hackerone.com/reports/84085) to ownCloud - 0 upvotes, $0 61 | 57. [owncloud.com: Allowed an attacker to force a user to change profile details. (XCSRF)](https://hackerone.com/reports/83239) to ownCloud - 0 upvotes, $0 62 | 58. [demo.owncloud.org: Web Server HTTP Trace/Track Method Support Cross-Site Tracing Vulnerability](https://hackerone.com/reports/83837) to ownCloud - 0 upvotes, $0 63 | 59. [apps.owncloud.com: SSL Session cookie without secure flag set](https://hackerone.com/reports/83710) to ownCloud - 0 upvotes, $0 64 | 60. [owncloud.com: CVE-2015-5477 BIND9 TKEY Vulnerability + Exploit (Denial of Service)](https://hackerone.com/reports/89097) to ownCloud - 0 upvotes, $0 65 | 61. [No email verification during registration](https://hackerone.com/reports/90643) to ownCloud - 0 upvotes, $0 66 | 62. [apps.owncloud.com: Mixed Active Scripting Issue ](https://hackerone.com/reports/85541) to ownCloud - 0 upvotes, $0 67 | 63. [owncloud.com: PermError SPF Permanent Error: Too many DNS lookups](https://hackerone.com/reports/83578) to ownCloud - 0 upvotes, $0 68 | 64. [owncloud.com: DOM Based XSS](https://hackerone.com/reports/83178) to ownCloud - 0 upvotes, $0 69 | 65. [owncloud.com: Cross Site Tracing](https://hackerone.com/reports/83373) to ownCloud - 0 upvotes, $0 70 | 66. [owncloud.com: WP Super Cache plugin is outdated](https://hackerone.com/reports/90980) to ownCloud - 0 upvotes, $0 71 | 67. [apps.owncloud.com: Session Cookie in URL can be captured by hackers](https://hackerone.com/reports/83667) to ownCloud - 0 upvotes, $0 72 | 68. [directory listing in https://demo.owncloud.org/doc/](https://hackerone.com/reports/105149) to ownCloud - 0 upvotes, $0 73 | 69. [apps.owncloud.com: Referer protection Bypassed](https://hackerone.com/reports/92644) to ownCloud - 0 upvotes, $0 74 | 70. [[https://test1.owncloud.com/owncloud6/] Guessable password used for admin user](https://hackerone.com/reports/107849) to ownCloud - 0 upvotes, $0 75 | 71. [Apache documentation](https://hackerone.com/reports/90321) to ownCloud - 0 upvotes, $0 76 | 72. [owncloud.help: Text Injection](https://hackerone.com/reports/112304) to ownCloud - 0 upvotes, $0 77 | 73. [s2.owncloud.com: SSL Session cookie without secure flag set](https://hackerone.com/reports/83856) to ownCloud - 0 upvotes, $0 78 | 74. [test1.owncloud.com: Web Server HTTP Trace/Track Method Support Cross-Site Tracing Vulnerability](https://hackerone.com/reports/83971) to ownCloud - 0 upvotes, $0 79 | 75. [*.owncloud.com / *.owncloud.org: Using not strong enough SSL ciphers](https://hackerone.com/reports/84078) to ownCloud - 0 upvotes, $0 80 | 76. [s2.owncloud.com: Web Server HTTP Trace/Track Method Support Cross-Site Tracing Vulnerability](https://hackerone.com/reports/83855) to ownCloud - 0 upvotes, $0 81 | 77. [Mixed Active Scripting Issue on stats.owncloud.org](https://hackerone.com/reports/108692) to ownCloud - 0 upvotes, $0 82 | 78. [otrs.owncloud.com: Reflected Cross-Site Scripting](https://hackerone.com/reports/108288) to ownCloud - 0 upvotes, $0 83 | 79. [The csrf token remains same after user logs in](https://hackerone.com/reports/111262) to ownCloud - 0 upvotes, $0 84 | 80. [No Any Kind of Protection on Delete account](https://hackerone.com/reports/113211) to ownCloud - 0 upvotes, $0 85 | 81. [DROWN Attack](https://hackerone.com/reports/119808) to ownCloud - 0 upvotes, $0 86 | 82. [apps.owncloud.com: Multiple reflected XSS by insecure URL generation (IE only)](https://hackerone.com/reports/83381) to ownCloud - 0 upvotes, $0 87 | 83. [apps.owncloud.com: CSRF change privacy settings](https://hackerone.com/reports/85565) to ownCloud - 0 upvotes, $0 88 | 89 | 90 | [Back](../README.md) -------------------------------------------------------------------------------- /tops_by_program/TOPPARAGONINITIATIVEENTERPRISES.md: -------------------------------------------------------------------------------- 1 | [Back](../README.md) 2 | 3 | Top reports from Paragon Initiative Enterprises program at HackerOne: 4 | 5 | 1. [BAD Code ! ](https://hackerone.com/reports/180074) to Paragon Initiative Enterprises - 468 upvotes, $0 6 | 2. [DMARC Not found for paragonie.com URGENT](https://hackerone.com/reports/179828) to Paragon Initiative Enterprises - 131 upvotes, $0 7 | 3. [Subdomain Takeover](https://hackerone.com/reports/180393) to Paragon Initiative Enterprises - 55 upvotes, $0 8 | 4. [I am because bug](https://hackerone.com/reports/226094) to Paragon Initiative Enterprises - 37 upvotes, $0 9 | 5. [ssl info shown ](https://hackerone.com/reports/149369) to Paragon Initiative Enterprises - 31 upvotes, $0 10 | 6. [[Critical] billion dollars issue](https://hackerone.com/reports/244836) to Paragon Initiative Enterprises - 26 upvotes, $0 11 | 7. [Stored Cross-Site-Scripting in CMS Airship's authors profiles](https://hackerone.com/reports/148741) to Paragon Initiative Enterprises - 23 upvotes, $50 12 | 8. [Site support SNI But Browser can't](https://hackerone.com/reports/149442) to Paragon Initiative Enterprises - 15 upvotes, $0 13 | 9. [Content-type sniffing leads to stored XSS in CMS Airship on Internet Explorer ](https://hackerone.com/reports/151231) to Paragon Initiative Enterprises - 15 upvotes, $0 14 | 10. [Paragonie Airship Admin CSRF on Extensions Pages](https://hackerone.com/reports/243094) to Paragon Initiative Enterprises - 11 upvotes, $100 15 | 11. [Stored XSS using SVG ](https://hackerone.com/reports/148853) to Paragon Initiative Enterprises - 11 upvotes, $50 16 | 12. [Email Spoof](https://hackerone.com/reports/115452) to Paragon Initiative Enterprises - 11 upvotes, $0 17 | 13. [Spf ](https://hackerone.com/reports/116927) to Paragon Initiative Enterprises - 11 upvotes, $0 18 | 14. [Improper access control lead To delete anyone comment](https://hackerone.com/reports/273805) to Paragon Initiative Enterprises - 8 upvotes, $100 19 | 15. [Directory Disclose,Email Disclose Zendmail vulnerability](https://hackerone.com/reports/228112) to Paragon Initiative Enterprises - 8 upvotes, $50 20 | 16. [Full directory path listing](https://hackerone.com/reports/230098) to Paragon Initiative Enterprises - 7 upvotes, $0 21 | 17. [Stored XSS in comments](https://hackerone.com/reports/148751) to Paragon Initiative Enterprises - 6 upvotes, $25 22 | 18. [[Airship CMS] Local File Inclusion - RST Parser](https://hackerone.com/reports/179034) to Paragon Initiative Enterprises - 6 upvotes, $0 23 | 19. [Incorrect detection of onion URLs](https://hackerone.com/reports/181210) to Paragon Initiative Enterprises - 5 upvotes, $50 24 | 20. [Session Management](https://hackerone.com/reports/145300) to Paragon Initiative Enterprises - 5 upvotes, $0 25 | 21. [Issue with password reset functionality [Minor]](https://hackerone.com/reports/149027) to Paragon Initiative Enterprises - 5 upvotes, $0 26 | 22. [Incomplete fix for #181225 (target=_blank vulnerability)](https://hackerone.com/reports/226104) to Paragon Initiative Enterprises - 5 upvotes, $0 27 | 23. [Open-redirect on paragonie.com](https://hackerone.com/reports/113112) to Paragon Initiative Enterprises - 4 upvotes, $50 28 | 24. [Cross-site-Scripting](https://hackerone.com/reports/226203) to Paragon Initiative Enterprises - 4 upvotes, $50 29 | 25. [Invited user to a Author profile can remove the owner of that Author](https://hackerone.com/reports/274541) to Paragon Initiative Enterprises - 4 upvotes, $50 30 | 26. [CSRF AT SUBSCRIBE TO LIST ](https://hackerone.com/reports/115323) to Paragon Initiative Enterprises - 4 upvotes, $0 31 | 27. [Airship: Persistent XSS via Comment](https://hackerone.com/reports/301973) to Paragon Initiative Enterprises - 4 upvotes, $0 32 | 28. [CSRF token does not valided during blog comment](https://hackerone.com/reports/273998) to Paragon Initiative Enterprises - 3 upvotes, $25 33 | 29. [User enumeration via Password reset page [Minor]](https://hackerone.com/reports/148911) to Paragon Initiative Enterprises - 3 upvotes, $0 34 | 30. [Email Spoofing With Your Website's Email](https://hackerone.com/reports/163156) to Paragon Initiative Enterprises - 3 upvotes, $0 35 | 31. [Broken Authentication & Session Management - Failure to Invalidate Session on all other browsers at Password change](https://hackerone.com/reports/226712) to Paragon Initiative Enterprises - 3 upvotes, $0 36 | 32. [SMTP server allows anonymous relay from internal addresses to internal addresses](https://hackerone.com/reports/144385) to Paragon Initiative Enterprises - 3 upvotes, $0 37 | 33. [Github repo's wiki publicly editable](https://hackerone.com/reports/461429) to Paragon Initiative Enterprises - 3 upvotes, $0 38 | 34. [Missing rel=noopener noreferrer in target=_blank links (Phishing attack)](https://hackerone.com/reports/181225) to Paragon Initiative Enterprises - 2 upvotes, $50 39 | 35. [Information Disclosure in Error Page](https://hackerone.com/reports/115219) to Paragon Initiative Enterprises - 2 upvotes, $0 40 | 36. [Missing SPF](https://hackerone.com/reports/115294) to Paragon Initiative Enterprises - 2 upvotes, $0 41 | 37. [Email spoofing in security@paragonie.com](https://hackerone.com/reports/148763) to Paragon Initiative Enterprises - 2 upvotes, $0 42 | 38. [Nginx Version Disclosure On Forbidden Page](https://hackerone.com/reports/148768) to Paragon Initiative Enterprises - 2 upvotes, $0 43 | 39. [Full path disclosure when CSRF validation failed ](https://hackerone.com/reports/148890) to Paragon Initiative Enterprises - 2 upvotes, $0 44 | 40. [Session Management Issue CMS Airship](https://hackerone.com/reports/148914) to Paragon Initiative Enterprises - 2 upvotes, $0 45 | 41. [[URGENT] Password reset emails are sent in clear-text (without encryption)](https://hackerone.com/reports/149028) to Paragon Initiative Enterprises - 2 upvotes, $0 46 | 42. [Full Path Disclosure by removing CSRF token](https://hackerone.com/reports/150018) to Paragon Initiative Enterprises - 2 upvotes, $0 47 | 43. [Not clearing hex-decoded variable after usage in Authentication](https://hackerone.com/reports/168293) to Paragon Initiative Enterprises - 2 upvotes, $0 48 | 44. [directory information disclose](https://hackerone.com/reports/226212) to Paragon Initiative Enterprises - 2 upvotes, $0 49 | 45. [Full Path Disclousure on https://airship.paragonie.com](https://hackerone.com/reports/226514) to Paragon Initiative Enterprises - 2 upvotes, $0 50 | 46. [no session logout after changing the password in https://bridge.cspr.ng/](https://hackerone.com/reports/226518) to Paragon Initiative Enterprises - 2 upvotes, $0 51 | 47. [Improper validation of Email ](https://hackerone.com/reports/226334) to Paragon Initiative Enterprises - 2 upvotes, $0 52 | 48. [Your Application Have Cacheable SSL Pages](https://hackerone.com/reports/115296) to Paragon Initiative Enterprises - 2 upvotes, $0 53 | 49. [Github wikis are editable by anyone https://github.com/paragonie/password_lock/wiki](https://hackerone.com/reports/661977) to Paragon Initiative Enterprises - 2 upvotes, $0 54 | 50. [Full Path Disclosure](https://hackerone.com/reports/115337) to Paragon Initiative Enterprises - 1 upvotes, $50 55 | 51. [Vunerability : spf](https://hackerone.com/reports/130990) to Paragon Initiative Enterprises - 1 upvotes, $0 56 | 52. [DNSsec not configured](https://hackerone.com/reports/115246) to Paragon Initiative Enterprises - 1 upvotes, $0 57 | 53. [The Anti-CSRF Library fails to restrict token to a particular IP address when being behind a reverse-proxy/WAF](https://hackerone.com/reports/134894) to Paragon Initiative Enterprises - 1 upvotes, $0 58 | 54. [Missing SPF for paragonie.com](https://hackerone.com/reports/115315) to Paragon Initiative Enterprises - 1 upvotes, $0 59 | 55. [SSL certificate public key less than 2048 bit](https://hackerone.com/reports/115271) to Paragon Initiative Enterprises - 1 upvotes, $0 60 | 56. [Email Authentication Bypass](https://hackerone.com/reports/135283) to Paragon Initiative Enterprises - 1 upvotes, $0 61 | 57. [Full path disclosure vulnerability on paragonie.com](https://hackerone.com/reports/145260) to Paragon Initiative Enterprises - 1 upvotes, $0 62 | 58. [Email Authentication bypass Vulnerability](https://hackerone.com/reports/115245) to Paragon Initiative Enterprises - 1 upvotes, $0 63 | 59. [Cross-domain AJAX request](https://hackerone.com/reports/113339) to Paragon Initiative Enterprises - 1 upvotes, $0 64 | 60. [Email spoofing](https://hackerone.com/reports/115232) to Paragon Initiative Enterprises - 1 upvotes, $0 65 | 61. [Missing SPF records for paragonie.com](https://hackerone.com/reports/115250) to Paragon Initiative Enterprises - 1 upvotes, $0 66 | 62. [file full path discloser.](https://hackerone.com/reports/116057) to Paragon Initiative Enterprises - 1 upvotes, $0 67 | 63. [Missing SPF for paragonie.com](https://hackerone.com/reports/115390) to Paragon Initiative Enterprises - 1 upvotes, $0 68 | 64. [Blind SQL INJ](https://hackerone.com/reports/115304) to Paragon Initiative Enterprises - 1 upvotes, $0 69 | 65. [Airship doesn't reject weak passwords](https://hackerone.com/reports/148903) to Paragon Initiative Enterprises - 1 upvotes, $0 70 | 66. [Using plain git protocol (vulnerable to MITM)](https://hackerone.com/reports/181214) to Paragon Initiative Enterprises - 1 upvotes, $0 71 | 67. [There is an vulnerability in https://bridge.cspr.ng where an attacker can users directory](https://hackerone.com/reports/226505) to Paragon Initiative Enterprises - 1 upvotes, $0 72 | 68. [Missing SPF for https://paragonie.com/](https://hackerone.com/reports/115214) to Paragon Initiative Enterprises - 0 upvotes, $0 73 | 69. [Missing GIT tag/commit verification in Docker](https://hackerone.com/reports/181212) to Paragon Initiative Enterprises - 0 upvotes, $0 74 | 70. [Not using Binary::safe* functions for substr/strlen function](https://hackerone.com/reports/181315) to Paragon Initiative Enterprises - 0 upvotes, $0 75 | 71. [Non-secure requests are not automatically upgraded to HTTPS](https://hackerone.com/reports/241950) to Paragon Initiative Enterprises - 0 upvotes, $0 76 | 72. [Full Path Disclosure in airship.paragonie.com '/cabins/'](https://hackerone.com/reports/226343) to Paragon Initiative Enterprises - 0 upvotes, $0 77 | 73. [Full Path Disclosure in password lock](https://hackerone.com/reports/115422) to Paragon Initiative Enterprises - 0 upvotes, $0 78 | 74. [Full Path Disclosure In EasyDB](https://hackerone.com/reports/119494) to Paragon Initiative Enterprises - 0 upvotes, $0 79 | 80 | 81 | [Back](../README.md) -------------------------------------------------------------------------------- /tops_by_program/TOPPHABRICATOR.md: -------------------------------------------------------------------------------- 1 | [Back](../README.md) 2 | 3 | Top reports from Phabricator program at HackerOne: 4 | 5 | 1. [Command injection on Phabricator instance with an evil hg branch name](https://hackerone.com/reports/288704) to Phabricator - 38 upvotes, $1000 6 | 2. [Phabricator is vulnerable to padding oracle attacks and chosen-ciphertext attacks.](https://hackerone.com/reports/216746) to Phabricator - 21 upvotes, $750 7 | 3. [SSRF in notifications.server configuration](https://hackerone.com/reports/850114) to Phabricator - 20 upvotes, $300 8 | 4. [Markdown parsing issue enables insertion of malicious tags](https://hackerone.com/reports/758002) to Phabricator - 18 upvotes, $500 9 | 5. [Window.opener protection Bypass](https://hackerone.com/reports/306414) to Phabricator - 18 upvotes, $300 10 | 6. [IDOR bug to See hidden slowvote of any user even when you dont have access right](https://hackerone.com/reports/661978) to Phabricator - 15 upvotes, $300 11 | 7. [User with only Viewing Privilege can send message to Room](https://hackerone.com/reports/202499) to Phabricator - 14 upvotes, $300 12 | 8. [HTML in Diffusion not escaped in certain circumstances](https://hackerone.com/reports/148865) to Phabricator - 12 upvotes, $600 13 | 9. [Window.opener fix bypass](https://hackerone.com/reports/317243) to Phabricator - 12 upvotes, $300 14 | 10. [Exposing voting results on the Slowvote application without actually voting](https://hackerone.com/reports/434116) to Phabricator - 11 upvotes, $300 15 | 11. [Differential "Show Raw File" feature exposes generated files to unauthorised users](https://hackerone.com/reports/213942) to Phabricator - 10 upvotes, $600 16 | 12. [Log in a user to another account](https://hackerone.com/reports/774) to Phabricator - 10 upvotes, $300 17 | 13. [Administrator can create user without entering high security mode](https://hackerone.com/reports/351361) to Phabricator - 10 upvotes, $300 18 | 14. [Broken Authentication and Session Management](https://hackerone.com/reports/17474) to Phabricator - 7 upvotes, $300 19 | 15. [Fetching binaries (for software installation) over HTTP without verification (RCE as ROOT by MITM)](https://hackerone.com/reports/186352) to Phabricator - 7 upvotes, $300 20 | 16. [IRC-Bot exposes information](https://hackerone.com/reports/222870) to Phabricator - 7 upvotes, $300 21 | 17. [TOTP Key is shorter than RFC 4226 recommended minimum](https://hackerone.com/reports/435648) to Phabricator - 6 upvotes, $300 22 | 18. [Improperly implemented password recovery link functionality](https://hackerone.com/reports/809) to Phabricator - 5 upvotes, $300 23 | 19. [Persistent XSS: Editor link](https://hackerone.com/reports/4114) to Phabricator - 5 upvotes, $300 24 | 20. [OAuth Stealing Attack (New)](https://hackerone.com/reports/3930) to Phabricator - 4 upvotes, $400 25 | 21. [The special code in editor has no Authority control and can lead to Information Disclosure](https://hackerone.com/reports/221950) to Phabricator - 4 upvotes, $0 26 | 22. [Bypass auth.email-domains](https://hackerone.com/reports/2224) to Phabricator - 3 upvotes, $1000 27 | 23. [Bypass auth.email-domains (2)](https://hackerone.com/reports/2233) to Phabricator - 3 upvotes, $500 28 | 24. [OAuth access_token stealing in Phabricator](https://hackerone.com/reports/3596) to Phabricator - 3 upvotes, $450 29 | 25. [UnAuthorized Editorial Publishing to Blogs](https://hackerone.com/reports/3356) to Phabricator - 3 upvotes, $300 30 | 26. [Control character allowed in username](https://hackerone.com/reports/3921) to Phabricator - 3 upvotes, $300 31 | 27. [Error page Text Injection.](https://hackerone.com/reports/156196) to Phabricator - 3 upvotes, $0 32 | 28. [Enumerating emails through "Forgot Password" form](https://hackerone.com/reports/203614) to Phabricator - 3 upvotes, $0 33 | 29. [Restricted file access when it exists in old versions of task or wiki document](https://hackerone.com/reports/203658) to Phabricator - 3 upvotes, $0 34 | 30. [Autoclose can close any task regardless of policies/spaces](https://hackerone.com/reports/220909) to Phabricator - 3 upvotes, $0 35 | 31. [Request vulnerable to CSRF](https://hackerone.com/reports/513137) to Phabricator - 3 upvotes, $0 36 | 32. [Issue:Form does not contain an anti-CSRF token](https://hackerone.com/reports/513134) to Phabricator - 3 upvotes, $0 37 | 33. [Login CSRF using Twitter OAuth](https://hackerone.com/reports/2228) to Phabricator - 2 upvotes, $300 38 | 34. [Content Spoofing through URL](https://hackerone.com/reports/28792) to Phabricator - 2 upvotes, $0 39 | 35. [Password Policy issue](https://hackerone.com/reports/26758) to Phabricator - 2 upvotes, $0 40 | 36. [link reset problem](https://hackerone.com/reports/164483) to Phabricator - 2 upvotes, $0 41 | 37. [An unsafe design practice in the Passphrase may result in Secret being accidentally changed.](https://hackerone.com/reports/218324) to Phabricator - 2 upvotes, $0 42 | 38. [The mailbox verification API interface is unlimited and can be used as a mailbox bomb](https://hackerone.com/reports/221948) to Phabricator - 2 upvotes, $0 43 | 39. [XSS in editor by any user](https://hackerone.com/reports/18691) to Phabricator - 1 upvotes, $1000 44 | 40. [Multiple so called 'type juggling' attacks. Most notably PhabricatorUser::validateCSRFToken() is 'bypassable' in certain cases.](https://hackerone.com/reports/86022) to Phabricator - 1 upvotes, $450 45 | 41. [Open redirection on secure.phabricator.com](https://hackerone.com/reports/25160) to Phabricator - 1 upvotes, $400 46 | 42. [Abusing daemon logs for Privilege escalation under certain scenarios](https://hackerone.com/reports/16392) to Phabricator - 1 upvotes, $300 47 | 43. [Forgot Password Issue](https://hackerone.com/reports/23363) to Phabricator - 1 upvotes, $300 48 | 44. [Phabricator Diffusion application allows unauthorized users to delete mirrors](https://hackerone.com/reports/38965) to Phabricator - 1 upvotes, $300 49 | 45. [Passphrase credential lock bypass](https://hackerone.com/reports/139626) to Phabricator - 1 upvotes, $300 50 | 46. [CSRF token valid even after the session logout of a particular user](https://hackerone.com/reports/2857) to Phabricator - 1 upvotes, $0 51 | 47. [Back - Refresh - Attack To Obtain User Credentials](https://hackerone.com/reports/21064) to Phabricator - 1 upvotes, $0 52 | 48. [Password Reset Links Not Expiring](https://hackerone.com/reports/22858) to Phabricator - 1 upvotes, $0 53 | 49. [Content spoofing](https://hackerone.com/reports/27564) to Phabricator - 1 upvotes, $0 54 | 50. [Content injection ](https://hackerone.com/reports/36112) to Phabricator - 1 upvotes, $0 55 | 51. [Server Side Request Forgery in macro creation](https://hackerone.com/reports/50537) to Phabricator - 1 upvotes, $0 56 | 52. [No authentication required to add an email address.](https://hackerone.com/reports/139965) to Phabricator - 1 upvotes, $0 57 | 53. [Full path disclosure](https://hackerone.com/reports/143575) to Phabricator - 1 upvotes, $0 58 | 54. [Hyper Link Injection In email and Space Characters Allowed at Password Field.](https://hackerone.com/reports/252699) to Phabricator - 1 upvotes, $0 59 | 55. [Credential gets exposed](https://hackerone.com/reports/255132) to Phabricator - 1 upvotes, $0 60 | 56. [The "Download Raw Diff" URL is viewable by everyone](https://hackerone.com/reports/356408) to Phabricator - 1 upvotes, $0 61 | 57. [Abusing VCS control on phabricator](https://hackerone.com/reports/16315) to Phabricator - 0 upvotes, $600 62 | 58. [Phabricator Phame Blog Skins Local File Inclusion](https://hackerone.com/reports/39428) to Phabricator - 0 upvotes, $500 63 | 59. [SSRF vulnerability (access to metadata server on EC2 and OpenStack)](https://hackerone.com/reports/53088) to Phabricator - 0 upvotes, $300 64 | 60. [XSS with Time-of-Day Format](https://hackerone.com/reports/52822) to Phabricator - 0 upvotes, $300 65 | 61. [Information leakage through Graphviz blocks](https://hackerone.com/reports/88395) to Phabricator - 0 upvotes, $300 66 | 62. [Extended policy checks are buggy](https://hackerone.com/reports/109959) to Phabricator - 0 upvotes, $300 67 | 63. [Dashboard panel embedded onto itself causes a denial of service](https://hackerone.com/reports/85011) to Phabricator - 0 upvotes, $0 68 | 64. [libphutil: removing bytes from a PhutilRope does not work as intended](https://hackerone.com/reports/105657) to Phabricator - 0 upvotes, $0 69 | 70 | 71 | [Back](../README.md) -------------------------------------------------------------------------------- /tops_by_program/TOPPORNHUB.md: -------------------------------------------------------------------------------- 1 | [Back](../README.md) 2 | 3 | Top reports from Pornhub program at HackerOne: 4 | 5 | 1. [[phpobject in cookie] Remote shell/command execution](https://hackerone.com/reports/141956) to Pornhub - 588 upvotes, $20000 6 | 2. [Publicly exposed SVN repository, ht.pornhub.com](https://hackerone.com/reports/72243) to Pornhub - 202 upvotes, $10000 7 | 3. [Multiple endpoints are vulnerable to XML External Entity injection (XXE) ](https://hackerone.com/reports/72272) to Pornhub - 134 upvotes, $2500 8 | 4. [vulnerabilitie](https://hackerone.com/reports/137723) to Pornhub - 127 upvotes, $0 9 | 5. [[RCE] Unserialize to XXE - file disclosure on ams.upload.pornhub.com](https://hackerone.com/reports/142562) to Pornhub - 87 upvotes, $10000 10 | 6. [xss](https://hackerone.com/reports/306554) to Pornhub - 83 upvotes, $100 11 | 7. [Unsecured DB instance](https://hackerone.com/reports/189192) to Pornhub - 66 upvotes, $5000 12 | 8. [[idor] Unauthorized Read access to all the private posts(Including Photos,Videos,Gifs)](https://hackerone.com/reports/148764) to Pornhub - 56 upvotes, $1500 13 | 9. [Wordpress Content injection ](https://hackerone.com/reports/202949) to Pornhub - 45 upvotes, $1500 14 | 10. [Stored XSS in photo comment functionality](https://hackerone.com/reports/172227) to Pornhub - 41 upvotes, $1500 15 | 11. [Stored XSS (client-side, using cookie poisoning) on the pornhubpremium.com](https://hackerone.com/reports/311948) to Pornhub - 39 upvotes, $250 16 | 12. [RCE Possible Via Video Manager Export using @ character in Video Title](https://hackerone.com/reports/146593) to Pornhub - 36 upvotes, $500 17 | 13. [Unsecured Elasticsearch Instance](https://hackerone.com/reports/267161) to Pornhub - 35 upvotes, $3500 18 | 14. [[stored xss, pornhub.com] stream post function](https://hackerone.com/reports/138075) to Pornhub - 35 upvotes, $1500 19 | 15. [IDOR - disclosure of private videos - /api_android_v3/getUserVideos](https://hackerone.com/reports/186279) to Pornhub - 29 upvotes, $1500 20 | 16. [Weak user aunthentication on mobile application - I just broken userKey secret password](https://hackerone.com/reports/138101) to Pornhub - 27 upvotes, $5000 21 | 17. [[IDOR] post to anyone even if their stream is restricted to friends only](https://hackerone.com/reports/137954) to Pornhub - 27 upvotes, $1500 22 | 18. [[IDOR] Deleting other users comment](https://hackerone.com/reports/138243) to Pornhub - 23 upvotes, $1000 23 | 19. [Single User DOS by Poisoning Cookie via Get Parameter](https://hackerone.com/reports/416966) to Pornhub - 21 upvotes, $50 24 | 20. [Possibility to insert stored XSS inside \ tag](https://hackerone.com/reports/267643) to Pornhub - 19 upvotes, $1500 25 | 21. [XSS vulnerability using GIF tags](https://hackerone.com/reports/191674) to Pornhub - 18 upvotes, $1000 26 | 22. [Unsecured Kibana/Elasticsearch instance](https://hackerone.com/reports/188482) to Pornhub - 16 upvotes, $750 27 | 23. [Partial disclosure of Private Videos through data-mediabook attribute information leak](https://hackerone.com/reports/228495) to Pornhub - 16 upvotes, $250 28 | 24. [Self-XSS to Good-XSS - pornhub.com](https://hackerone.com/reports/761904) to Pornhub - 16 upvotes, $250 29 | 25. [Unsecured Grafana instance](https://hackerone.com/reports/167585) to Pornhub - 15 upvotes, $750 30 | 26. [Mobile Reflect XSS / CSRF at Advertisement Section on Search page](https://hackerone.com/reports/379705) to Pornhub - 15 upvotes, $200 31 | 27. [Private Photo Disclosure - /user/stream_photo_attach?load=album&id= endpoint](https://hackerone.com/reports/141868) to Pornhub - 14 upvotes, $1000 32 | 28. [Stored XSS in the any user profile using website link](https://hackerone.com/reports/242213) to Pornhub - 14 upvotes, $500 33 | 29. [Mixed Reflected-Stored XSS on pornhub.com (without user interaction) in the playlist playing section](https://hackerone.com/reports/222506) to Pornhub - 13 upvotes, $350 34 | 30. [XSS on pornhubselect.com](https://hackerone.com/reports/222556) to Pornhub - 13 upvotes, $0 35 | 31. [(Pornhub & Youporn & Brazzers ANDROID APP) : Upload Malicious APK / Overrite Existing APK / Android BackOffice Access ](https://hackerone.com/reports/142352) to Pornhub - 11 upvotes, $1500 36 | 32. [Blind Stored XSS against Pornhub employees using Amateur Model Program](https://hackerone.com/reports/216379) to Pornhub - 11 upvotes, $500 37 | 33. [Public Facing Barracuda Login](https://hackerone.com/reports/119918) to Pornhub - 11 upvotes, $250 38 | 34. [XSS Vulnerability at https://www.pornhubpremium.com/premium_signup? URL endpoint ](https://hackerone.com/reports/202548) to Pornhub - 11 upvotes, $250 39 | 35. [Race Condition Vulnerability On Pornhubpremium.com](https://hackerone.com/reports/183624) to Pornhub - 10 upvotes, $520 40 | 36. [Reflected XSS in login redirection module](https://hackerone.com/reports/216806) to Pornhub - 10 upvotes, $250 41 | 37. [Debug.log file Exposed to Public \Full Path Disclosure\](https://hackerone.com/reports/202939) to Pornhub - 10 upvotes, $0 42 | 38. [[ssrf] libav vulnerable during conversion of uploaded videos](https://hackerone.com/reports/111269) to Pornhub - 9 upvotes, $1500 43 | 39. [Disclosure of private photos/albums - http://www.pornhub.com/album/show_image_box](https://hackerone.com/reports/167582) to Pornhub - 9 upvotes, $750 44 | 40. [Stored XSS on the http://ht.pornhub.com/widgets/](https://hackerone.com/reports/186613) to Pornhub - 9 upvotes, $150 45 | 41. [Reflected XSS by way of jQuery function](https://hackerone.com/reports/141493) to Pornhub - 9 upvotes, $50 46 | 42. [Unprotected Memcache Installation running](https://hackerone.com/reports/119871) to Pornhub - 8 upvotes, $2500 47 | 43. [pornhub.com/user/welcome/basicinfo nickname field is vulnerable on xss](https://hackerone.com/reports/241198) to Pornhub - 8 upvotes, $750 48 | 44. [ Same-Origin Method Execution bug in plupload.flash.swf on /insights](https://hackerone.com/reports/138226) to Pornhub - 8 upvotes, $150 49 | 45. [CSV Macro injection in Video Manager (CEMI)](https://hackerone.com/reports/137850) to Pornhub - 8 upvotes, $100 50 | 46. [PornIQ Reflected Cross-Site Scripting](https://hackerone.com/reports/105486) to Pornhub - 7 upvotes, $250 51 | 47. [[idor] Profile Admin can pin any other user's post on his stream wall](https://hackerone.com/reports/138852) to Pornhub - 6 upvotes, $750 52 | 48. [[crossdomain.xml] Dangerous Flash Cross-Domain Policy](https://hackerone.com/reports/105655) to Pornhub - 6 upvotes, $50 53 | 49. [http://ht.pornhub.com/ stored XSS in widget stylesheet](https://hackerone.com/reports/207792) to Pornhub - 6 upvotes, $50 54 | 50. [Private videos can be added to our playlists](https://hackerone.com/reports/246819) to Pornhub - 6 upvotes, $0 55 | 51. [Unauthenticated access to Content Management System - www1.pornhubpremium.com](https://hackerone.com/reports/72735) to Pornhub - 5 upvotes, $5000 56 | 52. [SSRF & XSS (W3 Total Cache)](https://hackerone.com/reports/138721) to Pornhub - 5 upvotes, $1000 57 | 53. [Reflected cross-site scripting (XSS) vulnerability in pornhub.com allows attackers to inject arbitrary web script or HTML.](https://hackerone.com/reports/182132) to Pornhub - 5 upvotes, $200 58 | 54. [HTTP Track/Trace Method Enabled](https://hackerone.com/reports/119860) to Pornhub - 4 upvotes, $50 59 | 55. [Reflected Cross-Site Scripting on French subdomain](https://hackerone.com/reports/101108) to Pornhub - 3 upvotes, $250 60 | 56. [Cross Site Scripting - On Mouse Over, Blog page](https://hackerone.com/reports/100552) to Pornhub - 3 upvotes, $250 61 | 57. [[xss, pornhub.com] /user/[username], multiple parameters](https://hackerone.com/reports/100550) to Pornhub - 3 upvotes, $250 62 | 58. [XSS Reflected incategories*p](https://hackerone.com/reports/138046) to Pornhub - 3 upvotes, $250 63 | 59. [XSS ReflectedGET /*embed_player*?](https://hackerone.com/reports/138045) to Pornhub - 3 upvotes, $250 64 | 60. [[xss] pornhubpremium.com, /redeem?code= URL endpoint ](https://hackerone.com/reports/202536) to Pornhub - 3 upvotes, $250 65 | 61. [[reflected xss, pornhub.com] /blog, any](https://hackerone.com/reports/83566) to Pornhub - 3 upvotes, $100 66 | 62. [Cross Site Scripting – Album Page](https://hackerone.com/reports/82929) to Pornhub - 3 upvotes, $50 67 | 63. [Reflected XSS on ht.pornhub.com - /export/GetPreview](https://hackerone.com/reports/216469) to Pornhub - 1 upvotes, $0 68 | 69 | 70 | [Back](../README.md) -------------------------------------------------------------------------------- /tops_by_program/TOPQIWI.md: -------------------------------------------------------------------------------- 1 | [Back](../README.md) 2 | 3 | Top reports from QIWI program at HackerOne: 4 | 5 | 1. [SQL injection on contactws.contact-sys.com in TScenObject action ScenObjects leads to remote code execution](https://hackerone.com/reports/816254) to QIWI - 442 upvotes, $5500 6 | 2. [Remote Code Execution on contactws.contact-sys.com via SQL injection in TCertObject operation "Delete"](https://hackerone.com/reports/816086) to QIWI - 183 upvotes, $1000 7 | 3. [SQL injection on contactws.contact-sys.com in TRateObject.AddForOffice in USER_ID parameter leads to remote code execution](https://hackerone.com/reports/816560) to QIWI - 107 upvotes, $1000 8 | 4. [account takeover https://qiwi.me ](https://hackerone.com/reports/685304) to QIWI - 105 upvotes, $750 9 | 5. [account takeover https://idea.qiwi.com/ ](https://hackerone.com/reports/464426) to QIWI - 85 upvotes, $300 10 | 6. [DOM XSS triggered in secure support desk](https://hackerone.com/reports/512065) to QIWI - 63 upvotes, $500 11 | 7. [Обход комиссии на переводы](https://hackerone.com/reports/604560) to QIWI - 55 upvotes, $1050 12 | 8. [XXE on ██████████ by bypassing WAF ████](https://hackerone.com/reports/433996) to QIWI - 49 upvotes, $5000 13 | 9. [[contact-sys.com] SQL Injection████ limit param](https://hackerone.com/reports/164945) to QIWI - 48 upvotes, $250 14 | 10. [account takeover https://teamplay.qiwi.com](https://hackerone.com/reports/439207) to QIWI - 40 upvotes, $500 15 | 11. [XML External Entity (XXE) in qiwi.com + waf bypass](https://hackerone.com/reports/99279) to QIWI - 39 upvotes, $3137 16 | 12. [apache access.log leakage via long request on https://rapida.ru/](https://hackerone.com/reports/280912) to QIWI - 38 upvotes, $100 17 | 13. [[qiwi.me] Stored XSS](https://hackerone.com/reports/736236) to QIWI - 37 upvotes, $500 18 | 14. [[p2p.qiwi.com] nginx alias traversal](https://hackerone.com/reports/455858) to QIWI - 34 upvotes, $150 19 | 15. [Обход комиссии при оплате картой](https://hackerone.com/reports/654851) to QIWI - 32 upvotes, $1000 20 | 16. [[lk.contact-sys.com] SQL Injection reset_password FP_LK_USER_LOGIN](https://hackerone.com/reports/164684) to QIWI - 32 upvotes, $300 21 | 17. [XSS https://agent.postamat.tech/ в профиле + дисклоз секретной информации](https://hackerone.com/reports/365093) to QIWI - 30 upvotes, $200 22 | 18. [[qiwi.com] XSS on payment form](https://hackerone.com/reports/263684) to QIWI - 28 upvotes, $550 23 | 19. [Обход комиссии на переводы](https://hackerone.com/reports/691766) to QIWI - 21 upvotes, $1000 24 | 20. [[lk.contact-sys.com] LKlang Path Traversal](https://hackerone.com/reports/164933) to QIWI - 21 upvotes, $150 25 | 21. [[contact-sys.com] XSS /ajax/transfer/status trn param](https://hackerone.com/reports/164704) to QIWI - 21 upvotes, $100 26 | 22. [[*.rocketbank.ru] Web Cache Deception & XSS](https://hackerone.com/reports/415168) to QIWI - 19 upvotes, $200 27 | 23. [[id.rapida.ru] Full Path Disclosure](https://hackerone.com/reports/165219) to QIWI - 19 upvotes, $50 28 | 24. [[send.qiwi.ru] Soap-based XXE vulnerability /soapserver/ ](https://hackerone.com/reports/36450) to QIWI - 17 upvotes, $1000 29 | 25. [[qiwi.com] Oauth захват аккаунта](https://hackerone.com/reports/159507) to QIWI - 17 upvotes, $950 30 | 26. [Возможность регистрации на сайте qiwi.com на любой номер телефона](https://hackerone.com/reports/420163) to QIWI - 17 upvotes, $200 31 | 27. [Небезопасная схема выдачи номера карты QVC (возможно, также QVV и QVP)](https://hackerone.com/reports/87586) to QIWI - 17 upvotes, $200 32 | 28. [IDOR редактирование любого вишлиста](https://hackerone.com/reports/736065) to QIWI - 16 upvotes, $500 33 | 29. [[wallet.rapida.ru] XSS Cookie flashcookie](https://hackerone.com/reports/164662) to QIWI - 16 upvotes, $100 34 | 30. [Information disclosure on https://paycard.rapida.ru](https://hackerone.com/reports/299552) to QIWI - 15 upvotes, $100 35 | 31. [https://fundl.qiwi.com CSRF на подтверждении sms ](https://hackerone.com/reports/301718) to QIWI - 15 upvotes, $100 36 | 32. [[sms.qiwi.ru] XSS via Request-URI](https://hackerone.com/reports/38345) to QIWI - 15 upvotes, $100 37 | 33. [[ibank.qiwi.ru] XSS via Request-URI](https://hackerone.com/reports/164152) to QIWI - 14 upvotes, $150 38 | 34. [[contact-sys.com] XSS via Request-URI](https://hackerone.com/reports/164656) to QIWI - 14 upvotes, $100 39 | 35. [Слив какого-то access токена](https://hackerone.com/reports/735971) to QIWI - 13 upvotes, $200 40 | 36. [Imformation Disclosure on id.rapida.ru](https://hackerone.com/reports/318571) to QIWI - 13 upvotes, $100 41 | 37. [Каким-то образом получил чужой платеж к себе на копилку https://qiwi.me/undefined](https://hackerone.com/reports/487296) to QIWI - 13 upvotes, $50 42 | 38. [[qiwi.com] Information Disclosure](https://hackerone.com/reports/164168) to QIWI - 12 upvotes, $150 43 | 39. [[XSS/pay.qiwi.com] Pay SubDomain Hard-Use XSS](https://hackerone.com/reports/198251) to QIWI - 12 upvotes, $150 44 | 40. [Nickname disclosure through web-chat](https://hackerone.com/reports/569350) to QIWI - 12 upvotes, $150 45 | 41. [[vitrina.contact-sys.com] Full Path Disclosure](https://hackerone.com/reports/178284) to QIWI - 12 upvotes, $100 46 | 42. [[qiwi.me] No limits on image download requests](https://hackerone.com/reports/227806) to QIWI - 12 upvotes, $100 47 | 43. [hard-use account takeover qiwi.com](https://hackerone.com/reports/691698) to QIWI - 11 upvotes, $300 48 | 44. [[qiwi.com] .bash_history](https://hackerone.com/reports/190195) to QIWI - 10 upvotes, $100 49 | 45. [Раскрытие баланса на //kopilka.qiwi.com](https://hackerone.com/reports/178049) to QIWI - 8 upvotes, $300 50 | 46. [[XSS/3dsecure.qiwi.com] 3DSecure XSS](https://hackerone.com/reports/198249) to QIWI - 8 upvotes, $250 51 | 47. [[rubm.qiwi.com] Yui charts.swf XSS](https://hackerone.com/reports/104488) to QIWI - 8 upvotes, $200 52 | 48. [Xss on billing](https://hackerone.com/reports/151034) to QIWI - 8 upvotes, $200 53 | 49. [какой-то исходный код в корне сайта](https://hackerone.com/reports/714024) to QIWI - 8 upvotes, $50 54 | 50. [Раскрытие чувствительной информации composer.lock docker-compose.yml ](https://hackerone.com/reports/714186) to QIWI - 7 upvotes, $100 55 | 51. [[ibank.qiwi.ru] UI Redressing via Request-URI](https://hackerone.com/reports/164153) to QIWI - 6 upvotes, $150 56 | 52. [Stored xss in agent.qiwi.com](https://hackerone.com/reports/38012) to QIWI - 6 upvotes, $100 57 | 53. [Open Redirect in meeting.qiwi.com](https://hackerone.com/reports/100200) to QIWI - 6 upvotes, $100 58 | 54. [Content Spoofing in mango.qiwi.com](https://hackerone.com/reports/118066) to QIWI - 5 upvotes, $150 59 | 55. [Keychain data persistence may lead to account takeover](https://hackerone.com/reports/761975) to QIWI - 4 upvotes, $100 60 | 56. [Открытый доступ к корпоративным данным.](https://hackerone.com/reports/79393) to QIWI - 3 upvotes, $500 61 | 57. [https://teamplay.qiwi.com/ накрутка баллов =\> финансовые убытки для компании](https://hackerone.com/reports/441204) to QIWI - 3 upvotes, $500 62 | 58. [[wallet.rapida.ru] Mass SMS flood](https://hackerone.com/reports/209368) to QIWI - 3 upvotes, $200 63 | 59. [[qiwi.com] Open Redirect](https://hackerone.com/reports/38157) to QIWI - 3 upvotes, $150 64 | 60. [[ishop.qiwi.com] XSS + Misconfiguration](https://hackerone.com/reports/47536) to QIWI - 2 upvotes, $200 65 | 61. [Session Cookie without HttpOnly and secure flag set](https://hackerone.com/reports/75357) to QIWI - 2 upvotes, $100 66 | 62. [CRLF Injection [ishop.qiwi.com]](https://hackerone.com/reports/36105) to QIWI - 1 upvotes, $250 67 | 63. [[static.qiwi.com] XSS proxy.html](https://hackerone.com/reports/35363) to QIWI - 1 upvotes, $200 68 | 64. [[qiwi.com] /oauth/confirm.action XSS](https://hackerone.com/reports/36319) to QIWI - 1 upvotes, $100 69 | 65. [Code for registration of qiwi account is not coming even after a long interval of time for Indian mobile number](https://hackerone.com/reports/35532) to QIWI - 1 upvotes, $0 70 | 66. [Metadata in hosted files is disclosing Usernames, Printers, paths, admin guides. emails](https://hackerone.com/reports/36586) to QIWI - 1 upvotes, $0 71 | 67. [SSL Certificate on qiwi.com will expire soon.](https://hackerone.com/reports/134145) to QIWI - 1 upvotes, $0 72 | 68. [[send.qiwi.ru] XSS at auth?login=](https://hackerone.com/reports/35413) to QIWI - 0 upvotes, $200 73 | 69. [XSS Reflected in test.qiwi.ru](https://hackerone.com/reports/98281) to QIWI - 0 upvotes, $200 74 | 75 | 76 | [Back](../README.md) -------------------------------------------------------------------------------- /tops_by_program/TOPRAZER.md: -------------------------------------------------------------------------------- 1 | [Back](../README.md) 2 | 3 | Top reports from Razer program at HackerOne: 4 | 5 | 1. [🐞 OS Command Injection at https://sea-web.gold.razer.com/lab/ws-lookup via IP parameter](https://hackerone.com/reports/821962) to Razer - 676 upvotes, $2000 6 | 2. [🐞 OS Command Injection at https://sea-web.gold.razer.com/lab/ws-lookup via IP parameter](https://hackerone.com/reports/821962) to Razer - 676 upvotes, $2000 7 | 3. [SQL injection at https://sea-web.gold.razer.com/ajax-get-status.php via txid parameter](https://hackerone.com/reports/819738) to Razer - 580 upvotes, $2000 8 | 4. [SQL Injection in https://api-my.pay.razer.com/inviteFriend/getInviteHistoryLog](https://hackerone.com/reports/811111) to Razer - 528 upvotes, $2000 9 | 5. [OTP token bypass in accessing user settings](https://hackerone.com/reports/699082) to Razer - 339 upvotes, $1000 10 | 6. [[Razer Pay Mobile App] Broken access control allowing other user's bank account to be deleted](https://hackerone.com/reports/757095) to Razer - 311 upvotes, $1000 11 | 7. [[Razer Pay Mobile App] Broken access control allowing other user's bank account to be deleted](https://hackerone.com/reports/757095) to Razer - 311 upvotes, $1000 12 | 8. [Reflected XSS at https://pay.gold.razer.com escalated to account takeover](https://hackerone.com/reports/723060) to Razer - 287 upvotes, $750 13 | 9. [SQL Injection at https://sea-web.gold.razer.com/lab/cash-card-incomplete-translog-resend via period-hour Parameter](https://hackerone.com/reports/781205) to Razer - 240 upvotes, $2000 14 | 10. [[api.easy2pay.co] SQL Injection at fortumo via TransID parameter [Bypassing Signature Validation🔥]](https://hackerone.com/reports/894325) to Razer - 232 upvotes, $4000 15 | 11. [[api.easy2pay.co] SQL Injection at fortumo via TransID parameter [Bypassing Signature Validation🔥]](https://hackerone.com/reports/894325) to Razer - 232 upvotes, $4000 16 | 12. [Admin Management - Login Using Default Password - Leads to Image Upload Backdoor/Shell](https://hackerone.com/reports/699030) to Razer - 199 upvotes, $200 17 | 13. [Through blocking the redirect in /* the attacker able to bypass Authentication To see Sensitive Data sush as Game Keys , Emails ,..](https://hackerone.com/reports/736273) to Razer - 196 upvotes, $1000 18 | 14. [Through blocking the redirect in /* the attacker able to bypass Authentication To see Sensitive Data sush as Game Keys , Emails ,..](https://hackerone.com/reports/736273) to Razer - 196 upvotes, $1000 19 | 15. [Unauthenticated access to sensitive user information](https://hackerone.com/reports/702677) to Razer - 184 upvotes, $500 20 | 16. [SQLi at https://sea-web.gold.razer.com/demo-th/purchase-result.php via orderid Parameter](https://hackerone.com/reports/777693) to Razer - 183 upvotes, $2000 21 | 17. [[IDOR] API endpoint leaking sensitive user information](https://hackerone.com/reports/723118) to Razer - 172 upvotes, $375 22 | 18. [Misconfigured s3 Bucket exposure](https://hackerone.com/reports/700051) to Razer - 168 upvotes, $500 23 | 19. [Accessible Druid Monitor console on https://api.pay-staging.razer.com/](https://hackerone.com/reports/702784) to Razer - 126 upvotes, $1500 24 | 20. [SQL injection in Razer Gold List Admin at /lists/index.php via the `list[]` parameter. ](https://hackerone.com/reports/824307) to Razer - 122 upvotes, $2000 25 | 21. [SQL Injection at api.easy2pay.co/add-on/get-sig.php via partner_id Parameter](https://hackerone.com/reports/768195) to Razer - 119 upvotes, $2000 26 | 22. [HTML injection in support.razer.com [IE only]](https://hackerone.com/reports/826463) to Razer - 109 upvotes, $250 27 | 23. [DOM XSS at https://www.thx.com in IE/Edge browser](https://hackerone.com/reports/702981) to Razer - 102 upvotes, $250 28 | 24. [[Razer Pay Android App] Multiple vulnerabilities chained to allow "RedPacket" money to be stolen by a 3rd party](https://hackerone.com/reports/753280) to Razer - 84 upvotes, $1000 29 | 25. [[pay.gold.razer.com] Stored XSS - Order payment](https://hackerone.com/reports/706916) to Razer - 81 upvotes, $1500 30 | 26. [Blind SQL Injection at http://easytopup.in.th/es-services/mps.php via serial_no parameter](https://hackerone.com/reports/790914) to Razer - 80 upvotes, $1000 31 | 27. [2FA doesn't work in "https://insider.razer.com"](https://hackerone.com/reports/701901) to Razer - 72 upvotes, $200 32 | 28. [SQL injection at https://sea-web.gold.razer.com/demo-th/goto-e2p-web-api.php via Multiple Parameters](https://hackerone.com/reports/777698) to Razer - 71 upvotes, $2000 33 | 29. [Blind SQL Injection(Time Based Payload) in https://www.easytopup.in.th/store/game/digimon-master via CheckuserForm[user_id]](https://hackerone.com/reports/789259) to Razer - 68 upvotes, $1000 34 | 30. [[SSRF] Server-Side Request Forgery at https://sea-web.gold.razer.com/dev/simulator via notify_url Parameter](https://hackerone.com/reports/777664) to Razer - 60 upvotes, $2000 35 | 31. [Payment PIN Verification Bypass](https://hackerone.com/reports/702383) to Razer - 57 upvotes, $1000 36 | 32. [Reflected XSS at http://promotion.molthailand.com/index.php via promotion_id parameter](https://hackerone.com/reports/772116) to Razer - 55 upvotes, $250 37 | 33. [Insecure Logging - OWASP (2016-M2)](https://hackerone.com/reports/700624) to Razer - 45 upvotes, $400 38 | 34. [Improper access control on easytopup.in.th transaction page leads to user's information disclosure and may lead to account hijacking](https://hackerone.com/reports/776877) to Razer - 41 upvotes, $1000 39 | 35. [Improper access control on easytopup.in.th transaction page leads to user's information disclosure and may lead to account hijacking](https://hackerone.com/reports/776877) to Razer - 41 upvotes, $1000 40 | 36. [Improper Authorization at https://api-my.pay.razer.com/v1/trxDetail?trxId=[Id] allowing unauthorised access to other user's transaction details](https://hackerone.com/reports/754339) to Razer - 40 upvotes, $500 41 | 37. [dom based xss on [hello.merchant.razer.com]](https://hackerone.com/reports/767944) to Razer - 36 upvotes, $500 42 | 38. [Cookie based XSS on http://ftp1.thx.com](https://hackerone.com/reports/748217) to Razer - 31 upvotes, $375 43 | 39. [[razer-assets2] Listing of Amazon S3 Bucket accessible to any AWS cli ](https://hackerone.com/reports/710319) to Razer - 27 upvotes, $250 44 | 40. [DLL Hijacking in Synapse 2 CrashSender1402.exe via version.dll](https://hackerone.com/reports/702252) to Razer - 26 upvotes, $750 45 | 41. [Expired reCAPTCHA site key leads to Rate Limit Bypass and Email Enumeration](https://hackerone.com/reports/758280) to Razer - 26 upvotes, $200 46 | 42. [IDOR in eform.molpay.com leads to see other users application forms with private data](https://hackerone.com/reports/790829) to Razer - 21 upvotes, $500 47 | 43. [Insecure Processing of XML leads to Denial of Service through Billion Laughs Attack](https://hackerone.com/reports/754117) to Razer - 21 upvotes, $375 48 | 44. [Insecure Processing of XML leads to Denial of Service through Billion Laughs Attack](https://hackerone.com/reports/754117) to Razer - 21 upvotes, $375 49 | 45. [Insecure HostnameVerifier within WebView of Razer Pay Android (TLS Vulnerability)](https://hackerone.com/reports/795272) to Razer - 20 upvotes, $750 50 | 46. [Request Smuggling vulnerability due a vulnerable skipper reverse proxy running in the environment.](https://hackerone.com/reports/711679) to Razer - 18 upvotes, $375 51 | 47. [Subdomain takeover at iosota.razersynapse.com via Amazon S3](https://hackerone.com/reports/813313) to Razer - 18 upvotes, $200 52 | 48. [Reflected XSS on molpay.com with cloudflare bypass](https://hackerone.com/reports/800360) to Razer - 17 upvotes, $375 53 | 49. [Reflected XSS on https://www.easytopup.in.th/store/product/return on parameter mref_id](https://hackerone.com/reports/776883) to Razer - 17 upvotes, $250 54 | 50. [[press.razer.com] Origin IP found, Cloudflare bypassed](https://hackerone.com/reports/776933) to Razer - 17 upvotes, $200 55 | 51. [PHPInfo Page on www.razer.ru](https://hackerone.com/reports/744573) to Razer - 17 upvotes, $0 56 | 52. [Access to support tickets and payment history, impersonate razer support staff](https://hackerone.com/reports/776110) to Razer - 16 upvotes, $1500 57 | 53. [Reflected XSS at https://sea-web.gold.razer.com/cash-card/verify via channel parameter](https://hackerone.com/reports/769086) to Razer - 15 upvotes, $500 58 | 54. [Subdomain takeover at ftp.thx.com](https://hackerone.com/reports/703591) to Razer - 15 upvotes, $250 59 | 55. [AWS subdomain Takeover at estore.razersynapse.com](https://hackerone.com/reports/785179) to Razer - 15 upvotes, $250 60 | 56. [https://zest.co.th/zestlinepay/checkproduct API endpoint suffers from Boolean-based SQL injection](https://hackerone.com/reports/783147) to Razer - 15 upvotes, $0 61 | 57. [Leftover back-end system on www.zest.co.th allows an unauthorized attacker to generate Razer Gold Pin for free](https://hackerone.com/reports/782982) to Razer - 14 upvotes, $375 62 | 58. [Leftover back-end system on www.zest.co.th allows an unauthorized attacker to generate Razer Gold Pin for free](https://hackerone.com/reports/782982) to Razer - 14 upvotes, $375 63 | 59. [[api.easy2pay.co] SQL Injection in cashcard via card_no parameter ⭐️Bypassing IP whitelist⭐️](https://hackerone.com/reports/894329) to Razer - 14 upvotes, $0 64 | 60. [[Razer Pay Mobile App] IDOR within /v1_IM/friends/queryDrawRedLog allowed unauthorised access to read logs](https://hackerone.com/reports/754044) to Razer - 12 upvotes, $500 65 | 61. [Post Based Reflected XSS on [https://investor.razer.com/s/ir_contact.php]](https://hackerone.com/reports/801075) to Razer - 12 upvotes, $375 66 | 62. [Helpdesk takeover (subdomain takeover) in razerzone.com domain via unclaimed Zendesk instance](https://hackerone.com/reports/810807) to Razer - 12 upvotes, $250 67 | 63. [Source Code Disclosure](https://hackerone.com/reports/819735) to Razer - 12 upvotes, $200 68 | 64. [THX Tuneup Survey feedback disclosure via Google cached content for apps.thx.com](https://hackerone.com/reports/751729) to Razer - 12 upvotes, $200 69 | 65. [DOM-based XSS on https://zest.co.th/zestlinepay/](https://hackerone.com/reports/784112) to Razer - 10 upvotes, $200 70 | 66. [Reflected XSS in eform.molpay.com](https://hackerone.com/reports/789879) to Razer - 9 upvotes, $375 71 | 67. [Aws bucket writable mobile.razer.com](https://hackerone.com/reports/772957) to Razer - 9 upvotes, $250 72 | 68. [Misconfigured Bucket [razer-assets2] https://assets2.razerzone.com/](https://hackerone.com/reports/756703) to Razer - 9 upvotes, $250 73 | 69. [ Information disclosure at http://sea-s2s.molthailand.com/status.php](https://hackerone.com/reports/721761) to Razer - 8 upvotes, $375 74 | 70. [Race Condition in Oauth 2.0 flow can lead to malicious applications create multiple valid sessions](https://hackerone.com/reports/699112) to Razer - 8 upvotes, $250 75 | 71. [[Razer Pay] Broken Access Control at /v1/verifyPhone/ allows enumeration of usernames and ID information](https://hackerone.com/reports/752443) to Razer - 6 upvotes, $500 76 | 72. [Store Cross-Site Scripting - www.razer.ru](https://hackerone.com/reports/739854) to Razer - 5 upvotes, $200 77 | 73. [User Access Control Bypass Via Razer elevated service ( RzKLService.exe ) which loads exe in misconfigured way.](https://hackerone.com/reports/769684) to Razer - 3 upvotes, $750 78 | 74. [RXSS at https://api.easy2pay.co/inquiry.php via txid parameter.](https://hackerone.com/reports/791941) to Razer - 2 upvotes, $250 79 | 80 | 81 | [Back](../README.md) -------------------------------------------------------------------------------- /tops_by_program/TOPROCKSTARGAMES.md: -------------------------------------------------------------------------------- 1 | [Back](../README.md) 2 | 3 | Top reports from Rockstar Games program at HackerOne: 4 | 5 | 1. [The return of the <](https://hackerone.com/reports/639684) to Rockstar Games - 518 upvotes, $1000 6 | 2. [Account Takeover using Linked Accounts due to lack of CSRF protection](https://hackerone.com/reports/463330) to Rockstar Games - 226 upvotes, $1000 7 | 3. [Stealing Facebook OAuth Code Through Screenshot viewer](https://hackerone.com/reports/488269) to Rockstar Games - 186 upvotes, $750 8 | 4. [xss on https://www.rockstargames.com/GTAOnline/jp/screens/ ](https://hackerone.com/reports/507494) to Rockstar Games - 150 upvotes, $750 9 | 5. [Unserialize leading to arbitrary PHP function invoke](https://hackerone.com/reports/210741) to Rockstar Games - 112 upvotes, $5000 10 | 6. [Stored XSS in Snapmatic + R★Editor comments](https://hackerone.com/reports/309531) to Rockstar Games - 110 upvotes, $1000 11 | 7. [Referer Leakage Vulnerability in socialclub.rockstargames.com/crew/ leads to FB'S OAuth token theft.](https://hackerone.com/reports/787160) to Rockstar Games - 103 upvotes, $750 12 | 8. [CSRF Vulnerability on https://signin.rockstargames.com/tpa/facebook/link/](https://hackerone.com/reports/474833) to Rockstar Games - 96 upvotes, $1000 13 | 9. [SocialClub Account Take Over Through Import Friends feature](https://hackerone.com/reports/901728) to Rockstar Games - 80 upvotes, $1500 14 | 10. [Open redirect vulnerability](https://hackerone.com/reports/380760) to Rockstar Games - 80 upvotes, $250 15 | 11. [Blind SSRF in emblem editor (2)](https://hackerone.com/reports/265050) to Rockstar Games - 71 upvotes, $1500 16 | 12. [LFI and SSRF via XXE in emblem editor](https://hackerone.com/reports/347139) to Rockstar Games - 67 upvotes, $1500 17 | 13. [Facebook OAuth Code Theft through referer leakage on support.rockstargames.com](https://hackerone.com/reports/482743) to Rockstar Games - 66 upvotes, $750 18 | 14. [Unquoted Service Path in "Rockstar Game Library Service"](https://hackerone.com/reports/716448) to Rockstar Games - 60 upvotes, $750 19 | 15. [Stored XSS on support.rockstargames.com](https://hackerone.com/reports/265384) to Rockstar Games - 48 upvotes, $1000 20 | 16. [SMB SSRF in emblem editor exposes taketwo domain credentials, may lead to RCE](https://hackerone.com/reports/288353) to Rockstar Games - 45 upvotes, $1500 21 | 17. [full path disclosure on www.rockstargames.com via apache filename brute forcing](https://hackerone.com/reports/210238) to Rockstar Games - 45 upvotes, $150 22 | 18. [DOM based XSS on /GTAOnline/tw/starterpack/](https://hackerone.com/reports/508517) to Rockstar Games - 44 upvotes, $750 23 | 19. [DOM XSS on https://www.rockstargames.com/GTAOnline/feedback](https://hackerone.com/reports/803934) to Rockstar Games - 43 upvotes, $1250 24 | 20. [Stored XSS in profile activity feed messages](https://hackerone.com/reports/231444) to Rockstar Games - 41 upvotes, $1000 25 | 21. [Bypass CAPTCHA protection](https://hackerone.com/reports/210417) to Rockstar Games - 39 upvotes, $500 26 | 22. [Smuggle SocialClub's Facebook OAuth Code via Referer Leakage](https://hackerone.com/reports/342709) to Rockstar Games - 35 upvotes, $750 27 | 23. [CSRF in 'set.php' via age causes stored XSS on 'get.php' - http://www.rockstargames.com/php/videoplayer_cache/get.php'](https://hackerone.com/reports/152013) to Rockstar Games - 34 upvotes, $750 28 | 24. [DOM Based xss on https://www.rockstargames.com/ ( 1 )](https://hackerone.com/reports/475442) to Rockstar Games - 32 upvotes, $850 29 | 25. [Exploiting Misconfigured CORS to Steal User Information](https://hackerone.com/reports/317391) to Rockstar Games - 31 upvotes, $500 30 | 26. [Image Injection vulnerability on screenshot-viewer/responsive/image may allow Facebook OAuth token theft.](https://hackerone.com/reports/655288) to Rockstar Games - 31 upvotes, $500 31 | 27. [Stored XSS on profile page via Steam display name](https://hackerone.com/reports/282604) to Rockstar Games - 29 upvotes, $1250 32 | 28. [stored XSS (angular injection) in support.rockstargames.com using zendesk register form via name parameter](https://hackerone.com/reports/354262) to Rockstar Games - 29 upvotes, $1000 33 | 29. [XSS in http://www.rockstargames.com/theballadofgaytony/js/jquery.base.js](https://hackerone.com/reports/242905) to Rockstar Games - 28 upvotes, $1000 34 | 30. [\<- Critical IDOR vulnerability in socialclub allow to insert and delete comments as another user and it discloses sensitive information -\>](https://hackerone.com/reports/204292) to Rockstar Games - 27 upvotes, $1400 35 | 31. [CSRF Vulnerability allows attackers to steal SocialClub private token.](https://hackerone.com/reports/253128) to Rockstar Games - 27 upvotes, $600 36 | 32. [Stored XSS in snapmatic comments](https://hackerone.com/reports/231389) to Rockstar Games - 26 upvotes, $1000 37 | 33. [Image Injection/XSS vulnerability affecting https://www.rockstargames.com/newswire/article](https://hackerone.com/reports/790465) to Rockstar Games - 26 upvotes, $750 38 | 34. [DOM based reflected XSS in rockstargames.com/newswire/tags through cross domain ajax request](https://hackerone.com/reports/172843) to Rockstar Games - 26 upvotes, $500 39 | 35. [Stored XSS on member post feed](https://hackerone.com/reports/264002) to Rockstar Games - 25 upvotes, $1000 40 | 36. [CSRF Vulnerability on post creation page /community/create-post.json](https://hackerone.com/reports/487378) to Rockstar Games - 25 upvotes, $150 41 | 37. [Reflected XSS in /Videos/ via calling a callback http://www.rockstargames.com/videos/#/?lb=](https://hackerone.com/reports/151276) to Rockstar Games - 24 upvotes, $650 42 | 38. [Reflected XSS via #tags= while using a callback in newswire http://www.rockstargames.com/newswire](https://hackerone.com/reports/153618) to Rockstar Games - 24 upvotes, $500 43 | 39. [Reflected XSS via Double Encoding](https://hackerone.com/reports/246505) to Rockstar Games - 21 upvotes, $500 44 | 40. [Login form on non-HTTPS page](https://hackerone.com/reports/214571) to Rockstar Games - 20 upvotes, $350 45 | 41. [use of unsafe host header leads to open redirect](https://hackerone.com/reports/210875) to Rockstar Games - 20 upvotes, $300 46 | 42. [Open redirect on https://signin.rockstargames.com/connect/authorize/rsg](https://hackerone.com/reports/1101771) to Rockstar Games - 20 upvotes, $150 47 | 43. [Stored XSS with CRLF injection via post message to user feed](https://hackerone.com/reports/263191) to Rockstar Games - 19 upvotes, $1000 48 | 44. [Information Disclosure in https://www.rockstargames.com/search](https://hackerone.com/reports/808832) to Rockstar Games - 19 upvotes, $250 49 | 45. [Open redirect in https://www.rockstargames.com/GTAOnline/restricted-content/agegate/form may lead to Facebook OAuth token theft](https://hackerone.com/reports/798121) to Rockstar Games - 18 upvotes, $750 50 | 46. [Reflected XSS in reddeadredemption Site located at www.rockstargames.com/reddeadredemption](https://hackerone.com/reports/149673) to Rockstar Games - 17 upvotes, $750 51 | 47. [Comments Denial of Service in socialclub.rockstargames.com](https://hackerone.com/reports/214370) to Rockstar Games - 17 upvotes, $500 52 | 48. [phpinfo() on graph.rockstargames.com exposes sensitive information](https://hackerone.com/reports/1082774) to Rockstar Games - 17 upvotes, $500 53 | 49. [Race condition vulnerability on "This Rocks" button.](https://hackerone.com/reports/474021) to Rockstar Games - 17 upvotes, $250 54 | 50. [Table and Column Exposure](https://hackerone.com/reports/218898) to Rockstar Games - 17 upvotes, $150 55 | 51. [Stored XSS via Send crew invite](https://hackerone.com/reports/272997) to Rockstar Games - 16 upvotes, $1000 56 | 52. [Dom based xss on https://www.rockstargames.com/ via `returnUrl` parameter](https://hackerone.com/reports/505157) to Rockstar Games - 16 upvotes, $750 57 | 53. [[IMP] - Blind XSS in the admin panel for reviewing comments](https://hackerone.com/reports/197337) to Rockstar Games - 16 upvotes, $650 58 | 54. [Minor Account Privacy can Set to Everyone.](https://hackerone.com/reports/883731) to Rockstar Games - 15 upvotes, $150 59 | 55. [Open redirect affecting m.rockstargames.com/](https://hackerone.com/reports/781718) to Rockstar Games - 14 upvotes, $750 60 | 56. [Dom based xss on /reddeadredemption2/br/videos](https://hackerone.com/reports/488108) to Rockstar Games - 14 upvotes, $750 61 | 57. [SocialClub's Facebook OAuth Theft through Warehouse XSS.](https://hackerone.com/reports/316948) to Rockstar Games - 13 upvotes, $750 62 | 58. [Client-side Template Injection in Search, user email/token leak and maybe sandbox escape](https://hackerone.com/reports/271960) to Rockstar Games - 13 upvotes, $500 63 | 59. [Full path Disclosure in Rockstargames.com██████████ ](https://hackerone.com/reports/210572) to Rockstar Games - 13 upvotes, $150 64 | 60. [DOM BASED XSS ON https://www.rockstargames.com/GTAOnline/features ](https://hackerone.com/reports/479612) to Rockstar Games - 12 upvotes, $750 65 | 61. [Image Injection vulnerability in www.rockstargames.com/IV/screens/1280x720Image.html](https://hackerone.com/reports/784101) to Rockstar Games - 12 upvotes, $500 66 | 62. [Control Character Injection In Messages](https://hackerone.com/reports/210994) to Rockstar Games - 12 upvotes, $350 67 | 63. [Stored XSS on support.rockstargames.com](https://hackerone.com/reports/265274) to Rockstar Games - 11 upvotes, $1000 68 | 64. [Warehouse dom based xss may lead to Social Club Account Taker Over.](https://hackerone.com/reports/663312) to Rockstar Games - 11 upvotes, $750 69 | 65. [dom based xss in http://www.rockstargames.com/GTAOnline/ (Fix bypass)](https://hackerone.com/reports/261571) to Rockstar Games - 11 upvotes, $500 70 | 66. [Image Injection on www.rockstargames.com/screenshot-viewer/responsive/image may allow facebook oauth token theft.](https://hackerone.com/reports/497655) to Rockstar Games - 11 upvotes, $500 71 | 67. [Source Code Disclosure (CGI)](https://hackerone.com/reports/211418) to Rockstar Games - 11 upvotes, $150 72 | 68. [Leak IP internal](https://hackerone.com/reports/271700) to Rockstar Games - 11 upvotes, $150 73 | 69. [Your support community suffers from angularjs injection and must be fixed immediately [CRITICAL]](https://hackerone.com/reports/274264) to Rockstar Games - 10 upvotes, $500 74 | 70. [Flash injection vulnerability on /IV/imgPlayer/imageEmbed.swf](https://hackerone.com/reports/485382) to Rockstar Games - 10 upvotes, $500 75 | 71. [Found CSRF Vulnerability in https://support.rockstargames.com/](https://hackerone.com/reports/423602) to Rockstar Games - 10 upvotes, $150 76 | 72. [csrf in https://www.rockstargames.com/reddeadonline/feedback/submit.json](https://hackerone.com/reports/796295) to Rockstar Games - 9 upvotes, $150 77 | 73. [dom based xss in https://www.rockstargames.com/GTAOnline/](https://hackerone.com/reports/254343) to Rockstar Games - 8 upvotes, $500 78 | 74. [flash injection in http://www.rockstargames.com/IV/imgPlayer/imageEmbed.swf](https://hackerone.com/reports/241231) to Rockstar Games - 8 upvotes, $500 79 | 75. [Image Injection on `/bully/anniversaryedition` may lead to FB's OAuth Token Theft.](https://hackerone.com/reports/659784) to Rockstar Games - 8 upvotes, $500 80 | 76. [RDR2 game service method allows adding any player to a new Posse without consent](https://hackerone.com/reports/1029594) to Rockstar Games - 8 upvotes, $500 81 | 77. [DOM based XSS on /GTAOnline/de/news/article via "returnUrl" parameter](https://hackerone.com/reports/508475) to Rockstar Games - 6 upvotes, $750 82 | 78. [Ability to post comments to a crew even after getting kicked out](https://hackerone.com/reports/197153) to Rockstar Games - 6 upvotes, $500 83 | 79. [image injection /screenshot-viewer/responsive/image (ANOTHER FIX BYPASS)](https://hackerone.com/reports/506126) to Rockstar Games - 6 upvotes, $500 84 | 80. [Profile bio at rockstar is accepting control characters](https://hackerone.com/reports/214763) to Rockstar Games - 6 upvotes, $350 85 | 81. [Control characters incorrectly handled on Crew Status Update](https://hackerone.com/reports/232499) to Rockstar Games - 6 upvotes, $250 86 | 82. [SSLv3 POODLE Vulnerability](https://hackerone.com/reports/210331) to Rockstar Games - 6 upvotes, $150 87 | 83. [insecure redirect in https://www.rockstargames.com](https://hackerone.com/reports/253975) to Rockstar Games - 6 upvotes, $0 88 | 84. [Dom based XSS on www.rockstargames.com/GTAOnline/features/freemode](https://hackerone.com/reports/799739) to Rockstar Games - 5 upvotes, $750 89 | 85. [Image Injection vulnerability affecting www.rockstargames.com/careers may lead to Facebook OAuth Theft](https://hackerone.com/reports/491654) to Rockstar Games - 5 upvotes, $500 90 | 86. [Referer Leakge in language changer may lead to FB token theft.](https://hackerone.com/reports/809691) to Rockstar Games - 5 upvotes, $500 91 | 87. [Image injection on /screenshot-viewer/responsive/image ( FIX BYPASS)](https://hackerone.com/reports/505259) to Rockstar Games - 5 upvotes, $500 92 | 88. [Image Injection on /bully/anniversaryedition may lead to OAuth token theft.](https://hackerone.com/reports/498358) to Rockstar Games - 4 upvotes, $500 93 | 89. [Referer Referer Header Leakage in language changer may lead to FB token theft](https://hackerone.com/reports/870062) to Rockstar Games - 3 upvotes, $500 94 | 90. [Image injection /br/games/info may lead to phishing attacks or FB OAuth theft.](https://hackerone.com/reports/510388) to Rockstar Games - 3 upvotes, $500 95 | 91. [Image Injection Vulnerability on /bully/screens](https://hackerone.com/reports/661646) to Rockstar Games - 3 upvotes, $500 96 | 92. [CSRF Vulnerabiliy on Facebook Linkage Page Allows Full Account takerover of Socialclub Accounts.](https://hackerone.com/reports/653254) to Rockstar Games - 2 upvotes, $550 97 | 98 | 99 | [Back](../README.md) -------------------------------------------------------------------------------- /tops_by_program/TOPTHEINTERNET.md: -------------------------------------------------------------------------------- 1 | [Back](../README.md) 2 | 3 | Top reports from The Internet program at HackerOne: 4 | 5 | 1. [Key Reinstallation Attacks: Breaking WPA2 by forcing nonce reuse](https://hackerone.com/reports/286740) to The Internet - 190 upvotes, $25000 6 | 2. [Ubuntu Linux privilege escalation (dirty_sock)](https://hackerone.com/reports/496285) to The Internet - 101 upvotes, $1000 7 | 3. [RCE via ssh:// URIs in multiple VCS ](https://hackerone.com/reports/260005) to The Internet - 38 upvotes, $3000 8 | 4. [Race Conditions in OAuth 2 API implementations](https://hackerone.com/reports/55140) to The Internet - 35 upvotes, $2500 9 | 5. [ACME TLS-SNI-01/02 challenge vulnerable when combined with shared hosting providers](https://hackerone.com/reports/304378) to The Internet - 34 upvotes, $0 10 | 6. [ZeroMQ libzmq remote code execution](https://hackerone.com/reports/477073) to The Internet - 29 upvotes, $1000 11 | 7. [Mailsploit: a sender spoofing bug in over 30 email clients](https://hackerone.com/reports/295339) to The Internet - 27 upvotes, $0 12 | 8. [4 severe remote + several minor OpenVPN vulnerabilities](https://hackerone.com/reports/242579) to The Internet - 27 upvotes, $0 13 | 9. [DOMPurify bypass](https://hackerone.com/reports/1024734) to The Internet - 23 upvotes, $0 14 | 10. [Insufficient shell characters filtering leads to (potentially remote) code execution (CVE-2016-3714)](https://hackerone.com/reports/143966) to The Internet - 21 upvotes, $7500 15 | 11. [TLS Virtual Host Confusion](https://hackerone.com/reports/501) to The Internet - 19 upvotes, $7500 16 | 12. [Multiple HTTP Smuggling reports](https://hackerone.com/reports/648434) to The Internet - 16 upvotes, $0 17 | 13. [GNU Bourne-Again Shell (Bash) 'Shellshock' Vulnerability](https://hackerone.com/reports/29839) to The Internet - 15 upvotes, $20000 18 | 14. [CVE-2019-5736: Escape from Docker and Kubernetes containers to root on host](https://hackerone.com/reports/495495) to The Internet - 14 upvotes, $1000 19 | 15. [TLS Triple Handshake Attack](https://hackerone.com/reports/7277) to The Internet - 12 upvotes, $7500 20 | 16. [Exim off-by-one RCE vulnerability](https://hackerone.com/reports/322935) to The Internet - 11 upvotes, $1500 21 | 17. [Cross-site information assertion leak via Content Security Policy](https://hackerone.com/reports/16910) to The Internet - 11 upvotes, $0 22 | 18. [Drupal 7 pre auth sql injection and remote code execution](https://hackerone.com/reports/31756) to The Internet - 10 upvotes, $3000 23 | 19. [Critical vulnerability in JSON Web Encryption (JWE) - RFC 7516 Invalid Curve attack](https://hackerone.com/reports/213437) to The Internet - 10 upvotes, $1000 24 | 20. [Linux kernel: CVE-2017-7308: a signedness issue in AF_PACKET sockets](https://hackerone.com/reports/684567) to The Internet - 10 upvotes, $0 25 | 21. [rpcbind "rpcbomb" CVE-2017-8779, CVE-2017-8804](https://hackerone.com/reports/235016) to The Internet - 10 upvotes, $0 26 | 22. [Mercurial git subrepo lead to arbritary command injection](https://hackerone.com/reports/294147) to The Internet - 9 upvotes, $1500 27 | 23. [Linux kernel: CVE-2017-1000112: a memory corruption due to UFO to non-UFO path switch](https://hackerone.com/reports/684573) to The Internet - 9 upvotes, $0 28 | 24. [Linux kernel: CVE-2017-6074: DCCP double-free vulnerability](https://hackerone.com/reports/347282) to The Internet - 8 upvotes, $1000 29 | 25. [Industry-Wide MITM Vulnerability Impacting the JVM Ecosystem](https://hackerone.com/reports/608620) to The Internet - 8 upvotes, $0 30 | 26. [OpenSSH: Memory corruption in AES-GCM support](https://hackerone.com/reports/500) to The Internet - 7 upvotes, $1500 31 | 27. [ntpd: read_mru_list() does inadequate incoming packet checks](https://hackerone.com/reports/147310) to The Internet - 7 upvotes, $500 32 | 28. [[bower] Arbitrary File Write through improper validation of symlinks while package extraction](https://hackerone.com/reports/492512) to The Internet - 7 upvotes, $500 33 | 29. [libtiff 4.0.6 heap bufer overflow / out of bounds read (CVE-2016-9273)](https://hackerone.com/reports/181642) to The Internet - 6 upvotes, $500 34 | 30. [RCE on default Ubuntu Desktop \>= 12.10 Quantal](https://hackerone.com/reports/192512) to The Internet - 6 upvotes, $0 35 | 31. [Dragonblood: Design and Implementation Flaws in WPA3 and EAP-pwd](https://hackerone.com/reports/745276) to The Internet - 5 upvotes, $750 36 | 32. [libtiff 4.0.6 segfault / read outside of buffer (CVE-2016-9297)](https://hackerone.com/reports/182140) to The Internet - 5 upvotes, $500 37 | 33. [Unsecure: Bypass alerts of Little Flocker / Little Snitch / HandsOff! / BlockBlock (same concept can be applied to other security tools)](https://hackerone.com/reports/265232) to The Internet - 5 upvotes, $0 38 | 34. [CVE-2017-10966: Heap-use-after-free in Irssi \<1.0.4](https://hackerone.com/reports/247028) to The Internet - 5 upvotes, $0 39 | 35. [Exim use-after-free vulnerability while reading mail header involving BDAT commands](https://hackerone.com/reports/296991) to The Internet - 5 upvotes, $0 40 | 36. [Malicious Server can force read any file on clients system with default configuration in MySQL Clients](https://hackerone.com/reports/171593) to The Internet - 5 upvotes, $0 41 | 37. [Bypassing Same Origin Policy With JSONP APIs and Flash](https://hackerone.com/reports/10373) to The Internet - 4 upvotes, $3000 42 | 38. [OpenSSH / dropbearSSHd xauth command injection](https://hackerone.com/reports/122113) to The Internet - 4 upvotes, $1500 43 | 39. [Denial of service in libxml2, using malicious lzma file to consume available system memory](https://hackerone.com/reports/270059) to The Internet - 4 upvotes, $0 44 | 40. [CVE-2017-11367: Global buffer overflow (READ of size 4) in shoco C library ](https://hackerone.com/reports/250581) to The Internet - 4 upvotes, $0 45 | 41. [Two vulnerability in GNU binutils](https://hackerone.com/reports/323017) to The Internet - 4 upvotes, $0 46 | 42. [FREAK: Factoring RSA_EXPORT Keys to Impersonate TLS Servers](https://hackerone.com/reports/50170) to The Internet - 3 upvotes, $7500 47 | 43. [open redirect in rfc6749](https://hackerone.com/reports/26962) to The Internet - 3 upvotes, $3000 48 | 44. [Mercurial can be tricked into granting authorized users access to the Python debugger](https://hackerone.com/reports/222020) to The Internet - 3 upvotes, $500 49 | 45. [Silent omission of certificate hostname verification in LibreSSL and BoringSSL](https://hackerone.com/reports/329645) to The Internet - 3 upvotes, $0 50 | 46. [pngcrush double-free/segfault could result in DoS (CVE-2015-7700)](https://hackerone.com/reports/93546) to The Internet - 3 upvotes, $0 51 | 47. [CVE-2017-5969: libxml2 when used in recover mode, allows remote attackers to cause a denial of service (NULL pointer dereference)](https://hackerone.com/reports/262665) to The Internet - 3 upvotes, $0 52 | 48. [CVE-2017-10965: Null pointer dereference in Irssi \<1.0.4 ](https://hackerone.com/reports/247027) to The Internet - 3 upvotes, $0 53 | 49. [GarlicRust - heartbleed style vulnerability in major I2P C++ router implementations](https://hackerone.com/reports/295740) to The Internet - 3 upvotes, $0 54 | 50. [Exim handles BDAT data incorrectly and leads to crash/hang](https://hackerone.com/reports/296994) to The Internet - 3 upvotes, $0 55 | 51. [Widespread failure of certificate validation in Android apps](https://hackerone.com/reports/2293) to The Internet - 3 upvotes, $0 56 | 52. [Incorrect logic in MySQL & MariaDB protocol leads to remote SSRF/Remote file read](https://hackerone.com/reports/156511) to The Internet - 3 upvotes, $0 57 | 53. [Uncontrolled Resource Consumption with XMPP-Layer Compression](https://hackerone.com/reports/5928) to The Internet - 2 upvotes, $500 58 | 54. [pngcrush_measure_idat() off-by-one error (CVE-2015-2158)](https://hackerone.com/reports/73429) to The Internet - 2 upvotes, $0 59 | 55. [Multiple issues in Libxml2 (2.9.2 - 2.9.5)](https://hackerone.com/reports/293126) to The Internet - 2 upvotes, $0 60 | 56. [external entity expansion in Apache POI ](https://hackerone.com/reports/25537) to The Internet - 2 upvotes, $0 61 | 57. [CVE-2017-8798 - miniupnp getHTTPResponse chunked encoding integer signedness error](https://hackerone.com/reports/227344) to The Internet - 2 upvotes, $0 62 | 58. [CVE-2016-4796 OpenJPEG color_cmyk_to_rgb Out-of-Bounds Read Vulnerability](https://hackerone.com/reports/167955) to The Internet - 2 upvotes, $0 63 | 59. [CVE-2016-7163 OpenJPEG opj_pi_create_decode Integer Overflow Vulnerability](https://hackerone.com/reports/167512) to The Internet - 2 upvotes, $0 64 | 60. [putty pscp client-side post-auth stack buffer overwrite when processing remote file size ](https://hackerone.com/reports/120903) to The Internet - 2 upvotes, $0 65 | 61. [Heap overflow in H. Spencer’s regex library on 32 bit systems ](https://hackerone.com/reports/47779) to The Internet - 1 upvotes, $3000 66 | 62. [CVE-2017-13090 wget heap smash](https://hackerone.com/reports/287667) to The Internet - 1 upvotes, $0 67 | 63. [CVE-2017-13089 wget stack smash](https://hackerone.com/reports/287666) to The Internet - 1 upvotes, $0 68 | 64. [Ericsson Erlang OTP Core Allocation Subsystem Integer Overflow (All Versions)](https://hackerone.com/reports/28640) to The Internet - 1 upvotes, $0 69 | 65. [Roundcube virtualmin privilege escalation (CVE-2017-8114)](https://hackerone.com/reports/242119) to The Internet - 1 upvotes, $0 70 | 66. [The “Malstaller” Attack, global hijacking of any installation process to achieve RCE with elevated privileges, Windows OS (vendor agnostic) ](https://hackerone.com/reports/165969) to The Internet - 1 upvotes, $0 71 | 67. [CVE-2016-3182 OpenJPEG color_esycc_to_rgb Out-of-Bounds Read Vulnerability](https://hackerone.com/reports/167953) to The Internet - 1 upvotes, $0 72 | 68. [CVE-2016-3183 OpenJPEG sycc422_to_rgb Out-of-Bounds Read Vulnerability](https://hackerone.com/reports/167947) to The Internet - 1 upvotes, $0 73 | 69. [LZ4 Core](https://hackerone.com/reports/17688) to The Internet - 0 upvotes, $6000 74 | 70. [Multiple issues in looking-glass software (aka from web to BGP injections)](https://hackerone.com/reports/16330) to The Internet - 0 upvotes, $5000 75 | 71. [Bad Write in TTF font parsing (win32k.sys)](https://hackerone.com/reports/48100) to The Internet - 0 upvotes, $5000 76 | 72. [rsync hash collisions may allow an attacker to corrupt or modify files](https://hackerone.com/reports/20873) to The Internet - 0 upvotes, $3000 77 | 73. [libcurl: URL request injection](https://hackerone.com/reports/73242) to The Internet - 0 upvotes, $3000 78 | 74. [libcurl duphandle read out of bounds](https://hackerone.com/reports/104014) to The Internet - 0 upvotes, $1000 79 | 75. [CVE-2016-1924 OpenJPEG opj_tgt_reset Out-of-Bounds Read Vulnerability](https://hackerone.com/reports/167957) to The Internet - 0 upvotes, $0 80 | 76. [CVE-2016-5157 OpenJPEG opj_dwt_interleave_v Out-of-Bounds Write Vulnerability](https://hackerone.com/reports/167510) to The Internet - 0 upvotes, $0 81 | 82 | 83 | [Back](../README.md) -------------------------------------------------------------------------------- /tops_by_program/TOPUBIQUITIINC.md: -------------------------------------------------------------------------------- 1 | [Back](../README.md) 2 | 3 | Top reports from Ubiquiti Inc. program at HackerOne: 4 | 5 | 1. [Privilege Escalation From user to SYSTEM via unauthenticated command execution ](https://hackerone.com/reports/544928) to Ubiquiti Inc. - 531 upvotes, $16109 6 | 2. [Privilege-0 to Root Privilege Escalation on EdgeSwitch](https://hackerone.com/reports/511025) to Ubiquiti Inc. - 80 upvotes, $1604 7 | 3. [Public Jenkins instance with /script enabled](https://hackerone.com/reports/403402) to Ubiquiti Inc. - 65 upvotes, $2500 8 | 4. [Remote Code Execution at http://tw.corp.ubnt.com](https://hackerone.com/reports/269066) to Ubiquiti Inc. - 61 upvotes, $5000 9 | 5. [Subdomain takeover on partners.ubnt.com due to non-used CloudFront DNS entry](https://hackerone.com/reports/145224) to Ubiquiti Inc. - 55 upvotes, $1000 10 | 6. [Login as root without password on EdgeSwitchX](https://hackerone.com/reports/512958) to Ubiquiti Inc. - 54 upvotes, $100 11 | 7. [Ability to log in as any user without authentication if █████████ is empty](https://hackerone.com/reports/215053) to Ubiquiti Inc. - 52 upvotes, $6000 12 | 8. [CORS Misconfiguration leading to Private Information Disclosure](https://hackerone.com/reports/430249) to Ubiquiti Inc. - 48 upvotes, $500 13 | 9. [Authentication bypass on sso.ubnt.com via subdomain takeover of ping.ubnt.com](https://hackerone.com/reports/172137) to Ubiquiti Inc. - 45 upvotes, $500 14 | 10. [Read-Only user can execute arbitraty shell commands on AirOS](https://hackerone.com/reports/139398) to Ubiquiti Inc. - 43 upvotes, $2750 15 | 11. [Unrestricted File System Access via Twig Template Injection on dev-ucrm-billing-demo.ubnt.com](https://hackerone.com/reports/301406) to Ubiquiti Inc. - 39 upvotes, $2000 16 | 12. [Firmware download/install vulnerable to CSRF](https://hackerone.com/reports/323852) to Ubiquiti Inc. - 32 upvotes, $1100 17 | 13. [sqli](https://hackerone.com/reports/207695) to Ubiquiti Inc. - 32 upvotes, $1000 18 | 14. [[dev-nightly.ubnt.com] Local File Reading](https://hackerone.com/reports/260420) to Ubiquiti Inc. - 31 upvotes, $100 19 | 15. [[EdgeSwitch] Web GUI command injection as root with Privilege-1 and Privilege-15 users](https://hackerone.com/reports/197958) to Ubiquiti Inc. - 25 upvotes, $2000 20 | 16. [Source code disclosure on https://107.23.69.180](https://hackerone.com/reports/136891) to Ubiquiti Inc. - 25 upvotes, $1000 21 | 17. [Directory traversal at https://nightly.ubnt.com](https://hackerone.com/reports/229622) to Ubiquiti Inc. - 23 upvotes, $500 22 | 18. [IDOR Causing Deletion of any account](https://hackerone.com/reports/156537) to Ubiquiti Inc. - 22 upvotes, $500 23 | 19. [Privilege Escalation using API-\>Feature](https://hackerone.com/reports/239719) to Ubiquiti Inc. - 21 upvotes, $1500 24 | 20. [Read-Only user can execute arbitraty shell commands on AirOS](https://hackerone.com/reports/128750) to Ubiquiti Inc. - 20 upvotes, $1500 25 | 21. [Stored XSS in community.ubnt.com](https://hackerone.com/reports/179164) to Ubiquiti Inc. - 20 upvotes, $500 26 | 22. [UniFi Video Server web interface Configuration Restore CSRF leading to full application compromise](https://hackerone.com/reports/329749) to Ubiquiti Inc. - 20 upvotes, $500 27 | 23. [Arbritrary file Upload on AirMax](https://hackerone.com/reports/73480) to Ubiquiti Inc. - 19 upvotes, $18000 28 | 24. [JetBrains .idea project directory](https://hackerone.com/reports/80990) to Ubiquiti Inc. - 19 upvotes, $200 29 | 25. [Shell Injection via Web Management Console (dl-fw.cgi)](https://hackerone.com/reports/121940) to Ubiquiti Inc. - 18 upvotes, $1300 30 | 26. [Exposed API-key allows to control nightly builds of firmwares (█████████ & ████████)](https://hackerone.com/reports/179986) to Ubiquiti Inc. - 18 upvotes, $1250 31 | 27. [Read-Only user can execute arbitraty shell commands on AirOS](https://hackerone.com/reports/119317) to Ubiquiti Inc. - 17 upvotes, $1500 32 | 28. [Wordpress directories/files visible to internet](https://hackerone.com/reports/201984) to Ubiquiti Inc. - 17 upvotes, $600 33 | 29. [[nutty.ubnt.com] DOM Based XSS nuttyapp github-btn.html](https://hackerone.com/reports/200753) to Ubiquiti Inc. - 17 upvotes, $100 34 | 30. [Privilege Escalation: From operator to ubnt (and root) with non-interactive Session Hijacking](https://hackerone.com/reports/241044) to Ubiquiti Inc. - 16 upvotes, $1500 35 | 31. [Reflected XSS](https://hackerone.com/reports/304175) to Ubiquiti Inc. - 16 upvotes, $1000 36 | 32. [Subdomain Takeover (moderator.ubnt.com)](https://hackerone.com/reports/181665) to Ubiquiti Inc. - 16 upvotes, $500 37 | 33. [Stored XSS in dev-ucrm-billing-demo.ubnt.com In Client Custom Attribute ](https://hackerone.com/reports/275515) to Ubiquiti Inc. - 16 upvotes, $250 38 | 34. [Subdomain Takeover in http://assets.goubiquiti.com/](https://hackerone.com/reports/109699) to Ubiquiti Inc. - 15 upvotes, $500 39 | 35. [[account-global.ubnt.com] CRLF Injection](https://hackerone.com/reports/145128) to Ubiquiti Inc. - 15 upvotes, $150 40 | 36. [Resource Consumption DOS on Edgemax v1.10.6](https://hackerone.com/reports/406614) to Ubiquiti Inc. - 14 upvotes, $600 41 | 37. [CSRF: Replacing the router configuration backup having an 'operator' user and bypassing the "Referer:' whitelist protection](https://hackerone.com/reports/240098) to Ubiquiti Inc. - 14 upvotes, $500 42 | 38. [EdgeSwitch Command Injection](https://hackerone.com/reports/508256) to Ubiquiti Inc. - 14 upvotes, $100 43 | 39. [UBNT Amplification DDOS Attack](https://hackerone.com/reports/221625) to Ubiquiti Inc. - 13 upvotes, $2500 44 | 40. [Two Factor Authentication Bypass](https://hackerone.com/reports/350288) to Ubiquiti Inc. - 13 upvotes, $500 45 | 41. [Catch mails sent to an SMTP Server over SSL using an Evil SMTP Server](https://hackerone.com/reports/519582) to Ubiquiti Inc. - 12 upvotes, $1604 46 | 42. [Privilege escalation in the client impersonation functionality](https://hackerone.com/reports/221454) to Ubiquiti Inc. - 12 upvotes, $1500 47 | 43. [Triggering RCE using XSS to bypass CSRF in PowerBeam M5 300](https://hackerone.com/reports/289264) to Ubiquiti Inc. - 12 upvotes, $1000 48 | 44. [Open Redirect in unifi.ubnt.com [Controller Finder]](https://hackerone.com/reports/141355) to Ubiquiti Inc. - 11 upvotes, $260 49 | 45. [[scores.ubnt.com] DOM based XSS at form.html](https://hackerone.com/reports/158484) to Ubiquiti Inc. - 11 upvotes, $150 50 | 46. [Reflected File Download in community.ubnt.com/restapi/](https://hackerone.com/reports/107960) to Ubiquiti Inc. - 11 upvotes, $150 51 | 47. [Stored XSS in unifi.ubnt.com](https://hackerone.com/reports/142084) to Ubiquiti Inc. - 11 upvotes, $125 52 | 48. [Subdomain takeover on https://cloudfront.ubnt.com/ due to non-used CloudFront DNS entry](https://hackerone.com/reports/210188) to Ubiquiti Inc. - 11 upvotes, $0 53 | 49. [UniFi Video Server - Arbitrary file upload as SYSTEM](https://hackerone.com/reports/129641) to Ubiquiti Inc. - 10 upvotes, $1375 54 | 50. [[dev-unifi-go.ubnt.com] Insecure CORS, Stealing Cookies](https://hackerone.com/reports/219014) to Ubiquiti Inc. - 10 upvotes, $500 55 | 51. [Reflected XSS in scores.ubnt.com](https://hackerone.com/reports/130889) to Ubiquiti Inc. - 10 upvotes, $275 56 | 52. [Bypass blocked profile protection on aircrm.ubnt.com](https://hackerone.com/reports/332631) to Ubiquiti Inc. - 10 upvotes, $100 57 | 53. [UniFi Video Server web interface Configuration Restore path traversal leading to local system compromise](https://hackerone.com/reports/329770) to Ubiquiti Inc. - 9 upvotes, $250 58 | 54. [Stored XSS / Bypassing .htaccess protection in http://nodebb.ubnt.com/](https://hackerone.com/reports/202354) to Ubiquiti Inc. - 9 upvotes, $150 59 | 55. [Stored XSS =\> community.ubnt.com ](https://hackerone.com/reports/294048) to Ubiquiti Inc. - 9 upvotes, $150 60 | 56. [Reflected XSS in Nanostation Loco M2 - AirOS ver=6.1.7](https://hackerone.com/reports/386570) to Ubiquiti Inc. - 9 upvotes, $150 61 | 57. [Reflected cross-site scripting (XSS) vulnerability in scores.ubnt.com allows attackers to inject arbitrary web script via p parameter.](https://hackerone.com/reports/208622) to Ubiquiti Inc. - 9 upvotes, $100 62 | 58. [Code Execution in restricted CLI of EdgeSwitch](https://hackerone.com/reports/313245) to Ubiquiti Inc. - 8 upvotes, $1500 63 | 59. [UniFi Video Server - Broken access control on system configuration](https://hackerone.com/reports/129698) to Ubiquiti Inc. - 8 upvotes, $1000 64 | 60. [UniFi Video v3.10.1 (Windows) Local Privileges Escalation to SYSTEM from arbitrary filedelete and DLL hijack vulnerabilities.](https://hackerone.com/reports/530967) to Ubiquiti Inc. - 8 upvotes, $667 65 | 61. [Unauthenticated request allows changing hostname](https://hackerone.com/reports/802079) to Ubiquiti Inc. - 8 upvotes, $550 66 | 62. [XSS on Nanostation Loco M2 Airmax](https://hackerone.com/reports/158287) to Ubiquiti Inc. - 8 upvotes, $500 67 | 63. [Unauthenticated Cross-Site Scripting in Web Management Console](https://hackerone.com/reports/121941) to Ubiquiti Inc. - 8 upvotes, $250 68 | 64. [UniFi Video Server web interface admin user Firmware Update path traversal leading to local system compromise](https://hackerone.com/reports/330051) to Ubiquiti Inc. - 8 upvotes, $250 69 | 65. [Reflected Xss in AirMax [Nanostation Loco M2]](https://hackerone.com/reports/149287) to Ubiquiti Inc. - 8 upvotes, $185 70 | 66. [XSS](https://hackerone.com/reports/219170) to Ubiquiti Inc. - 8 upvotes, $150 71 | 67. [Expired SSL certificate](https://hackerone.com/reports/220615) to Ubiquiti Inc. - 8 upvotes, $100 72 | 68. [Content Spoofing or Text Injection in (403 forbidden page injection) and Nginx version disclosure via response header](https://hackerone.com/reports/203391) to Ubiquiti Inc. - 8 upvotes, $0 73 | 69. [CRLF Injection on openvpn.svc.ubnt.com](https://hackerone.com/reports/232327) to Ubiquiti Inc. - 8 upvotes, $0 74 | 70. [Format String Vulnerability in the EdgeSwitch restricted CLI](https://hackerone.com/reports/311884) to Ubiquiti Inc. - 7 upvotes, $1500 75 | 71. [CSRF in login form would led to account takeover](https://hackerone.com/reports/50703) to Ubiquiti Inc. - 7 upvotes, $500 76 | 72. [Command injection in the process of downloading the latest version of the cloud key firmware through the unifi management software.](https://hackerone.com/reports/183458) to Ubiquiti Inc. - 7 upvotes, $500 77 | 73. [account.ubnt.com CSRF](https://hackerone.com/reports/101909) to Ubiquiti Inc. - 7 upvotes, $200 78 | 74. [HTML Injection on airlink.ubnt.com](https://hackerone.com/reports/226783) to Ubiquiti Inc. - 7 upvotes, $100 79 | 75. [XSS via SVG file](https://hackerone.com/reports/212253) to Ubiquiti Inc. - 7 upvotes, $0 80 | 76. [RCE in AirOS 6.2.0 Devices with CSRF bypass](https://hackerone.com/reports/703659) to Ubiquiti Inc. - 6 upvotes, $6839 81 | 77. [UniFi Video web interface Configuration Restore user privilege escalation](https://hackerone.com/reports/329659) to Ubiquiti Inc. - 6 upvotes, $1500 82 | 78. [Privilege Escalation with Session Hijacking Having a Non-privileged Valid User](https://hackerone.com/reports/242407) to Ubiquiti Inc. - 6 upvotes, $1000 83 | 79. [Authenticated RCE in ToughSwitch](https://hackerone.com/reports/273449) to Ubiquiti Inc. - 6 upvotes, $150 84 | 80. [200 http code in 403 forbidden directories on main Ubnt.com domain](https://hackerone.com/reports/220150) to Ubiquiti Inc. - 6 upvotes, $0 85 | 81. [Camera adoption DoS - UniFi Protect](https://hackerone.com/reports/1008579) to Ubiquiti Inc. - 5 upvotes, $1604 86 | 82. [UniFi v3.2.10 Cross-Site Request Forgeries / Referer-Check Bypass](https://hackerone.com/reports/52635) to Ubiquiti Inc. - 4 upvotes, $1000 87 | 83. [Local File Disclosure (+XSS+CSRF) in AirOS 6.2.0 devices](https://hackerone.com/reports/661647) to Ubiquiti Inc. - 4 upvotes, $594 88 | 84. [Security: Publicly accessible x.509 Public and Private Key of Ubiquiti Networks.](https://hackerone.com/reports/265701) to Ubiquiti Inc. - 4 upvotes, $0 89 | 85. [Auth bypass on directory.corp.ubnt.com](https://hackerone.com/reports/116504) to Ubiquiti Inc. - 3 upvotes, $1000 90 | 86. [Other Buffer Overflow in PHP of the AirMax Products](https://hackerone.com/reports/74004) to Ubiquiti Inc. - 3 upvotes, $500 91 | 87. [UniFi Video v3.2.2 (Windows) Local Privileges Escalation due to weak default install directory ACLs](https://hackerone.com/reports/140793) to Ubiquiti Inc. - 3 upvotes, $500 92 | 88. [Can upload files without authentication on AirFibre 3.2](https://hackerone.com/reports/201529) to Ubiquiti Inc. - 3 upvotes, $150 93 | 89. [Weak credentials for nutty.ubnt.com](https://hackerone.com/reports/204052) to Ubiquiti Inc. - 3 upvotes, $0 94 | 90. [Yet another Buffer Overflow in PHP of the AirMax Products](https://hackerone.com/reports/74025) to Ubiquiti Inc. - 2 upvotes, $500 95 | 91. [Buffer Overflow in PHP of the AirMax Products](https://hackerone.com/reports/73491) to Ubiquiti Inc. - 2 upvotes, $250 96 | 92. [AirFibre products vulnerable to HTTP Header injection](https://hackerone.com/reports/203673) to Ubiquiti Inc. - 2 upvotes, $150 97 | 98 | 99 | [Back](../README.md) -------------------------------------------------------------------------------- /tops_by_program/TOPVERIZONMEDIA.md: -------------------------------------------------------------------------------- 1 | [Back](../README.md) 2 | 3 | Top reports from Verizon Media program at HackerOne: 4 | 5 | 1. [Local File Include on marketing-dam.yahoo.com](https://hackerone.com/reports/7779) to Verizon Media - 16 upvotes, $2500 6 | 2. [Header injection on rmaitrack.ads.vip.bf1.yahoo.com](https://hackerone.com/reports/6322) to Verizon Media - 15 upvotes, $1000 7 | 3. [Cross-site scripting on the main page of flickr by tagging a user.](https://hackerone.com/reports/916) to Verizon Media - 12 upvotes, $2173 8 | 4. [Store XSS Flicker main page](https://hackerone.com/reports/940) to Verizon Media - 12 upvotes, $1960 9 | 5. [XSS Yahoo Messenger Via Calendar.Yahoo.Com ](https://hackerone.com/reports/914) to Verizon Media - 12 upvotes, $677 10 | 6. [REMOTE CODE EXECUTION/LOCAL FILE INCLUSION/XSPA/SSRF, view-source:http://sb*.geo.sp1.yahoo.com/, 4/6/14, #SpringClean](https://hackerone.com/reports/6674) to Verizon Media - 10 upvotes, $3000 11 | 7. [Loadbalancer + URI XSS #3](https://hackerone.com/reports/9703) to Verizon Media - 9 upvotes, $0 12 | 8. [readble .htaccess + Source Code Disclosure (+ .SVN repository)](https://hackerone.com/reports/7813) to Verizon Media - 8 upvotes, $250 13 | 9. [HK.Yahoo.Net Remote Command Execution](https://hackerone.com/reports/2127) to Verizon Media - 7 upvotes, $1276 14 | 10. [From Unrestricted File Upload to Remote Command Execution](https://hackerone.com/reports/4836) to Verizon Media - 6 upvotes, $800 15 | 11. [SQLi on http://sports.yahoo.com/nfl/draft](https://hackerone.com/reports/1538) to Verizon Media - 5 upvotes, $3705 16 | 12. [HTML Injection on flickr screename using IOS App](https://hackerone.com/reports/1483) to Verizon Media - 5 upvotes, $800 17 | 13. [Bypass of the Clickjacking protection on Flickr using data URL in iframes](https://hackerone.com/reports/7264) to Verizon Media - 5 upvotes, $250 18 | 14. [Information Disclosure ](https://hackerone.com/reports/1091) to Verizon Media - 5 upvotes, $0 19 | 15. [Local file inclusion ](https://hackerone.com/reports/1675) to Verizon Media - 4 upvotes, $1390 20 | 16. [Significant Information Disclosure/Load balancer access, http://extprodweb11.cc.gq1.yahoo.com/, 4/8/14, #SpringClean](https://hackerone.com/reports/6194) to Verizon Media - 4 upvotes, $500 21 | 17. [reflected XSS, http://extprodweb11.cc.gq1.yahoo.com/, 4/8/14, #SpringClean](https://hackerone.com/reports/6195) to Verizon Media - 4 upvotes, $300 22 | 18. [ads.yahoo.com Unvalidate open url redirection](https://hackerone.com/reports/7731) to Verizon Media - 4 upvotes, $0 23 | 19. [Security.allowDomain("*") in SWFs on img.autos.yahoo.com allows data theft from Yahoo Mail (and others)](https://hackerone.com/reports/1171) to Verizon Media - 3 upvotes, $2500 24 | 20. [SQL Injection ON HK.Promotion](https://hackerone.com/reports/3039) to Verizon Media - 3 upvotes, $1000 25 | 21. [Flickr: Invitations disclosure (resend feature)](https://hackerone.com/reports/1533) to Verizon Media - 3 upvotes, $750 26 | 22. [https://caldav.calendar.yahoo.com/ - XSS (STORED) ](https://hackerone.com/reports/8281) to Verizon Media - 3 upvotes, $500 27 | 23. [invite1.us2.msg.vip.bf1.yahoo.com/ - CSRF/email disclosure](https://hackerone.com/reports/7608) to Verizon Media - 3 upvotes, $400 28 | 24. [XSS Vulnerability (my.yahoo.com)](https://hackerone.com/reports/4256) to Verizon Media - 3 upvotes, $250 29 | 25. [http://conf.member.yahoo.com configuration file disclosure](https://hackerone.com/reports/2598) to Verizon Media - 3 upvotes, $100 30 | 26. [Java Applet Execution On Y! Messenger](https://hackerone.com/reports/933) to Verizon Media - 3 upvotes, $0 31 | 27. [Directory Traversal ](https://hackerone.com/reports/1092) to Verizon Media - 3 upvotes, $0 32 | 28. [XSS in my yahoo](https://hackerone.com/reports/1203) to Verizon Media - 2 upvotes, $800 33 | 29. [information disclosure (LOAD BALANCER + URI XSS)](https://hackerone.com/reports/8284) to Verizon Media - 2 upvotes, $300 34 | 30. [XSS in Yahoo! Web Analytics](https://hackerone.com/reports/5442) to Verizon Media - 2 upvotes, $100 35 | 31. [Default /docs folder of PHPBB3 installation on gamesnet.yahoo.com](https://hackerone.com/reports/17506) to Verizon Media - 2 upvotes, $50 36 | 32. [In Fantasy Sports iOS app, signup page is requested over HTTP](https://hackerone.com/reports/2101) to Verizon Media - 2 upvotes, $0 37 | 33. [caesary.yahoo.net Blind Sql Injection](https://hackerone.com/reports/21899) to Verizon Media - 2 upvotes, $0 38 | 34. [Open Redirect via Request-URI](https://hackerone.com/reports/15298) to Verizon Media - 2 upvotes, $0 39 | 35. [XSS using yql and developers console proxy](https://hackerone.com/reports/1011) to Verizon Media - 2 upvotes, $0 40 | 36. [Bypass of anti-SSRF defenses in YahooCacheSystem (affecting at least YQL and Pipes)](https://hackerone.com/reports/1066) to Verizon Media - 2 upvotes, $0 41 | 37. [XSS Reflected - Yahoo Travel](https://hackerone.com/reports/1553) to Verizon Media - 2 upvotes, $0 42 | 38. [Yahoo mail login page bruteforce protection bypass](https://hackerone.com/reports/2596) to Verizon Media - 2 upvotes, $0 43 | 39. [Clickjacking at surveylink.yahoo.com](https://hackerone.com/reports/3578) to Verizon Media - 2 upvotes, $0 44 | 40. [Stored Cross Site Scripting Vulnerability in Yahoo Mail](https://hackerone.com/reports/4277) to Verizon Media - 2 upvotes, $0 45 | 41. [Almost all the subdomains are infected.](https://hackerone.com/reports/4359) to Verizon Media - 2 upvotes, $0 46 | 42. [http://us.rd.yahoo.com/](https://hackerone.com/reports/12035) to Verizon Media - 2 upvotes, $0 47 | 43. [XSS on Every sports.yahoo.com page](https://hackerone.com/reports/2168) to Verizon Media - 1 upvotes, $1500 48 | 44. [Server Side Request Forgery](https://hackerone.com/reports/4461) to Verizon Media - 1 upvotes, $500 49 | 45. [XSS in https://hk.user.auctions.yahoo.com](https://hackerone.com/reports/7266) to Verizon Media - 1 upvotes, $500 50 | 46. [Comment Spoofing at http://suggestions.yahoo.com/detail/?prop=directory&fid=97721](https://hackerone.com/reports/6665) to Verizon Media - 1 upvotes, $500 51 | 47. [Cross-origin issue on rmaiauth.ads.vip.bf1.yahoo.com](https://hackerone.com/reports/6268) to Verizon Media - 1 upvotes, $250 52 | 48. [Yahoo! Reflected XSS](https://hackerone.com/reports/18279) to Verizon Media - 1 upvotes, $250 53 | 49. [ClickJacking on http://au.launch.yahoo.com](https://hackerone.com/reports/1229) to Verizon Media - 1 upvotes, $0 54 | 50. [Yahoo YQL Injection? ](https://hackerone.com/reports/1407) to Verizon Media - 1 upvotes, $0 55 | 51. [Yahoo open redirect using ad](https://hackerone.com/reports/2322) to Verizon Media - 1 upvotes, $0 56 | 52. [A csrf vulnerability which add and remove a favorite team from a user account.](https://hackerone.com/reports/1620) to Verizon Media - 1 upvotes, $0 57 | 53. [Insufficient validation of redirect URL on login page allows hijacking user name and password](https://hackerone.com/reports/2126) to Verizon Media - 1 upvotes, $0 58 | 54. [Reflected XSS in mail.yahoo.com](https://hackerone.com/reports/2240) to Verizon Media - 1 upvotes, $0 59 | 55. [Authentication bypass at fast.corp.yahoo.com](https://hackerone.com/reports/3577) to Verizon Media - 1 upvotes, $0 60 | 56. [Information Disclosure, groups.yahoo.com,6-april-2014, #SpringClean](https://hackerone.com/reports/5986) to Verizon Media - 1 upvotes, $0 61 | 57. [clickjacking on leaving group(flick)](https://hackerone.com/reports/7745) to Verizon Media - 1 upvotes, $0 62 | 58. [Yahoo! Messenger v11.5.0.228 emoticons.xml shortcut Value Handling Stack-Based Buffer Overflow](https://hackerone.com/reports/10767) to Verizon Media - 1 upvotes, $0 63 | 59. [Open Proxy, http://www.smushit.com/ysmush.it/, 4/09/14, #SpringClean](https://hackerone.com/reports/6704) to Verizon Media - 0 upvotes, $2000 64 | 60. [CSRF Token missing on http://baseball.fantasysports.yahoo.com/b1/127146/messages](https://hackerone.com/reports/6700) to Verizon Media - 0 upvotes, $400 65 | 61. [Infrastructure and Application Admin Interfaces (OWASP‐CM‐007)](https://hackerone.com/reports/11414) to Verizon Media - 0 upvotes, $250 66 | 62. [Yahoo Sports Fantasy Golf (Join Public Group)](https://hackerone.com/reports/16414) to Verizon Media - 0 upvotes, $200 67 | 63. [CSRF Token is missing on DELETE message option on http://baseball.fantasysports.yahoo.com/b1/127146/messages](https://hackerone.com/reports/6702) to Verizon Media - 0 upvotes, $200 68 | 64. [Testing for user enumeration (OWASP‐AT‐002) - https://gh.bouncer.login.yahoo.com](https://hackerone.com/reports/12708) to Verizon Media - 0 upvotes, $100 69 | 65. [Authorization issue on creative.yahoo.com](https://hackerone.com/reports/12685) to Verizon Media - 0 upvotes, $50 70 | 66. [Vulnerability found, XSS (Cross site Scripting)](https://hackerone.com/reports/1258) to Verizon Media - 0 upvotes, $0 71 | 67. [HTML Code Injection ](https://hackerone.com/reports/1376) to Verizon Media - 0 upvotes, $0 72 | 68. [Open redirect on tw.money.yahoo.com](https://hackerone.com/reports/4570) to Verizon Media - 0 upvotes, $0 73 | 69. [TESTING FOR REFLECTED CROSS SITE SCRIPTING (OWASP‐DV‐001)](https://hackerone.com/reports/12011) to Verizon Media - 0 upvotes, $0 74 | 70. [Multiple vulnerabilities](https://hackerone.com/reports/14248) to Verizon Media - 0 upvotes, $0 75 | 71. [URL Redirection](https://hackerone.com/reports/1429) to Verizon Media - 0 upvotes, $0 76 | 72. [clickjacking ](https://hackerone.com/reports/1207) to Verizon Media - 0 upvotes, $0 77 | 73. [Authentication Bypass in Yahoo Groups](https://hackerone.com/reports/1209) to Verizon Media - 0 upvotes, $0 78 | 74. [Open URL Redirection](https://hackerone.com/reports/4521) to Verizon Media - 0 upvotes, $0 79 | 75. [Out of date version](https://hackerone.com/reports/5221) to Verizon Media - 0 upvotes, $0 80 | 76. [Authentication Bypass due to Session Mismanagement](https://hackerone.com/reports/10912) to Verizon Media - 0 upvotes, $0 81 | 82 | 83 | [Back](../README.md) -------------------------------------------------------------------------------- /tops_by_program/TOPVIMEO.md: -------------------------------------------------------------------------------- 1 | [Back](../README.md) 2 | 3 | Top reports from Vimeo program at HackerOne: 4 | 5 | 1. [SSRF leaking internal google cloud data through upload function [SSH Keys, etc..]](https://hackerone.com/reports/549882) to Vimeo - 229 upvotes, $5000 6 | 2. [Domain pointing to vimeo portfolio are prone to takeover using on-demand.](https://hackerone.com/reports/387307) to Vimeo - 69 upvotes, $1500 7 | 3. [Improper Authentication in Vimeo's API 'versions' endpoint.](https://hackerone.com/reports/328724) to Vimeo - 52 upvotes, $2000 8 | 4. [Reflected File Download (RFD) in download video](https://hackerone.com/reports/378941) to Vimeo - 52 upvotes, $700 9 | 5. [Watch any Password Video without password](https://hackerone.com/reports/155618) to Vimeo - 43 upvotes, $500 10 | 6. [Downloading password protected / restricted videos](https://hackerone.com/reports/145467) to Vimeo - 40 upvotes, $600 11 | 7. [All Vimeo Private videos disclosure via Authorization Bypass](https://hackerone.com/reports/137502) to Vimeo - 29 upvotes, $600 12 | 8. [OAuth 2 Authorization Bypass via CSRF and Cross Site Flashing](https://hackerone.com/reports/136582) to Vimeo - 28 upvotes, $1000 13 | 9. [Make API calls on behalf of another user (CSRF protection bypass)](https://hackerone.com/reports/44146) to Vimeo - 23 upvotes, $1000 14 | 10. [Disclosure of sensitive information through Google Cloud Storage bucket](https://hackerone.com/reports/176013) to Vimeo - 22 upvotes, $500 15 | 11. [XSS on vimeo.com/home after other user follows you](https://hackerone.com/reports/87854) to Vimeo - 16 upvotes, $1500 16 | 12. [Images and Subtitles Leakage from private videos](https://hackerone.com/reports/136850) to Vimeo - 16 upvotes, $125 17 | 13. [CSRF on Vimeo via cross site flashing leading to info disclosure and private videos go public](https://hackerone.com/reports/136481) to Vimeo - 14 upvotes, $750 18 | 14. [URGENT - Subdomain Takeover on status.vimeo.com due to unclaimed domain pointing to statuspage.io](https://hackerone.com/reports/49663) to Vimeo - 13 upvotes, $100 19 | 15. [Vimeo.com Insecure Direct Object References Reset Password](https://hackerone.com/reports/42587) to Vimeo - 8 upvotes, $5000 20 | 16. [Stored XSS on player.vimeo.com](https://hackerone.com/reports/85488) to Vimeo - 8 upvotes, $500 21 | 17. [[vimeopro.com] CRLF Injection](https://hackerone.com/reports/39181) to Vimeo - 6 upvotes, $500 22 | 18. [XSS when using captions/subtitles on video player based on Flash (requires user interaction)](https://hackerone.com/reports/88508) to Vimeo - 6 upvotes, $200 23 | 19. [Application XSS filter function Bypass may allow Multiple stored XSS](https://hackerone.com/reports/44217) to Vimeo - 6 upvotes, $100 24 | 20. [XSS on vimeo.com | "Search within these results" feature (requires user interaction)](https://hackerone.com/reports/88105) to Vimeo - 6 upvotes, $100 25 | 21. [Securing "Reset password" pages from bots](https://hackerone.com/reports/43807) to Vimeo - 6 upvotes, $0 26 | 22. [Adding profile picture to anyone on Vimeo](https://hackerone.com/reports/43617) to Vimeo - 5 upvotes, $1000 27 | 23. [Error page Text Injection.](https://hackerone.com/reports/130914) to Vimeo - 5 upvotes, $0 28 | 24. [XSS on mobile version of vimeo.com where the button "Follow" appears](https://hackerone.com/reports/88088) to Vimeo - 5 upvotes, $0 29 | 25. [XSS on player.vimeo.com without user interaction and vimeo.com with user interaction](https://hackerone.com/reports/96229) to Vimeo - 4 upvotes, $250 30 | 26. [Can message users without the proper authorization](https://hackerone.com/reports/46113) to Vimeo - 4 upvotes, $100 31 | 27. [XSS on any site that includes the moogaloop flash player | deprecated embed code ](https://hackerone.com/reports/44512) to Vimeo - 3 upvotes, $1000 32 | 28. [API: missing invalidation of OAuth2 Authorization Code during access revocation causes authorization bypass](https://hackerone.com/reports/57603) to Vimeo - 3 upvotes, $500 33 | 29. [Invite any user to your group without even following him](https://hackerone.com/reports/52707) to Vimeo - 3 upvotes, $250 34 | 30. [CRITICAL full source code/config disclosure for Cameo](https://hackerone.com/reports/43998) to Vimeo - 3 upvotes, $100 35 | 31. [Reflected XSS on vimeo.com/musicstore](https://hackerone.com/reports/85615) to Vimeo - 3 upvotes, $100 36 | 32. [Poodle bleed vulnerability in cloud sub domain](https://hackerone.com/reports/44202) to Vimeo - 3 upvotes, $0 37 | 33. [Insecure Direct Object References in https://vimeo.com/forums](https://hackerone.com/reports/52176) to Vimeo - 2 upvotes, $500 38 | 34. [subdomain takeover 1511493148.cloud.vimeo.com](https://hackerone.com/reports/46954) to Vimeo - 2 upvotes, $250 39 | 35. [Vimeo + & Vimeo PRO Unautorised Tax bypass](https://hackerone.com/reports/49561) to Vimeo - 2 upvotes, $250 40 | 36. [A user can add videos to other user's private groups](https://hackerone.com/reports/50786) to Vimeo - 2 upvotes, $250 41 | 37. [Insecure Direct Object References that allows to read any comment (even if it should be private)](https://hackerone.com/reports/52181) to Vimeo - 2 upvotes, $150 42 | 38. [Missing rate limit on private videos password](https://hackerone.com/reports/124564) to Vimeo - 2 upvotes, $0 43 | 39. [XSS in Subtitles of Vimeo Flash Player and Hubnut ](https://hackerone.com/reports/137023) to Vimeo - 2 upvotes, $0 44 | 40. [abusing Thumbnails(https://vimeo.com/upload/select_thumb) to see a private video](https://hackerone.com/reports/43850) to Vimeo - 1 upvotes, $1000 45 | 41. [A user can post comments on other user's private videos](https://hackerone.com/reports/50829) to Vimeo - 1 upvotes, $500 46 | 42. [Buying ondemand videos that 0.1 and sometimes for free ](https://hackerone.com/reports/43602) to Vimeo - 1 upvotes, $260 47 | 43. [Ability to Download Music Tracks Without Paying (Missing permission check on`/musicstore/download`)](https://hackerone.com/reports/43770) to Vimeo - 1 upvotes, $250 48 | 44. [A user can edit comments even after video comments are disabled](https://hackerone.com/reports/50776) to Vimeo - 1 upvotes, $250 49 | 45. [CRITICAL vulnerability - Insecure Direct Object Reference - Unauthorized access to `Videos` of Channel whose privacy is set to `Private`.](https://hackerone.com/reports/45960) to Vimeo - 1 upvotes, $250 50 | 46. [Post in private groups after getting removed](https://hackerone.com/reports/51817) to Vimeo - 1 upvotes, $250 51 | 47. [[URGENT ISSUE] Add or Delete the videos in watch later list of any user .](https://hackerone.com/reports/52982) to Vimeo - 1 upvotes, $250 52 | 48. [A user can enhance their videos with paid tracks without buying the track](https://hackerone.com/reports/50941) to Vimeo - 1 upvotes, $250 53 | 49. [Stored XSS on vimeo.com and player.vimeo.com](https://hackerone.com/reports/87577) to Vimeo - 1 upvotes, $200 54 | 50. [Vimeo Search - XSS Vulnerability [http://vimeo.com/search]](https://hackerone.com/reports/44798) to Vimeo - 1 upvotes, $100 55 | 51. [XSS on Vimeo](https://hackerone.com/reports/45484) to Vimeo - 1 upvotes, $100 56 | 52. [Private, embeddable videos leaks data through Facebook & Open Graph](https://hackerone.com/reports/121919) to Vimeo - 1 upvotes, $100 57 | 53. [USER PRIVACY VIOLATED (PRIVATE DATA GETTING TRANSFER OVER INSECURE CHANNEL ) ](https://hackerone.com/reports/44056) to Vimeo - 1 upvotes, $0 58 | 54. [CSRF bypass](https://hackerone.com/reports/45428) to Vimeo - 1 upvotes, $0 59 | 55. [Brute force on "vimeo" cookie](https://hackerone.com/reports/46109) to Vimeo - 1 upvotes, $0 60 | 56. [Full account takeover via Add a New Email to account without email verified and without password confirmation.](https://hackerone.com/reports/45084) to Vimeo - 1 upvotes, $0 61 | 57. [No Limitation on Following allows user to follow people automatically!](https://hackerone.com/reports/43846) to Vimeo - 1 upvotes, $0 62 | 58. [Share your channel to any user on vimeo without following him](https://hackerone.com/reports/52708) to Vimeo - 0 upvotes, $250 63 | 59. [APIs for channels allow HTML entities that may cause XSS issue](https://hackerone.com/reports/42702) to Vimeo - 0 upvotes, $100 64 | 60. [ftp upload of video allows naming that is not sanitized as the manual naming](https://hackerone.com/reports/45368) to Vimeo - 0 upvotes, $100 65 | 61. [Vimeo.com - reflected xss vulnerability](https://hackerone.com/reports/42584) to Vimeo - 0 upvotes, $100 66 | 62. [player.vimeo.com - Reflected XSS Vulnerability](https://hackerone.com/reports/43672) to Vimeo - 0 upvotes, $100 67 | 63. [Vimeo.com - Reflected XSS Vulnerability](https://hackerone.com/reports/42582) to Vimeo - 0 upvotes, $100 68 | 64. [Legacy API exposes private video titles](https://hackerone.com/reports/111386) to Vimeo - 0 upvotes, $100 69 | 65. [unvalid open authentication with facebook](https://hackerone.com/reports/44425) to Vimeo - 0 upvotes, $0 70 | 66. [Misconfigured crossdomain.xml - vimeo.com](https://hackerone.com/reports/43070) to Vimeo - 0 upvotes, $0 71 | 67. [profile photo update bypass ](https://hackerone.com/reports/43758) to Vimeo - 0 upvotes, $0 72 | 68. [Bypassing Email verification ](https://hackerone.com/reports/49304) to Vimeo - 0 upvotes, $0 73 | 69. [May cause account take over (Via invitation page)](https://hackerone.com/reports/56182) to Vimeo - 0 upvotes, $0 74 | 70. [Open Redirection Security Filter bypassed](https://hackerone.com/reports/44157) to Vimeo - 0 upvotes, $0 75 | 76 | 77 | [Back](../README.md) -------------------------------------------------------------------------------- /tops_by_program/TOPWORDPRESS.md: -------------------------------------------------------------------------------- 1 | [Back](../README.md) 2 | 3 | Top reports from WordPress program at HackerOne: 4 | 5 | 1. [Stored XSS Vulnerability](https://hackerone.com/reports/643908) to WordPress - 381 upvotes, $500 6 | 2. [Stored XSS in Private Message component (BuddyPress)](https://hackerone.com/reports/487081) to WordPress - 331 upvotes, $500 7 | 3. [RCE as Admin defeats WordPress hardening and file permissions](https://hackerone.com/reports/436928) to WordPress - 155 upvotes, $800 8 | 4. [Stored XSS on byddypress Plug-in via groups name](https://hackerone.com/reports/592316) to WordPress - 129 upvotes, $450 9 | 5. [Wordpress unzip_file path traversal](https://hackerone.com/reports/205481) to WordPress - 113 upvotes, $800 10 | 6. [Reflected XSS on https://make.wordpress.org via 'channel' parameter](https://hackerone.com/reports/659419) to WordPress - 95 upvotes, $387 11 | 7. [CSRF to HTML Injection in Comments](https://hackerone.com/reports/428019) to WordPress - 93 upvotes, $950 12 | 8. [Clickjacking on donation page](https://hackerone.com/reports/921709) to WordPress - 88 upvotes, $50 13 | 9. [Potential unprivileged Stored XSS through wp_targeted_link_rel](https://hackerone.com/reports/509930) to WordPress - 80 upvotes, $650 14 | 10. [Mssing Authorization on Private Message replies (BuddyPress)](https://hackerone.com/reports/490782) to WordPress - 63 upvotes, $375 15 | 11. [plugins.trac.wordpress.org likely vulnerable to Cross Site Tracing (xst), TRACE HTTP method should be disabled](https://hackerone.com/reports/222692) to WordPress - 55 upvotes, $150 16 | 12. [Multiple stored XSS in WordPress](https://hackerone.com/reports/221507) to WordPress - 35 upvotes, $1200 17 | 13. ["Bad Protocols Validation" Bypass in "wp_kses_bad_protocol_once" using HTML-encoding without trailing semicolons](https://hackerone.com/reports/339483) to WordPress - 34 upvotes, $350 18 | 14. [Logic flaw in the Post creation process allows creating posts with arbitrary types without needing the corresponding nonce](https://hackerone.com/reports/404323) to WordPress - 33 upvotes, $900 19 | 15. [[mercantile.wordpress.org] Reflected XSS via AngularJS Template Injection](https://hackerone.com/reports/230234) to WordPress - 28 upvotes, $300 20 | 16. [Add users to groups who have restricted group invites](https://hackerone.com/reports/538008) to WordPress - 28 upvotes, $275 21 | 17. [Information / sensitive data disclosure on some endpoints](https://hackerone.com/reports/273726) to WordPress - 27 upvotes, $0 22 | 18. [Stored XSS on Broken Themes via filename](https://hackerone.com/reports/406289) to WordPress - 24 upvotes, $300 23 | 19. [Authenticated Stored Cross-site Scripting in bbPress](https://hackerone.com/reports/881918) to WordPress - 24 upvotes, $225 24 | 20. [Open API For Username enumeration](https://hackerone.com/reports/385322) to WordPress - 24 upvotes, $0 25 | 21. [Wordpress 4.7.2 - Two XSS in Media Upload when file too large.](https://hackerone.com/reports/203515) to WordPress - 23 upvotes, $350 26 | 22. [XSS via unicode characters in upload filename](https://hackerone.com/reports/179695) to WordPress - 22 upvotes, $600 27 | 23. [DOM Based XSS In mercantile.wordpress.org](https://hackerone.com/reports/230435) to WordPress - 21 upvotes, $275 28 | 24. [Wordpress 4.7 - CSRF -\> HTTP SSRF any private ip:port and basic-auth](https://hackerone.com/reports/187520) to WordPress - 20 upvotes, $750 29 | 25. [[FG-VD-18-165] Wordpress Cross-Site Scripting Vulnerability Notification II](https://hackerone.com/reports/460911) to WordPress - 20 upvotes, $650 30 | 26. [Reflected Swf XSS In ( plugins.svn.wordpress.org )](https://hackerone.com/reports/270060) to WordPress - 20 upvotes, $350 31 | 27. [Content Spoofing @ https://irclogs.wordpress.org/](https://hackerone.com/reports/278151) to WordPress - 20 upvotes, $0 32 | 28. [Infrastructure - Photon - SSRF](https://hackerone.com/reports/204513) to WordPress - 19 upvotes, $350 33 | 29. [Arbitrary change of blog's background image via CSRF](https://hackerone.com/reports/881855) to WordPress - 19 upvotes, $350 34 | 30. [XSS in the search bar of mercantile.wordpress.org](https://hackerone.com/reports/221893) to WordPress - 18 upvotes, $275 35 | 31. [WordPress DB Class, bad implementation of prepare method guides to sqli and information disclosure](https://hackerone.com/reports/179920) to WordPress - 17 upvotes, $0 36 | 32. [Reflected XSS at https://da.wordpress.org/themes/?s= via "s=" parameter ](https://hackerone.com/reports/222040) to WordPress - 16 upvotes, $387 37 | 33. [Arbitrary file deletion in wp-core - guides towards RCE and information disclosure](https://hackerone.com/reports/291878) to WordPress - 16 upvotes, $0 38 | 34. [CSRF to add admin [wordpress]](https://hackerone.com/reports/149589) to WordPress - 15 upvotes, $1337 39 | 35. [Authenticated Cross-site Scripting in Template Name](https://hackerone.com/reports/220903) to WordPress - 15 upvotes, $350 40 | 36. [Reflected XSS: Taxonomy Converter via tax parameter](https://hackerone.com/reports/495515) to WordPress - 15 upvotes, $275 41 | 37. [Clickjacking In jobs.wordpress.net](https://hackerone.com/reports/223024) to WordPress - 15 upvotes, $0 42 | 38. [Stored self-XSS in mercantile.wordpress.org checkout](https://hackerone.com/reports/230232) to WordPress - 14 upvotes, $275 43 | 39. [Buddypress 2.9.1 - Exceeding the maximum upload size - XSS leading to potential RCE. ](https://hackerone.com/reports/263109) to WordPress - 14 upvotes, $275 44 | 40. [Open Redirect on the nl.wordpress.net](https://hackerone.com/reports/309058) to WordPress - 14 upvotes, $50 45 | 41. [Clickjacking wordcamp.org](https://hackerone.com/reports/230581) to WordPress - 14 upvotes, $0 46 | 42. [Stored XSS in Post Preview as Contributor](https://hackerone.com/reports/497724) to WordPress - 12 upvotes, $650 47 | 43. [[mercantile.wordpress.org] Reflected XSS](https://hackerone.com/reports/240256) to WordPress - 12 upvotes, $225 48 | 44. [Missing SSL can leak job token ](https://hackerone.com/reports/222036) to WordPress - 12 upvotes, $0 49 | 45. [Clickjacking mercantile.wordpress.org](https://hackerone.com/reports/264125) to WordPress - 11 upvotes, $0 50 | 46. [pre-auth Stored XSS in comments via javascript: url when administrator edits user supplied comment](https://hackerone.com/reports/633231) to WordPress - 10 upvotes, $650 51 | 47. [Stored xss via template injection](https://hackerone.com/reports/250837) to WordPress - 10 upvotes, $300 52 | 48. [[support.wordcamp.org] - publicly accessible .svn repository](https://hackerone.com/reports/309714) to WordPress - 10 upvotes, $0 53 | 49. [MediaElements XSS](https://hackerone.com/reports/299112) to WordPress - 9 upvotes, $450 54 | 50. [Stored XSS on Wordpress 5.3 via Title Post](https://hackerone.com/reports/754352) to WordPress - 9 upvotes, $0 55 | 51. [[Buddypress] Arbitrary File Deletion through bp_avatar_set](https://hackerone.com/reports/183568) to WordPress - 8 upvotes, $350 56 | 52. [Lack of Sanitization and Insufficient Authentication](https://hackerone.com/reports/249759) to WordPress - 8 upvotes, $300 57 | 53. [XSS on support.wordcamp.org in ajax-quote.php](https://hackerone.com/reports/355773) to WordPress - 8 upvotes, $225 58 | 54. [Allow authenticated users can edit, trash,and add new in BuddyPress Emails function](https://hackerone.com/reports/833782) to WordPress - 8 upvotes, $225 59 | 55. [Stored but [SELF] XSS in mercantile.wordpress.org](https://hackerone.com/reports/222224) to WordPress - 8 upvotes, $150 60 | 56. [Self-XSS in WordPress Editor Link Modal](https://hackerone.com/reports/224556) to WordPress - 8 upvotes, $150 61 | 57. [xss - reflected](https://hackerone.com/reports/384112) to WordPress - 8 upvotes, $50 62 | 58. [code.wordpress.net subdomain Takeover](https://hackerone.com/reports/295330) to WordPress - 8 upvotes, $25 63 | 59. [Clickjacking - https://mercantile.wordpress.org/](https://hackerone.com/reports/258283) to WordPress - 8 upvotes, $0 64 | 60. [[BuddyPress 2.9.1] Open Redirect via "wp_http_referer" parameter on "bp-profile-edit" endpoint](https://hackerone.com/reports/277502) to WordPress - 7 upvotes, $275 65 | 61. [Lack of Password Confirmation when Changing Password and Email](https://hackerone.com/reports/224214) to WordPress - 7 upvotes, $0 66 | 62. [WordPress core - Denial of Service via Cross Site Request Forgery](https://hackerone.com/reports/153093) to WordPress - 6 upvotes, $250 67 | 63. [Account takeover vulnerability by editor role privileged users/attackers via clickjacking](https://hackerone.com/reports/388254) to WordPress - 6 upvotes, $0 68 | 64. [Unauthenticated hidden groups disclosure via Ajax groups search](https://hackerone.com/reports/282176) to WordPress - 5 upvotes, $275 69 | 65. [CSRF in Profile Fields allows deleting any field in BuddyPress](https://hackerone.com/reports/836187) to WordPress - 5 upvotes, $225 70 | 66. [Improper Access Control in Buddypress core allows reply,delete any user's activity](https://hackerone.com/reports/837256) to WordPress - 4 upvotes, $225 71 | 67. [Administrator(s) Information disclosure via JSON on wordpress.org](https://hackerone.com/reports/221734) to WordPress - 4 upvotes, $0 72 | 68. [Wordpress 4.8.1 - Rogue editor leads to RCE. And the risks of same origin frame scripting in general](https://hackerone.com/reports/263718) to WordPress - 4 upvotes, $0 73 | 69. [Privilege Escalation in BuddyPress core allows Moderate to Administrator ](https://hackerone.com/reports/837018) to WordPress - 3 upvotes, $225 74 | 70. [Stored XSS in WordPress](https://hackerone.com/reports/276105) to WordPress - 3 upvotes, $0 75 | 71. [Parameter tampering : Price Manipulation of Products](https://hackerone.com/reports/682344) to WordPress - 3 upvotes, $0 76 | 72. [antispambot does not always escape \<, \>, &, " and '](https://hackerone.com/reports/298218) to WordPress - 3 upvotes, $0 77 | 73. [CSRF on comment post](https://hackerone.com/reports/914232) to WordPress - 3 upvotes, $0 78 | 74. [Clickjacking irclogs.wordpress.org](https://hackerone.com/reports/267075) to WordPress - 2 upvotes, $0 79 | 75. [WordPress Automatic Update Protocol Does Not Authenticate Updates Provided by the Server](https://hackerone.com/reports/228854) to WordPress - 2 upvotes, $0 80 | 76. [UnResolved ChangeSet are Visible to Public That also Causes Information Disclosure](https://hackerone.com/reports/282843) to WordPress - 0 upvotes, $0 81 | 82 | 83 | [Back](../README.md) --------------------------------------------------------------------------------