├── requirements.txt ├── .gitignore ├── uniquer.py ├── filler.py ├── fetcher.py ├── README.md ├── tops_by_bug_type ├── TOPXXE.md ├── TOPRACECONDITION.md └── TOPOAUTH.md ├── rater.py └── tops_by_program ├── TOPLOCALIZE.md ├── TOPOLX.md ├── TOPPORNHUB.md ├── TOPPHABRICATOR.md ├── TOPSIFCHAIN.md ├── TOPYAHOO!.md ├── TOPVIMEO.md ├── TOPCONCRETE5.md ├── TOPCOINBASE.md ├── TOPVERIZONMEDIA.md ├── TOPVALVE.md ├── TOPWORDPRESS.md ├── TOPPARAGONINITIATIVEENTERPRISES.md ├── TOPCURL.md ├── TOPCONCRETECMS.md ├── TOPOWNCLOUD.md ├── TOPTHEINTERNET.md ├── TOPQIWI.md └── TOPRAZER.md /requirements.txt: -------------------------------------------------------------------------------- 1 | selenium 2 | requests -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | .idea/ 2 | venv/ 3 | *.swp 4 | -------------------------------------------------------------------------------- /uniquer.py: -------------------------------------------------------------------------------- 1 | """ 2 | This script runs second. 3 | 4 | It will remove duplicate report entries. 5 | """ 6 | 7 | import csv 8 | 9 | uniques = set() 10 | result = [] 11 | fieldnames = [] 12 | 13 | with open('data.csv', 'r', newline='') as file: 14 | reader = csv.DictReader(file) 15 | fieldnames = reader.fieldnames 16 | for row in reader: 17 | if row['link'] not in uniques: 18 | uniques.add(row['link']) 19 | result.append(row) 20 | 21 | with open('data.csv', 'w', newline='') as file: 22 | writer = csv.DictWriter(file, fieldnames=fieldnames) 23 | writer.writeheader() 24 | writer.writerows(result) 25 | -------------------------------------------------------------------------------- /filler.py: -------------------------------------------------------------------------------- 1 | """ 2 | This script runs third. 3 | 4 | It will get every report in json and take necessary information. 5 | It takes a lot of time to fetch because there are so much reports. 6 | 7 | To use it without modifications you should put non-empty data.csv file 8 | in the same directory with this script (current data.csv is good). 9 | """ 10 | 11 | import csv 12 | import requests 13 | 14 | 15 | def fill(): 16 | reports = [] 17 | with open('data.csv', 'r', newline='', encoding='utf-8') as file: 18 | reader = csv.DictReader(file) 19 | for row in reader: 20 | reports.append(dict(row)) 21 | count_of_reports = len(reports) 22 | for i in range(count_of_reports): 23 | print('Fetching report ' + str(i + 1) + ' out of ' + str(count_of_reports)) 24 | report_url = 'https://' + reports[i]['link'] + '.json' 25 | try: 26 | json_info = requests.get(report_url).json() 27 | reports[i]['title'] = json_info['title'] 28 | reports[i]['program'] = json_info['team']['profile']['name'] 29 | reports[i]['upvotes'] = int(json_info['vote_count']) 30 | reports[i]['bounty'] = float(json_info['bounty_amount']) if json_info['has_bounty?'] else 0.0 31 | reports[i]['vuln_type'] = json_info['weakness']['name'] if 'weakness' in json_info else '' 32 | except Exception: 33 | print('error at report ' + str(i + 1)) 34 | continue 35 | 36 | print(reports[i]) 37 | 38 | with open('data.csv', 'w', newline='', encoding='utf-8') as file: 39 | keys = reports[0].keys() 40 | writer = csv.DictWriter(file, fieldnames=keys) 41 | writer.writeheader() 42 | writer.writerows(reports) 43 | 44 | 45 | if __name__ == '__main__': 46 | fill() 47 | -------------------------------------------------------------------------------- /fetcher.py: -------------------------------------------------------------------------------- 1 | """ 2 | This script runs first. 3 | 4 | It will scroll through hacktivity until the appearance of URL of the first report in data.csv. 5 | Then script searches for all new reports' URLs and add them to data.csv. 6 | 7 | To use it without modifications you should put non-empty data.csv file 8 | in the same directory with this script (current data.csv is good), because 9 | scrolling through the whole hacktivity is almost impossible for now. 10 | """ 11 | 12 | import time 13 | import csv 14 | from selenium.webdriver import Chrome, ChromeOptions 15 | 16 | hacktivity_url = 'https://hackerone.com/hacktivity?order_field=latest_disclosable_activity_at&filter=type%3Apublic' 17 | page_loading_timeout = 10 18 | 19 | 20 | def extract_reports(raw_reports): 21 | reports = [] 22 | for raw_report in raw_reports: 23 | html = raw_report.get_attribute('innerHTML') 24 | try: 25 | index = html.index('/reports/') 26 | except ValueError: 27 | continue 28 | link = 'hackerone.com' 29 | for i in range(index, index + 50): 30 | if html[i] == '"': 31 | break 32 | else: 33 | link += html[i] 34 | report = { 35 | 'program': '', 36 | 'title': '', 37 | 'link': link, 38 | 'upvotes': 0, 39 | 'bounty': 0., 40 | 'vuln_type': '' 41 | } 42 | reports.append(report) 43 | 44 | return reports 45 | 46 | 47 | def fetch(): 48 | options = ChromeOptions() 49 | options.add_argument('no-sandbox') 50 | options.add_argument('headless') 51 | driver = Chrome(options=options) 52 | 53 | reports = [] 54 | with open('data.csv', 'r', newline='', encoding='utf-8') as file: 55 | reader = csv.DictReader(file) 56 | for row in reader: 57 | reports.append(dict(row)) 58 | first_report_link = reports[0]['link'] 59 | 60 | driver.get(hacktivity_url) 61 | driver.implicitly_wait(page_loading_timeout) 62 | 63 | counter = 0 64 | page = 0 65 | last_height = driver.execute_script("return document.body.scrollHeight") 66 | while True: 67 | driver.execute_script("window.scrollTo(0, document.body.scrollHeight);") 68 | time.sleep(page_loading_timeout) 69 | new_height = driver.execute_script("return document.body.scrollHeight") 70 | if new_height == last_height: 71 | counter += 1 72 | if counter > 1: 73 | break 74 | else: 75 | counter = 0 76 | last_height = new_height 77 | 78 | raw_reports = driver.find_elements_by_class_name('fade') 79 | new_reports = extract_reports(raw_reports) 80 | found = False 81 | for i in range(len(new_reports)): 82 | if new_reports[i]['link'] == first_report_link: 83 | reports = new_reports[:i] + reports 84 | found = True 85 | break 86 | if found: 87 | break 88 | 89 | page += 1 90 | print('Page:', page) 91 | 92 | driver.close() 93 | 94 | with open('data.csv', 'w', newline='', encoding='utf-8') as file: 95 | keys = reports[0].keys() 96 | writer = csv.DictWriter(file, fieldnames=keys) 97 | writer.writeheader() 98 | writer.writerows(reports) 99 | 100 | 101 | if __name__ == '__main__': 102 | fetch() 103 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | Tops of HackerOne reports. All reports' raw info stored in `data.csv`. 2 | Scripts to update this file are written in Python 3 and require `chromedriver` and `Chromium` executables at `PATH`. 3 | Every script contains some info about how it works. 4 | The run order of scripts: 5 | 6 | 1) `fetcher.py` 7 | 1) `uniquer.py` 8 | 1) `filler.py` 9 | 1) `rater.py` 10 | 11 | Tops 100. 12 | 13 | - [Top 100 upvoted reports](tops_100/TOP100UPVOTED.md) 14 | - [Top 100 paid reports](tops_100/TOP100PAID.md) 15 | 16 | Tops by bug type. 17 | 18 | - [Top XSS reports](tops_by_bug_type/TOPXSS.md) 19 | - [Top XXE reports](tops_by_bug_type/TOPXXE.md) 20 | - [Top CSRF reports](tops_by_bug_type/TOPCSRF.md) 21 | - [Top IDOR reports](tops_by_bug_type/TOPIDOR.md) 22 | - [Top RCE reports](tops_by_bug_type/TOPRCE.md) 23 | - [Top SQLi reports](tops_by_bug_type/TOPSQLI.md) 24 | - [Top SSRF reports](tops_by_bug_type/TOPSSRF.md) 25 | - [Top Race Condition reports](tops_by_bug_type/TOPRACECONDITION.md) 26 | - [Top Subdomain Takeover reports](tops_by_bug_type/TOPSUBDOMAINTAKEOVER.md) 27 | - [Top Open Redirect reports](tops_by_bug_type/TOPOPENREDIRECT.md) 28 | - [Top Clickjacking reports](tops_by_bug_type/TOPCLICKJACKING.md) 29 | - [Top DoS reports](tops_by_bug_type/TOPDOS.md) 30 | - [Top OAuth reports](tops_by_bug_type/TOPOAUTH.md) 31 | - [Top Account Takeover reports](tops_by_bug_type/TOPACCOUNTTAKEOVER.md) 32 | 33 | Tops by program. 34 | 35 | - [Top Mail.ru reports](tops_by_program/TOPMAILRU.md) 36 | - [Top HackerOne reports](tops_by_program/TOPHACKERONE.md) 37 | - [Top Shopify reports](tops_by_program/TOPSHOPIFY.md) 38 | - [Top Nextcloud reports](tops_by_program/TOPNEXTCLOUD.md) 39 | - [Top Twitter reports](tops_by_program/TOPTWITTER.md) 40 | - [Top Uber reports](tops_by_program/TOPUBER.md) 41 | - [Top Node.js reports](tops_by_program/TOPNODEJSTHIRDPARTYMODULES.md) 42 | - [Top shopify-scripts reports](tops_by_program/TOPSHOPIFYSCRIPTS.md) 43 | - [Top Legal Robot reports](tops_by_program/TOPLEGALROBOT.md) 44 | - [Top U.S. Dept of Defense reports](tops_by_program/TOPUSDEPTOFDEFENSE.md) 45 | - [Top Gratipay reports](tops_by_program/TOPGRATIPAY.md) 46 | - [Top Weblate reports](tops_by_program/TOPWEBLATE.md) 47 | - [Top VK.com reports](tops_by_program/TOPVKCOM.md) 48 | - [Top New Relic reports](tops_by_program/TOPNEWRELIC.md) 49 | - [Top LocalTapiola reports](tops_by_program/TOPLOCALTAPIOLA.md) 50 | - [Top Zomato reports](tops_by_program/TOPZOMATO.md) 51 | - [Top Slack reports](tops_by_program/TOPSLACK.md) 52 | - [Top ownCloud reports](tops_by_program/TOPOWNCLOUD.md) 53 | - [Top GitLab reports](tops_by_program/TOPGITLAB.md) 54 | - [Top Ubiquiti Inc. reports](tops_by_program/TOPUBIQUITIINC.md) 55 | - [Top Automattic reports](tops_by_program/TOPAUTOMATTIC.md) 56 | - [Top Coinbase reports](tops_by_program/TOPCOINBASE.md) 57 | - [Top Verizon Media reports](tops_by_program/TOPVERIZONMEDIA.md) 58 | - [Top Starbucks reports](tops_by_program/TOPSTARBUCKS.md) 59 | - [Top Paragon Initiative Enterprises reports](tops_by_program/TOPPARAGONINITIATIVEENTERPRISES.md) 60 | - [Top PHP (IBB) reports](tops_by_program/TOPPHP(IBB).md) 61 | - [Top Brave Software reports](tops_by_program/TOPBRAVESOFTWARE.md) 62 | - [Top Vimeo reports](tops_by_program/TOPVIMEO.md) 63 | - [Top OLX reports](tops_by_program/TOPOLX.md) 64 | - [Top concrete5 reports](tops_by_program/TOPCONCRETE5.md) 65 | - [Top Phabricator reports](tops_by_program/TOPPHABRICATOR.md) 66 | - [Top Pornhub reports](tops_by_program/TOPPORNHUB.md) 67 | - [Top Localize reports](tops_by_program/TOPLOCALIZE.md) 68 | - [Top Qiwi reports](tops_by_program/TOPQIWI.md) 69 | - [Top WordPress reports](tops_by_program/TOPWORDPRESS.md) 70 | - [Top The Internet reports](tops_by_program/TOPTHEINTERNET.md) 71 | - [Top Open-Xchange reports](tops_by_program/TOPOPENXCHANGE.md) 72 | - [Top Razer reports](tops_by_program/TOPRAZER.md) 73 | - [Top Rockstar Games reports](tops_by_program/TOPROCKSTARGAMES.md) 74 | - [Top GitHub Security Lab reports](tops_by_program/TOPGITHUBSECURITYLAB.md) 75 | - [Top h1-ctf reports](tops_by_program/TOPH1CTF.md) 76 | - [Top Valve reports](tops_by_program/TOPVALVE.md) 77 | - [Top Yahoo! reports](tops_by_program/TOPYAHOO!.md) 78 | - [Top Internet Bug Bounty reports](tops_by_program/TOPINTERNETBUGBOUNTY.md) 79 | - [Top Concrete CMS reports](tops_by_program/TOPCONCRETECMS.md) 80 | - [Top Sifchain reports](tops_by_program/TOPSIFCHAIN.md) 81 | - [Top Curl reports](tops_by_program/TOPCURL.md) 82 | -------------------------------------------------------------------------------- /tops_by_bug_type/TOPXXE.md: -------------------------------------------------------------------------------- 1 | Top XXE reports from HackerOne: 2 | 3 | 1. [XXE at ecjobs.starbucks.com.cn/retail/hxpublic_v6/hxdynamicpage6.aspx](https://hackerone.com/reports/500515) to Starbucks - 306 upvotes, $4000 4 | 2. [XXE on pulse.mail.ru](https://hackerone.com/reports/505947) to Mail.ru - 263 upvotes, $6000 5 | 3. [XXE on sms-be-vip.twitter.com in SXMP Processor](https://hackerone.com/reports/248668) to Twitter - 250 upvotes, $10080 6 | 4. [XXE on https://duckduckgo.com](https://hackerone.com/reports/483774) to DuckDuckGo - 208 upvotes, $0 7 | 5. [Phone Call to XXE via Interactive Voice Response](https://hackerone.com/reports/395296) to ██████ - 167 upvotes, $0 8 | 6. [Partial bypass of #483774 with Blind XXE on https://duckduckgo.com](https://hackerone.com/reports/486732) to DuckDuckGo - 151 upvotes, $0 9 | 7. [Multiple endpoints are vulnerable to XML External Entity injection (XXE) ](https://hackerone.com/reports/72272) to Pornhub - 135 upvotes, $2500 10 | 8. [XXE through injection of a payload in the XMP metadata of a JPEG file](https://hackerone.com/reports/836877) to Informatica - 128 upvotes, $0 11 | 9. [XXE Injection through SVG image upload leads to SSRF](https://hackerone.com/reports/897244) to Zivver - 110 upvotes, $0 12 | 10. [XXE in Site Audit function exposing file and directory contents](https://hackerone.com/reports/312543) to Semrush - 99 upvotes, $2000 13 | 11. [[RCE] Unserialize to XXE - file disclosure on ams.upload.pornhub.com](https://hackerone.com/reports/142562) to Pornhub - 89 upvotes, $10000 14 | 12. [XXE in DoD website that may lead to RCE](https://hackerone.com/reports/227880) to U.S. Dept Of Defense - 89 upvotes, $0 15 | 13. [Blind XXE via Powerpoint files](https://hackerone.com/reports/334488) to Open-Xchange - 86 upvotes, $2000 16 | 14. [blind XXE in autodiscover parser](https://hackerone.com/reports/315837) to Mail.ru - 70 upvotes, $5000 17 | 15. [LFI and SSRF via XXE in emblem editor](https://hackerone.com/reports/347139) to Rockstar Games - 68 upvotes, $1500 18 | 16. [Blind OOB XXE At "http://ubermovement.com/"](https://hackerone.com/reports/154096) to Uber - 55 upvotes, $500 19 | 17. [XXE на webdav.mail.ru - PROPFIND/PROPPATCH](https://hackerone.com/reports/758978) to Mail.ru - 54 upvotes, $10000 20 | 18. [XXE on ██████████ by bypassing WAF ████](https://hackerone.com/reports/433996) to QIWI - 51 upvotes, $5000 21 | 19. [[rev-app.informatica.com] - XXE](https://hackerone.com/reports/105434) to Informatica - 44 upvotes, $0 22 | 20. [RCE via Local File Read -\> php unserialization-\> XXE -\> unpickling](https://hackerone.com/reports/415501) to h1-5411-CTF - 43 upvotes, $0 23 | 21. [XML External Entity (XXE) in qiwi.com + waf bypass](https://hackerone.com/reports/99279) to QIWI - 39 upvotes, $3137 24 | 22. [Authenticated XXE](https://hackerone.com/reports/1095645) to WordPress - 39 upvotes, $600 25 | 23. [XML Parser Bug: XXE over which leads to RCE](https://hackerone.com/reports/55431) to drchrono - 32 upvotes, $700 26 | 24. [XXE on DoD web server](https://hackerone.com/reports/188743) to U.S. Dept Of Defense - 30 upvotes, $0 27 | 25. [Singapore - XXE at https://www.starbucks.com.sg/RestApi/soap11](https://hackerone.com/reports/762251) to Starbucks - 27 upvotes, $500 28 | 26. [[app.informaticaondemand.com] XXE](https://hackerone.com/reports/105753) to Informatica - 24 upvotes, $0 29 | 27. [Blind XXE on my.mail.ru](https://hackerone.com/reports/276276) to Mail.ru - 23 upvotes, $800 30 | 28. [Non-production Open Database In Combination With XXE Leads To SSRF](https://hackerone.com/reports/742808) to Evernote - 23 upvotes, $0 31 | 29. [ XXE in upload file feature](https://hackerone.com/reports/105787) to Informatica - 21 upvotes, $0 32 | 30. [[send.qiwi.ru] Soap-based XXE vulnerability /soapserver/ ](https://hackerone.com/reports/36450) to QIWI - 17 upvotes, $1000 33 | 31. [Blind XXE on pu.vk.com](https://hackerone.com/reports/296622) to VK.com - 16 upvotes, $500 34 | 32. [XXE in the Connector Designer](https://hackerone.com/reports/112116) to Bime - 13 upvotes, $750 35 | 33. [[marketplace.informatica.com] - XXE](https://hackerone.com/reports/106797) to Informatica - 13 upvotes, $0 36 | 34. [AEM forms XXE Vulnerability](https://hackerone.com/reports/1321070) to Adobe - 13 upvotes, $0 37 | 35. [OOB XXE ](https://hackerone.com/reports/690387) to Mail.ru - 12 upvotes, $500 38 | 36. [blind XXE when uploading avatar in mymail phone app](https://hackerone.com/reports/277341) to Mail.ru - 11 upvotes, $1000 39 | 37. [XXE issue](https://hackerone.com/reports/130661) to Moneybird - 11 upvotes, $150 40 | 38. [[rev-app.informatica.com] - XXE via SAML](https://hackerone.com/reports/106865) to Informatica - 11 upvotes, $0 41 | 39. [[marketplace.informatica.com] - XXE](https://hackerone.com/reports/106802) to Informatica - 11 upvotes, $0 42 | 40. [h1-5411-CTF report: LFI / Deserialization / XXE vulnerability, ](https://hackerone.com/reports/415233) to h1-5411-CTF - 8 upvotes, $0 43 | 41. [[usuppliers.uber.com] - Server Side Request Forgery via XXE OOB](https://hackerone.com/reports/448598) to Uber - 7 upvotes, $500 44 | 42. [XXE крит](https://hackerone.com/reports/449627) to Mail.ru - 7 upvotes, $300 45 | 43. [XXE on www.publish.engelvoelkers.com](https://hackerone.com/reports/914801) to Engel & Völkers Technology GmbH - 7 upvotes, $0 46 | 44. [XXE in Enterprise Search's App Search web crawler](https://hackerone.com/reports/1156748) to Elastic - 6 upvotes, $8200 47 | 45. [[Java]: Add XXE sinks](https://hackerone.com/reports/1339787) to GitHub Security Lab - 6 upvotes, $1800 48 | 46. [XXE at Informatica sub-domain](https://hackerone.com/reports/150520) to Informatica - 6 upvotes, $0 49 | 47. [OOB XXE ](https://hackerone.com/reports/690295) to Mail.ru - 5 upvotes, $500 50 | 48. [[Python]: CWE-611: XXE](https://hackerone.com/reports/1512937) to GitHub Security Lab - 4 upvotes, $1800 51 | 49. [XXE and SSRF on webmaster.mail.ru](https://hackerone.com/reports/12583) to Mail.ru - 3 upvotes, $700 52 | 50. [XXE in OAuth2 Applications gallery profile App logo](https://hackerone.com/reports/104620) to Coinbase - 2 upvotes, $0 53 | 51. [XXE at host vpn.owncloud.com](https://hackerone.com/reports/105980) to ownCloud - 2 upvotes, $0 54 | 52. [Pippo XML Entity Expansion (Billion Laughs Attack)](https://hackerone.com/reports/506791) to Central Security Project - 1 upvotes, $0 55 | -------------------------------------------------------------------------------- /rater.py: -------------------------------------------------------------------------------- 1 | """ 2 | This script runs fourth (optional). 3 | 4 | It simply takes info from data.csv and aggregate it. 5 | You can use this script as an example to create your custom lists of reports. 6 | 7 | To use it without modifications you should put non-empty data.csv file 8 | in the same directory with this script (current data.csv is good). 9 | """ 10 | 11 | import csv 12 | 13 | index = [] 14 | 15 | 16 | def clean_title(title): 17 | return ' '.join(title.split()).lower().replace('-', ' ').replace('—', ' ').replace(',', '').replace('.', '') \ 18 | .replace(':', '').replace(';', '') 19 | 20 | 21 | def check_title(title, keywords): 22 | for keyword in keywords: 23 | if len(keyword.split()) == 1: 24 | for word in title.split(): 25 | if word == keyword: 26 | return True 27 | else: 28 | if keyword in title: 29 | return True 30 | return False 31 | 32 | 33 | def top_100_upvoted(reports): 34 | upvotes_sorted_reports = list(reversed(sorted(reports, key=lambda k: k['upvotes']))) 35 | with open('tops_100/TOP100UPVOTED.md', 'w', encoding='utf-8') as file: 36 | file.write('Top 100 upvoted reports from HackerOne:\n\n') 37 | for i in range(0, 100): 38 | report = upvotes_sorted_reports[i] 39 | file.write( 40 | '{0}. [{1}](https://{2}) to {3} - {4} upvotes, ${5}\n'.format(i + 1, report['title'], report['link'], 41 | report['program'], 42 | report['upvotes'], int(report['bounty']))) 43 | 44 | 45 | def top_100_paid(reports): 46 | bounty_sorted_reports = list(reversed(sorted(reports, key=lambda k: (k['bounty'], k['upvotes'])))) 47 | with open('tops_100/TOP100PAID.md', 'w', encoding='utf-8') as file: 48 | file.write('Top 100 paid reports from HackerOne:\n\n') 49 | for i in range(0, 100): 50 | report = bounty_sorted_reports[i] 51 | file.write( 52 | '{0}. [{1}](https://{2}) to {3} - ${4}, {5} upvotes\n'.format(i + 1, report['title'], report['link'], 53 | report['program'], 54 | int(report['bounty']), report['upvotes'])) 55 | 56 | 57 | def top_by_bug_type(reports, bug_type, bug_name, keywords): 58 | filtered_reports = [report for report in reports if check_title(clean_title(report['title']), keywords)] 59 | for filtered_report in filtered_reports: 60 | index.append(filtered_report['link']) 61 | bug_sorted_reports = list(reversed(sorted(filtered_reports, key=lambda k: (k['upvotes'], k['bounty'])))) 62 | with open('tops_by_bug_type/TOP{0}.md'.format(bug_type), 'w', encoding='utf-8') as file: 63 | file.write('Top {0} reports from HackerOne:\n\n'.format(bug_name)) 64 | for i in range(0, len(bug_sorted_reports)): 65 | report = bug_sorted_reports[i] 66 | file.write('{0}. [{1}](https://{2}) to {3} - {4} upvotes, ${5}\n' 67 | .format(i + 1, report['title'], report['link'], report['program'], report['upvotes'], int(report['bounty']))) 68 | 69 | 70 | def top_by_program(reports, program): 71 | filtered_reports = [report for report in reports if report['program'] == program] 72 | bug_sorted_reports = list(reversed(sorted(filtered_reports, key=lambda k: (k['upvotes'], k['bounty'])))) 73 | with open('tops_by_program/TOP{0}.md'.format(program.upper().replace('.', '').replace('-', '').replace(' ', '')), 74 | 'w', encoding='utf-8') as file: 75 | file.write('Top reports from {0} program at HackerOne:\n\n'.format(program)) 76 | for i in range(0, len(bug_sorted_reports)): 77 | report = bug_sorted_reports[i] 78 | file.write('{0}. [{1}](https://{2}) to {3} - {4} upvotes, ${5}\n' 79 | .format(i + 1, report['title'], report['link'], report['program'], report['upvotes'], int(report['bounty']))) 80 | 81 | 82 | def main(): 83 | reports = [] 84 | max_title_length = 0 85 | with open('data.csv', 'r', newline='', encoding='utf-8') as file: 86 | reader = csv.DictReader(file) 87 | for row in reader: 88 | row_dict = dict(row) 89 | row_dict['bounty'] = float(row_dict['bounty'].replace('"', '').replace('$', '').replace(',', '')) 90 | row_dict['upvotes'] = int(row_dict['upvotes']) 91 | row_dict['title'] = row_dict['title'].replace('<', '\<').replace('>', '\>') 92 | if len(row_dict['title']) > max_title_length: 93 | max_title_length = len(row_dict['title']) 94 | reports.append(row_dict) 95 | print('Max title length:', max_title_length) 96 | 97 | top_100_upvoted(reports) 98 | top_100_paid(reports) 99 | 100 | top_by_bug_type(reports, 'XSS', 'XSS', ['css', 'xss', 'domxss', 'cross site scripting', ]) 101 | top_by_bug_type(reports, 'XXE', 'XXE', ['xxe', 'xml external entity', 'xml entity']) 102 | top_by_bug_type(reports, 'CSRF', 'CSRF', ['csrf', 'xsrf', 'cross site request forgery']) 103 | top_by_bug_type(reports, 'IDOR', 'IDOR', ['idor', 'insecure direct object reference']) 104 | top_by_bug_type(reports, 'RCE', 'RCE', ['rce', 'remote code execution']) 105 | top_by_bug_type(reports, 'SQLI', 'SQLI', ['sqli', 'sql inj', 'sql command injection']) 106 | top_by_bug_type(reports, 'SSRF', 'SSRF', ['ssrf', 'server side request forgery']) 107 | top_by_bug_type(reports, 'RACECONDITION', 'Race Condition', ['race condition']) 108 | top_by_bug_type(reports, 'SUBDOMAINTAKEOVER', 'Subdomain Takeover', 109 | ['domain takeover', 'domain takeover', 'domain take over']) 110 | top_by_bug_type(reports, 'OPENREDIRECT', 'Open Redirect', ['open redirect']) 111 | top_by_bug_type(reports, 'CLICKJACKING', 'Clickjacking', ['clickjacking', 'click jacking', 'clicjacking']) 112 | top_by_bug_type(reports, 'DOS', 'DoS', ['dos', 'denial of service', 'service denial']) 113 | top_by_bug_type(reports, 'OAUTH', 'OAuth', ['oauth']) 114 | top_by_bug_type(reports, 'ACCOUNTTAKEOVER', 'Account Takeover', ['account takeover', 'ato']) 115 | 116 | programs = {} 117 | for report in reports: 118 | if report['program'] not in programs: 119 | programs[report['program']] = [report] 120 | else: 121 | programs[report['program']].append(report) 122 | top_programs = sorted(programs, key=lambda k: len(programs[k]), reverse=True) 123 | for program in top_programs[:35]: 124 | print(program) 125 | top_by_program(reports, program) 126 | 127 | count_of_not_indexed = 0 128 | for report in reports: 129 | if report['link'] not in index: 130 | count_of_not_indexed += 1 131 | print(report['title']) 132 | print('Count of all reports:', len(reports)) 133 | print('Count of not indexed reports:', count_of_not_indexed) 134 | 135 | 136 | if __name__ == '__main__': 137 | main() 138 | -------------------------------------------------------------------------------- /tops_by_program/TOPLOCALIZE.md: -------------------------------------------------------------------------------- 1 | [Back](../README.md) 2 | 3 | Top reports from Localize program at HackerOne: 4 | 5 | 1. [2-factor authentication can be disabled when logged in without confirming account password](https://hackerone.com/reports/783258) to Localize - 136 upvotes, $500 6 | 2. [Stored XSS in Name of Team Member Invitation](https://hackerone.com/reports/786301) to Localize - 11 upvotes, $50 7 | 3. [The password limit is not set, [DoS].](https://hackerone.com/reports/783356) to Localize - 11 upvotes, $50 8 | 4. [CSRF in adding phrase.](https://hackerone.com/reports/7962) to Localize - 10 upvotes, $0 9 | 5. [Full Path Disclosure / Info Disclosure in Creating New Group](https://hackerone.com/reports/8090) to Localize - 9 upvotes, $0 10 | 6. [Private Project Access Request Invitation Sent Via CSRF ](https://hackerone.com/reports/8226) to Localize - 6 upvotes, $0 11 | 7. [XSS & HTML injection](https://hackerone.com/reports/7876) to Localize - 5 upvotes, $0 12 | 8. [Sign-up Form CSRF](https://hackerone.com/reports/7865) to Localize - 5 upvotes, $0 13 | 9. [XSS in Groups](https://hackerone.com/reports/7868) to Localize - 4 upvotes, $0 14 | 10. [XSS in invite approval](https://hackerone.com/reports/7887) to Localize - 4 upvotes, $0 15 | 11. [XSS in main page](https://hackerone.com/reports/7882) to Localize - 4 upvotes, $0 16 | 12. [Nginx version is disclosed in HTTP response](https://hackerone.com/reports/783852) to Localize - 4 upvotes, $0 17 | 13. [XSS in main page (invitation)](https://hackerone.com/reports/7886) to Localize - 3 upvotes, $0 18 | 14. [Sensitive file](https://hackerone.com/reports/7968) to Localize - 3 upvotes, $0 19 | 15. [HTML/Javascript possible in "Discussion" section of reviews](https://hackerone.com/reports/7897) to Localize - 3 upvotes, $0 20 | 16. [Business logic Failure - Browser cache management and logout vulnerability.](https://hackerone.com/reports/7909) to Localize - 3 upvotes, $0 21 | 17. [Path Disclosure (Info Disclosure) in http://www.localize.io](https://hackerone.com/reports/7903) to Localize - 2 upvotes, $0 22 | 18. [Apache Documentation](https://hackerone.com/reports/8055) to Localize - 2 upvotes, $0 23 | 19. [Numerous open ports/services](https://hackerone.com/reports/8064) to Localize - 2 upvotes, $0 24 | 20. [Criptographic Issue: Strisct Transport Security with not good max age..(TOO SHORT!)](https://hackerone.com/reports/9008) to Localize - 2 upvotes, $0 25 | 21. [Full Path Disclosure (FPD) in www.localize.im](https://hackerone.com/reports/9256) to Localize - 2 upvotes, $0 26 | 22. [Atttacker can send "Invitation Request" to a Project that is not even created yet!](https://hackerone.com/reports/9088) to Localize - 2 upvotes, $0 27 | 23. [XSS in Localize.io](https://hackerone.com/reports/7890) to Localize - 1 upvotes, $0 28 | 24. [User credentials are sent in clear text](https://hackerone.com/reports/7950) to Localize - 1 upvotes, $0 29 | 25. [HTML Form Without CSRF protection](https://hackerone.com/reports/7863) to Localize - 1 upvotes, $0 30 | 26. [Full path disclosure](https://hackerone.com/reports/7894) to Localize - 1 upvotes, $0 31 | 27. [No Cross-Site Request Forgery protection at multiple locations](https://hackerone.com/reports/7916) to Localize - 1 upvotes, $0 32 | 28. [Unexpected array leaks information about the system](https://hackerone.com/reports/7888) to Localize - 1 upvotes, $0 33 | 29. [Information Disclosure (Directory Structure)](https://hackerone.com/reports/7930) to Localize - 1 upvotes, $0 34 | 30. [Uninitialized variable error message leaks information ](https://hackerone.com/reports/7915) to Localize - 1 upvotes, $0 35 | 31. [Full Path Disclosure (FPD) in www.localize.io](https://hackerone.com/reports/8088) to Localize - 1 upvotes, $0 36 | 32. [Full Path Disclosure / Info Disclosure in Importing XML Section!](https://hackerone.com/reports/8091) to Localize - 1 upvotes, $0 37 | 33. [Full Path Disclosure (2)](https://hackerone.com/reports/8013) to Localize - 1 upvotes, $0 38 | 34. [Full Path Disclosure](https://hackerone.com/reports/7972) to Localize - 1 upvotes, $0 39 | 35. [Assigning a non-existing role to user causes exception when opening project page](https://hackerone.com/reports/7921) to Localize - 1 upvotes, $0 40 | 36. [Password type input with auto-complete enabled](https://hackerone.com/reports/7954) to Localize - 1 upvotes, $0 41 | 37. [infinite number of new project creation!](https://hackerone.com/reports/8093) to Localize - 1 upvotes, $0 42 | 38. [XSS in password](https://hackerone.com/reports/7995) to Localize - 1 upvotes, $0 43 | 39. [Apache2 /icons/ folder accessible](https://hackerone.com/reports/7923) to Localize - 1 upvotes, $0 44 | 40. [Server header - information disclosure ](https://hackerone.com/reports/7914) to Localize - 1 upvotes, $0 45 | 41. [PHP PDOException and Full Path Disclosure](https://hackerone.com/reports/15899) to Localize - 1 upvotes, $0 46 | 42. [Full Path Disclosure (FPD) in www.localize.im](https://hackerone.com/reports/9745) to Localize - 1 upvotes, $0 47 | 43. [full path disclosure from false language](https://hackerone.com/reports/13237) to Localize - 1 upvotes, $0 48 | 44. [missing sender policy framework (SPF)](https://hackerone.com/reports/12836) to Localize - 1 upvotes, $0 49 | 45. [Deleting groups in any project without permission ](https://hackerone.com/reports/8104) to Localize - 0 upvotes, $0 50 | 46. [Making groups in any project without permission ](https://hackerone.com/reports/8102) to Localize - 0 upvotes, $0 51 | 47. [Stored XSS](https://hackerone.com/reports/7873) to Localize - 0 upvotes, $0 52 | 48. [Possible sensitive files](https://hackerone.com/reports/8019) to Localize - 0 upvotes, $0 53 | 49. [Login page password-guessing attack](https://hackerone.com/reports/8017) to Localize - 0 upvotes, $0 54 | 50. [Group Deletion Via CSRF](https://hackerone.com/reports/8218) to Localize - 0 upvotes, $0 55 | 51. [Group Creation Via CSRF](https://hackerone.com/reports/8216) to Localize - 0 upvotes, $0 56 | 52. [ Private Project Access Request Accpeted Via CSRF ](https://hackerone.com/reports/8224) to Localize - 0 upvotes, $0 57 | 53. [OPTIONS Method Enabled](https://hackerone.com/reports/8184) to Localize - 0 upvotes, $0 58 | 54. [No Wildcard DNS](https://hackerone.com/reports/8239) to Localize - 0 upvotes, $0 59 | 55. [A Serious Bug on SIGNUP Process!](https://hackerone.com/reports/7941) to Localize - 0 upvotes, $0 60 | 56. [No BruteForce Protection](https://hackerone.com/reports/7869) to Localize - 0 upvotes, $0 61 | 57. [ClickJacking](https://hackerone.com/reports/7862) to Localize - 0 upvotes, $0 62 | 58. [Change user settings through CSRF](https://hackerone.com/reports/7870) to Localize - 0 upvotes, $0 63 | 59. [Password Policy](https://hackerone.com/reports/7883) to Localize - 0 upvotes, $0 64 | 60. [X-Content-Type-Options header missing](https://hackerone.com/reports/8059) to Localize - 0 upvotes, $0 65 | 61. [Projects Watch or Notifications Settings Change Via CSRF](https://hackerone.com/reports/8273) to Localize - 0 upvotes, $0 66 | 62. [XSS in Team Only Area](https://hackerone.com/reports/10577) to Localize - 0 upvotes, $0 67 | 63. [Bug on registration as new Translator user](https://hackerone.com/reports/15679) to Localize - 0 upvotes, $0 68 | 64. [PHP PDOException and Full Path Disclosure](https://hackerone.com/reports/19363) to Localize - 0 upvotes, $0 69 | 65. [PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings.](https://hackerone.com/reports/30787) to Localize - 0 upvotes, $0 70 | 66. [files likes of README.md is public](https://hackerone.com/reports/31255) to Localize - 0 upvotes, $0 71 | 72 | 73 | [Back](../README.md) -------------------------------------------------------------------------------- /tops_by_bug_type/TOPRACECONDITION.md: -------------------------------------------------------------------------------- 1 | Top Race Condition reports from HackerOne: 2 | 3 | 1. [Race Condition allows to redeem multiple times gift cards which leads to free "money"](https://hackerone.com/reports/759247) to Reverb.com - 266 upvotes, $1500 4 | 2. [Race condition in performing retest allows duplicated payments](https://hackerone.com/reports/429026) to HackerOne - 199 upvotes, $2100 5 | 3. [Race condition in activating email resulting in infinite amount of diamonds received](https://hackerone.com/reports/509629) to InnoGames - 137 upvotes, $2000 6 | 4. [Client-Side Race Condition using Marketo, allows sending user to data-protocol in Safari when form without onSuccess is submitted on www.hackerone.com](https://hackerone.com/reports/381356) to HackerOne - 137 upvotes, $1250 7 | 5. [Race Condition leads to undeletable group member](https://hackerone.com/reports/604534) to HackerOne - 119 upvotes, $500 8 | 6. [Race Conditions in Popular reports feature.](https://hackerone.com/reports/146845) to HackerOne - 103 upvotes, $500 9 | 7. [Race Condition when following a user](https://hackerone.com/reports/927384) to Staging.every.org - 90 upvotes, $0 10 | 8. [Race Condition : Exploiting the loyalty claim https://xxx.vendhq.com/loyalty/claim/email/xxxxx url and gain x amount of loyalty bonus/cash](https://hackerone.com/reports/331940) to Vend VDP - 87 upvotes, $0 11 | 9. [Race Condition in Flag Submission](https://hackerone.com/reports/454949) to HackerOne - 72 upvotes, $500 12 | 10. [Race condition leads to duplicate payouts](https://hackerone.com/reports/220445) to HackerOne - 61 upvotes, $750 13 | 11. [Race Condition of Transfer data Credits to Organization Leads to Add Extra free Data Credits to the Organization](https://hackerone.com/reports/974892) to Helium - 60 upvotes, $250 14 | 12. [Race Condition on "Get free Badoo Premium" which allows to get more days of free premium for Free. ](https://hackerone.com/reports/1037430) to Bumble - 50 upvotes, $200 15 | 13. [Race condition in claiming program credentials ](https://hackerone.com/reports/488985) to HackerOne - 44 upvotes, $500 16 | 14. [Race Conditions in OAuth 2 API implementations](https://hackerone.com/reports/55140) to Internet Bug Bounty - 35 upvotes, $2500 17 | 15. [Race conditions can be used to bypass invitation limit](https://hackerone.com/reports/115007) to Keybase - 33 upvotes, $350 18 | 16. [Race condition in User comments Likes](https://hackerone.com/reports/1409913) to Zomato - 33 upvotes, $150 19 | 17. [Race Condition in Redeeming Coupons](https://hackerone.com/reports/157996) to Instacart - 31 upvotes, $200 20 | 18. [Race condition while removing the love react in community files.](https://hackerone.com/reports/996141) to Figma - 31 upvotes, $150 21 | 19. [JSBeautifier BApp: Race condition leads to memory disclosure](https://hackerone.com/reports/187134) to PortSwigger Web Security - 29 upvotes, $0 22 | 20. [Race condition на market.games.mail.ru](https://hackerone.com/reports/317557) to Mail.ru - 28 upvotes, $1000 23 | 21. [Race condition at create new Location](https://hackerone.com/reports/413759) to Shopify - 23 upvotes, $500 24 | 22. [Race condition leads to Inflation of coins when bought via Google Play Store at endpoint https://oauth.reddit.com/api/v2/gold/android/verify_purchase ](https://hackerone.com/reports/801743) to Reddit - 22 upvotes, $500 25 | 23. [Race Condition in account survey](https://hackerone.com/reports/165570) to Slack - 21 upvotes, $150 26 | 24. [[api.krisp.ai] Race condition on /v2/seats endpoint allows bypassing the original seat limit](https://hackerone.com/reports/1418419) to Krisp - 20 upvotes, $100 27 | 25. [Register multiple users using one invitation (race condition)](https://hackerone.com/reports/148609) to Keybase - 17 upvotes, $350 28 | 26. [Race condition vulnerability on "This Rocks" button.](https://hackerone.com/reports/474021) to Rockstar Games - 17 upvotes, $250 29 | 27. [Race condition in endpoint POST fetlife.com/users/invitation, allow attacker to generate unlimited invites](https://hackerone.com/reports/1460373) to FetLife - 17 upvotes, $100 30 | 28. [Race condition in GitLab import, giving access to other people their imports due to filename collision](https://hackerone.com/reports/214028) to GitLab - 17 upvotes, $0 31 | 29. [Race condition on the Federalist API endpoints can lead to the Denial of Service attack](https://hackerone.com/reports/249319) to GSA Bounty - 15 upvotes, $150 32 | 30. [Race condition при покупке подарков на games.mail.ru](https://hackerone.com/reports/685432) to Mail.ru - 14 upvotes, $0 33 | 31. [race condition in adding team members](https://hackerone.com/reports/176127) to Shopify - 13 upvotes, $500 34 | 32. [Race condition (TOCTOU) in NordVPN can result in local privilege escalation](https://hackerone.com/reports/768110) to Nord Security - 12 upvotes, $500 35 | 33. [Issue in the implementation of captcha and race condition](https://hackerone.com/reports/67562) to VK.com - 12 upvotes, $100 36 | 34. [Race Condition Vulnerability On Pornhubpremium.com](https://hackerone.com/reports/183624) to Pornhub - 11 upvotes, $520 37 | 35. [Race condition на покупке призов за баллы](https://hackerone.com/reports/700833) to Mail.ru - 11 upvotes, $150 38 | 36. [Race condition in Flash workers may cause an exploitabl​e double free](https://hackerone.com/reports/37240) to Internet Bug Bounty - 10 upvotes, $10000 39 | 37. [Race Condition in Definition Votes](https://hackerone.com/reports/152717) to Urban Dictionary - 10 upvotes, $0 40 | 38. [Race Condition allows to get more free trials and get more than 100 languages and strings for free](https://hackerone.com/reports/1087188) to Weblate - 10 upvotes, $0 41 | 39. [Race Condition in Oauth 2.0 flow can lead to malicious applications create multiple valid sessions](https://hackerone.com/reports/699112) to Razer - 8 upvotes, $250 42 | 40. [Bypass subdomain limits using race condition](https://hackerone.com/reports/395351) to Chaturbate - 8 upvotes, $100 43 | 41. [Race Condition in Article "Helpful" Indicator](https://hackerone.com/reports/109485) to Zendesk - 8 upvotes, $50 44 | 42. [Race condition allows to send multiple times feedback for the hacker](https://hackerone.com/reports/1132171) to HackerOne - 8 upvotes, $0 45 | 43. [Race Conditions Exist When Accepting Invitations](https://hackerone.com/reports/119354) to HackerOne - 6 upvotes, $0 46 | 44. [Race condition when redeeming coupon codes](https://hackerone.com/reports/59179) to Dropbox - 5 upvotes, $216 47 | 45. [Race condition allowing user to review app multiple times](https://hackerone.com/reports/106360) to Coinbase - 4 upvotes, $100 48 | 46. [Race condition on action: Invite members to a team](https://hackerone.com/reports/1285538) to Omise - 4 upvotes, $100 49 | 47. [The endpoint /api/internal/graphql/requestAuthEmail on Khanacademy.or is vulnerable to Race Condition Attack.](https://hackerone.com/reports/1293377) to Khan Academy - 4 upvotes, $0 50 | 48. [Race Condition Vulnerability when creating profiles](https://hackerone.com/reports/1428690) to Showmax - 3 upvotes, $0 51 | 49. [Race condition in workers may cause an exploitable double free by abusing bytearray.compress() ](https://hackerone.com/reports/47227) to Internet Bug Bounty - 2 upvotes, $10000 52 | 50. [Race condition on my.stripo.email at /cabinet/stripeapi/v1/projects/298427/emails/folders uri](https://hackerone.com/reports/994051) to Stripo Inc - 2 upvotes, $0 53 | 51. [Adobe Flash Player Race Condition Vulnerability](https://hackerone.com/reports/119657) to Internet Bug Bounty - 1 upvotes, $2000 54 | 52. [Race condition with CURL_LOCK_DATA_CONNECT can cause connections to be used at the same time](https://hackerone.com/reports/724134) to curl - 1 upvotes, $0 55 | 53. [Data race conditions reported by helgrind when performing parallel DNS queries in libcurl](https://hackerone.com/reports/1019457) to curl - 0 upvotes, $0 56 | -------------------------------------------------------------------------------- /tops_by_program/TOPOLX.md: -------------------------------------------------------------------------------- 1 | [Back](../README.md) 2 | 3 | Top reports from OLX program at HackerOne: 4 | 5 | 1. [XSS - main page - search[user_id] parameter](https://hackerone.com/reports/477771) to OLX - 135 upvotes, $0 6 | 2. [[Critical] Delete any account ](https://hackerone.com/reports/158872) to OLX - 112 upvotes, $0 7 | 3. [SQL Injection on https://www.olx.co.id](https://hackerone.com/reports/639876) to OLX - 71 upvotes, $0 8 | 4. [web cache deception in https://tradus.com lead to name/user_id enumeration and other info](https://hackerone.com/reports/537564) to OLX - 59 upvotes, $0 9 | 5. [SQL Injection https://www.olx.co.id](https://hackerone.com/reports/446293) to OLX - 48 upvotes, $0 10 | 6. [Reflected XSS on https://www.olx.co.id/iklan/*.html via "ad_type" parameter](https://hackerone.com/reports/630265) to OLX - 35 upvotes, $0 11 | 7. [XSS inside HTML Link Tag](https://hackerone.com/reports/504984) to OLX - 29 upvotes, $0 12 | 8. [Public Vulnerable Version of Confluence https://confluence.olx.com](https://hackerone.com/reports/207013) to OLX - 29 upvotes, $0 13 | 9. [Reflected XSS in www.olx.co.id](https://hackerone.com/reports/639796) to OLX - 27 upvotes, $0 14 | 10. [Able to list user's public name, username, phone number, address, facebook ID...](https://hackerone.com/reports/167206) to OLX - 19 upvotes, $0 15 | 11. [Search Page Reflected XSS on sharjah.dubizzle.com through unencoded output of GET parameter in JavaScript](https://hackerone.com/reports/363571) to OLX - 18 upvotes, $0 16 | 12. [Updating and Deleting any Ads on OLX Philippines ](https://hackerone.com/reports/150631) to OLX - 17 upvotes, $0 17 | 13. [Cross Site Scripting -\> Reflected XSS](https://hackerone.com/reports/150568) to OLX - 17 upvotes, $0 18 | 14. [XSS Reflected at SEARCH \>\>](https://hackerone.com/reports/429647) to OLX - 17 upvotes, $0 19 | 15. [Subdomain Takeover (http://docs.olx.ph/ , http://calendar.olx.ph/, http://sites.olx.ph/)](https://hackerone.com/reports/206516) to OLX - 16 upvotes, $0 20 | 16. [Reflective XSS at olx.ph](https://hackerone.com/reports/361647) to OLX - 15 upvotes, $0 21 | 17. [XSS @ *.letgo.com](https://hackerone.com/reports/150822) to OLX - 14 upvotes, $0 22 | 18. [Bypass CSP frame-ancestors at olx.co.za, olx.com.gh](https://hackerone.com/reports/371980) to OLX - 13 upvotes, $0 23 | 19. [Combined attacks leading to stealing user's account](https://hackerone.com/reports/205529) to OLX - 12 upvotes, $0 24 | 20. [Reflected XSS on www.olx.co.id via ad_type parameter](https://hackerone.com/reports/633751) to OLX - 12 upvotes, $0 25 | 21. [Manipulating joinolx.com Job Vacancy alert subscription emails (HTML Injection / Script Injection)](https://hackerone.com/reports/151149) to OLX - 11 upvotes, $0 26 | 22. [stored XSS in olx.pl - ogloszenie TITLE element - moderator acc can be hacked](https://hackerone.com/reports/150668) to OLX - 11 upvotes, $0 27 | 23. [I found a way to instantly take over ads by other users and change them (IDOR)](https://hackerone.com/reports/253929) to OLX - 11 upvotes, $0 28 | 24. [XSS @ yaman.olx.ph](https://hackerone.com/reports/150565) to OLX - 10 upvotes, $0 29 | 25. [Arbitrary File Reading](https://hackerone.com/reports/150783) to OLX - 10 upvotes, $0 30 | 26. [Stored XSS in buy topup OLX Gold Credits ](https://hackerone.com/reports/169625) to OLX - 10 upvotes, $0 31 | 27. [Reflected XSS on m.olx.co.id via ad_type parameter](https://hackerone.com/reports/636278) to OLX - 10 upvotes, $0 32 | 28. [Unauthorised access to olx.in user accounts. ](https://hackerone.com/reports/155130) to OLX - 9 upvotes, $0 33 | 29. [Full Account Takeover ](https://hackerone.com/reports/159202) to OLX - 9 upvotes, $0 34 | 30. [All Active user sessions should be destroyed when user change his password!](https://hackerone.com/reports/150540) to OLX - 9 upvotes, $0 35 | 31. [Bypass Rejected ads so user can view it as normal live ad.](https://hackerone.com/reports/669736) to OLX - 9 upvotes, $0 36 | 32. [load scripts DOS vulnerability](https://hackerone.com/reports/694467) to OLX - 9 upvotes, $0 37 | 33. [CSRF in account configuration leads to complete account compromise](https://hackerone.com/reports/150586) to OLX - 8 upvotes, $0 38 | 34. [Reflected XSS in www.olx.ph](https://hackerone.com/reports/150746) to OLX - 8 upvotes, $0 39 | 35. [Multiple vulnerabilities in http://blog.dubizzle.com/uae](https://hackerone.com/reports/188279) to OLX - 8 upvotes, $0 40 | 36. [Directory Listing of all the resource files of olx.com.eg ](https://hackerone.com/reports/175760) to OLX - 7 upvotes, $0 41 | 37. [XSS on Meta Tag at https://m.olx.ph](https://hackerone.com/reports/157813) to OLX - 7 upvotes, $0 42 | 38. [blog.praca.olx.pl database credentials exposure](https://hackerone.com/reports/448985) to OLX - 7 upvotes, $0 43 | 39. [XSS @ *.olx.com.ar](https://hackerone.com/reports/150560) to OLX - 6 upvotes, $0 44 | 40. [Name, email, phone and more disclosure on user ID (API)](https://hackerone.com/reports/171917) to OLX - 6 upvotes, $0 45 | 41. [Reflected XSS in [olx.qa]](https://hackerone.com/reports/191332) to OLX - 6 upvotes, $0 46 | 42. [CSRF in delete advertisement on olx.com.eg](https://hackerone.com/reports/178384) to OLX - 6 upvotes, $0 47 | 43. [XSS in OLX.pl ("title" in new advertisement)](https://hackerone.com/reports/267473) to OLX - 6 upvotes, $0 48 | 44. [XSS yaman.olx.ph](https://hackerone.com/reports/151147) to OLX - 5 upvotes, $0 49 | 45. [XSS on Home page olx.com.ar via auto save search text](https://hackerone.com/reports/151691) to OLX - 5 upvotes, $0 50 | 46. [Stored XSS on contact name](https://hackerone.com/reports/152069) to OLX - 5 upvotes, $0 51 | 47. [Reflective XSS at m.olx.ph](https://hackerone.com/reports/177230) to OLX - 5 upvotes, $0 52 | 48. [yaman.olx.ph/wordpress is using a very vulnerable version of WordPress and contains directory listing](https://hackerone.com/reports/202918) to OLX - 5 upvotes, $0 53 | 49. [Reflected XSS at yaman.olx.ph](https://hackerone.com/reports/151258) to OLX - 4 upvotes, $0 54 | 50. [these are my old reports and still i have not receive any good replys, these all are Cross Site Scripting(XSS) issues: POC1: https://www.youtube.com/w](https://hackerone.com/reports/157889) to OLX - 4 upvotes, $0 55 | 51. [full path disclosure vulnerability at https://security.olx.com/*](https://hackerone.com/reports/159481) to OLX - 4 upvotes, $0 56 | 52. [Reflected XSS at m.olx.ph](https://hackerone.com/reports/175410) to OLX - 4 upvotes, $0 57 | 53. [Reflected XSS in OLX.in](https://hackerone.com/reports/175801) to OLX - 4 upvotes, $0 58 | 54. [REFLECTED CROSS SITE SCRIPTING IN OLX](https://hackerone.com/reports/151305) to OLX - 4 upvotes, $0 59 | 55. [Reflected XSS in olx.pt](https://hackerone.com/reports/206125) to OLX - 4 upvotes, $0 60 | 56. [Bypassing Phone Verification For Posting AD On OLX](https://hackerone.com/reports/165854) to OLX - 3 upvotes, $0 61 | 57. [cross-site scripting in get request](https://hackerone.com/reports/150944) to OLX - 3 upvotes, $0 62 | 58. [ OLX is vulnerable to clickjaking](https://hackerone.com/reports/231713) to OLX - 3 upvotes, $0 63 | 59. [xss yaman.olx.ph](https://hackerone.com/reports/151310) to OLX - 2 upvotes, $0 64 | 60. [XSS and Open Redirect on https://jobs.dubizzle.com/](https://hackerone.com/reports/167107) to OLX - 2 upvotes, $0 65 | 61. [XSS and HTML Injection https://sharjah.dubizzle.com/](https://hackerone.com/reports/162296) to OLX - 2 upvotes, $0 66 | 62. [Full path disclosure vulnerability at http://corporate.olx.ph](https://hackerone.com/reports/171048) to OLX - 2 upvotes, $0 67 | 63. [Reflective XSS at dubai.dubizzle.com](https://hackerone.com/reports/177619) to OLX - 2 upvotes, $0 68 | 64. [olx.ph is vulnerable to POODLE attack](https://hackerone.com/reports/192284) to OLX - 2 upvotes, $0 69 | 65. [Server Version Of https://www.olx.ph/](https://hackerone.com/reports/197238) to OLX - 2 upvotes, $0 70 | 66. [Reflected Cross Site scripting Attack (XSS)](https://hackerone.com/reports/150837) to OLX - 0 upvotes, $0 71 | 72 | 73 | [Back](../README.md) -------------------------------------------------------------------------------- /tops_by_program/TOPPORNHUB.md: -------------------------------------------------------------------------------- 1 | [Back](../README.md) 2 | 3 | Top reports from Pornhub program at HackerOne: 4 | 5 | 1. [[phpobject in cookie] Remote shell/command execution](https://hackerone.com/reports/141956) to Pornhub - 588 upvotes, $20000 6 | 2. [Publicly exposed SVN repository, ht.pornhub.com](https://hackerone.com/reports/72243) to Pornhub - 202 upvotes, $10000 7 | 3. [Multiple endpoints are vulnerable to XML External Entity injection (XXE) ](https://hackerone.com/reports/72272) to Pornhub - 134 upvotes, $2500 8 | 4. [vulnerabilitie](https://hackerone.com/reports/137723) to Pornhub - 127 upvotes, $0 9 | 5. [[RCE] Unserialize to XXE - file disclosure on ams.upload.pornhub.com](https://hackerone.com/reports/142562) to Pornhub - 87 upvotes, $10000 10 | 6. [xss](https://hackerone.com/reports/306554) to Pornhub - 83 upvotes, $100 11 | 7. [Unsecured DB instance](https://hackerone.com/reports/189192) to Pornhub - 66 upvotes, $5000 12 | 8. [[idor] Unauthorized Read access to all the private posts(Including Photos,Videos,Gifs)](https://hackerone.com/reports/148764) to Pornhub - 56 upvotes, $1500 13 | 9. [Wordpress Content injection ](https://hackerone.com/reports/202949) to Pornhub - 45 upvotes, $1500 14 | 10. [Stored XSS in photo comment functionality](https://hackerone.com/reports/172227) to Pornhub - 41 upvotes, $1500 15 | 11. [Stored XSS (client-side, using cookie poisoning) on the pornhubpremium.com](https://hackerone.com/reports/311948) to Pornhub - 39 upvotes, $250 16 | 12. [RCE Possible Via Video Manager Export using @ character in Video Title](https://hackerone.com/reports/146593) to Pornhub - 36 upvotes, $500 17 | 13. [Unsecured Elasticsearch Instance](https://hackerone.com/reports/267161) to Pornhub - 35 upvotes, $3500 18 | 14. [[stored xss, pornhub.com] stream post function](https://hackerone.com/reports/138075) to Pornhub - 35 upvotes, $1500 19 | 15. [IDOR - disclosure of private videos - /api_android_v3/getUserVideos](https://hackerone.com/reports/186279) to Pornhub - 29 upvotes, $1500 20 | 16. [Weak user aunthentication on mobile application - I just broken userKey secret password](https://hackerone.com/reports/138101) to Pornhub - 27 upvotes, $5000 21 | 17. [[IDOR] post to anyone even if their stream is restricted to friends only](https://hackerone.com/reports/137954) to Pornhub - 27 upvotes, $1500 22 | 18. [[IDOR] Deleting other users comment](https://hackerone.com/reports/138243) to Pornhub - 23 upvotes, $1000 23 | 19. [Single User DOS by Poisoning Cookie via Get Parameter](https://hackerone.com/reports/416966) to Pornhub - 21 upvotes, $50 24 | 20. [Possibility to insert stored XSS inside \ tag](https://hackerone.com/reports/267643) to Pornhub - 19 upvotes, $1500 25 | 21. [XSS vulnerability using GIF tags](https://hackerone.com/reports/191674) to Pornhub - 18 upvotes, $1000 26 | 22. [Unsecured Kibana/Elasticsearch instance](https://hackerone.com/reports/188482) to Pornhub - 16 upvotes, $750 27 | 23. [Partial disclosure of Private Videos through data-mediabook attribute information leak](https://hackerone.com/reports/228495) to Pornhub - 16 upvotes, $250 28 | 24. [Self-XSS to Good-XSS - pornhub.com](https://hackerone.com/reports/761904) to Pornhub - 16 upvotes, $250 29 | 25. [Unsecured Grafana instance](https://hackerone.com/reports/167585) to Pornhub - 15 upvotes, $750 30 | 26. [Mobile Reflect XSS / CSRF at Advertisement Section on Search page](https://hackerone.com/reports/379705) to Pornhub - 15 upvotes, $200 31 | 27. [Private Photo Disclosure - /user/stream_photo_attach?load=album&id= endpoint](https://hackerone.com/reports/141868) to Pornhub - 14 upvotes, $1000 32 | 28. [Stored XSS in the any user profile using website link](https://hackerone.com/reports/242213) to Pornhub - 14 upvotes, $500 33 | 29. [Mixed Reflected-Stored XSS on pornhub.com (without user interaction) in the playlist playing section](https://hackerone.com/reports/222506) to Pornhub - 13 upvotes, $350 34 | 30. [XSS on pornhubselect.com](https://hackerone.com/reports/222556) to Pornhub - 13 upvotes, $0 35 | 31. [(Pornhub & Youporn & Brazzers ANDROID APP) : Upload Malicious APK / Overrite Existing APK / Android BackOffice Access ](https://hackerone.com/reports/142352) to Pornhub - 11 upvotes, $1500 36 | 32. [Blind Stored XSS against Pornhub employees using Amateur Model Program](https://hackerone.com/reports/216379) to Pornhub - 11 upvotes, $500 37 | 33. [Public Facing Barracuda Login](https://hackerone.com/reports/119918) to Pornhub - 11 upvotes, $250 38 | 34. [XSS Vulnerability at https://www.pornhubpremium.com/premium_signup? URL endpoint ](https://hackerone.com/reports/202548) to Pornhub - 11 upvotes, $250 39 | 35. [Race Condition Vulnerability On Pornhubpremium.com](https://hackerone.com/reports/183624) to Pornhub - 10 upvotes, $520 40 | 36. [Reflected XSS in login redirection module](https://hackerone.com/reports/216806) to Pornhub - 10 upvotes, $250 41 | 37. [Debug.log file Exposed to Public \Full Path Disclosure\](https://hackerone.com/reports/202939) to Pornhub - 10 upvotes, $0 42 | 38. [[ssrf] libav vulnerable during conversion of uploaded videos](https://hackerone.com/reports/111269) to Pornhub - 9 upvotes, $1500 43 | 39. [Disclosure of private photos/albums - http://www.pornhub.com/album/show_image_box](https://hackerone.com/reports/167582) to Pornhub - 9 upvotes, $750 44 | 40. [Stored XSS on the http://ht.pornhub.com/widgets/](https://hackerone.com/reports/186613) to Pornhub - 9 upvotes, $150 45 | 41. [Reflected XSS by way of jQuery function](https://hackerone.com/reports/141493) to Pornhub - 9 upvotes, $50 46 | 42. [Unprotected Memcache Installation running](https://hackerone.com/reports/119871) to Pornhub - 8 upvotes, $2500 47 | 43. [pornhub.com/user/welcome/basicinfo nickname field is vulnerable on xss](https://hackerone.com/reports/241198) to Pornhub - 8 upvotes, $750 48 | 44. [ Same-Origin Method Execution bug in plupload.flash.swf on /insights](https://hackerone.com/reports/138226) to Pornhub - 8 upvotes, $150 49 | 45. [CSV Macro injection in Video Manager (CEMI)](https://hackerone.com/reports/137850) to Pornhub - 8 upvotes, $100 50 | 46. [PornIQ Reflected Cross-Site Scripting](https://hackerone.com/reports/105486) to Pornhub - 7 upvotes, $250 51 | 47. [[idor] Profile Admin can pin any other user's post on his stream wall](https://hackerone.com/reports/138852) to Pornhub - 6 upvotes, $750 52 | 48. [[crossdomain.xml] Dangerous Flash Cross-Domain Policy](https://hackerone.com/reports/105655) to Pornhub - 6 upvotes, $50 53 | 49. [http://ht.pornhub.com/ stored XSS in widget stylesheet](https://hackerone.com/reports/207792) to Pornhub - 6 upvotes, $50 54 | 50. [Private videos can be added to our playlists](https://hackerone.com/reports/246819) to Pornhub - 6 upvotes, $0 55 | 51. [Unauthenticated access to Content Management System - www1.pornhubpremium.com](https://hackerone.com/reports/72735) to Pornhub - 5 upvotes, $5000 56 | 52. [SSRF & XSS (W3 Total Cache)](https://hackerone.com/reports/138721) to Pornhub - 5 upvotes, $1000 57 | 53. [Reflected cross-site scripting (XSS) vulnerability in pornhub.com allows attackers to inject arbitrary web script or HTML.](https://hackerone.com/reports/182132) to Pornhub - 5 upvotes, $200 58 | 54. [HTTP Track/Trace Method Enabled](https://hackerone.com/reports/119860) to Pornhub - 4 upvotes, $50 59 | 55. [Reflected Cross-Site Scripting on French subdomain](https://hackerone.com/reports/101108) to Pornhub - 3 upvotes, $250 60 | 56. [Cross Site Scripting - On Mouse Over, Blog page](https://hackerone.com/reports/100552) to Pornhub - 3 upvotes, $250 61 | 57. [[xss, pornhub.com] /user/[username], multiple parameters](https://hackerone.com/reports/100550) to Pornhub - 3 upvotes, $250 62 | 58. [XSS Reflected incategories*p](https://hackerone.com/reports/138046) to Pornhub - 3 upvotes, $250 63 | 59. [XSS ReflectedGET /*embed_player*?](https://hackerone.com/reports/138045) to Pornhub - 3 upvotes, $250 64 | 60. [[xss] pornhubpremium.com, /redeem?code= URL endpoint ](https://hackerone.com/reports/202536) to Pornhub - 3 upvotes, $250 65 | 61. [[reflected xss, pornhub.com] /blog, any](https://hackerone.com/reports/83566) to Pornhub - 3 upvotes, $100 66 | 62. [Cross Site Scripting – Album Page](https://hackerone.com/reports/82929) to Pornhub - 3 upvotes, $50 67 | 63. [Reflected XSS on ht.pornhub.com - /export/GetPreview](https://hackerone.com/reports/216469) to Pornhub - 1 upvotes, $0 68 | 69 | 70 | [Back](../README.md) -------------------------------------------------------------------------------- /tops_by_program/TOPPHABRICATOR.md: -------------------------------------------------------------------------------- 1 | [Back](../README.md) 2 | 3 | Top reports from Phabricator program at HackerOne: 4 | 5 | 1. [Command injection on Phabricator instance with an evil hg branch name](https://hackerone.com/reports/288704) to Phabricator - 38 upvotes, $1000 6 | 2. [Phabricator is vulnerable to padding oracle attacks and chosen-ciphertext attacks.](https://hackerone.com/reports/216746) to Phabricator - 21 upvotes, $750 7 | 3. [SSRF in notifications.server configuration](https://hackerone.com/reports/850114) to Phabricator - 20 upvotes, $300 8 | 4. [Markdown parsing issue enables insertion of malicious tags](https://hackerone.com/reports/758002) to Phabricator - 18 upvotes, $500 9 | 5. [Window.opener protection Bypass](https://hackerone.com/reports/306414) to Phabricator - 18 upvotes, $300 10 | 6. [IDOR bug to See hidden slowvote of any user even when you dont have access right](https://hackerone.com/reports/661978) to Phabricator - 15 upvotes, $300 11 | 7. [User with only Viewing Privilege can send message to Room](https://hackerone.com/reports/202499) to Phabricator - 14 upvotes, $300 12 | 8. [HTML in Diffusion not escaped in certain circumstances](https://hackerone.com/reports/148865) to Phabricator - 12 upvotes, $600 13 | 9. [Window.opener fix bypass](https://hackerone.com/reports/317243) to Phabricator - 12 upvotes, $300 14 | 10. [Exposing voting results on the Slowvote application without actually voting](https://hackerone.com/reports/434116) to Phabricator - 11 upvotes, $300 15 | 11. [Differential "Show Raw File" feature exposes generated files to unauthorised users](https://hackerone.com/reports/213942) to Phabricator - 10 upvotes, $600 16 | 12. [Log in a user to another account](https://hackerone.com/reports/774) to Phabricator - 10 upvotes, $300 17 | 13. [Administrator can create user without entering high security mode](https://hackerone.com/reports/351361) to Phabricator - 10 upvotes, $300 18 | 14. [Broken Authentication and Session Management](https://hackerone.com/reports/17474) to Phabricator - 7 upvotes, $300 19 | 15. [Fetching binaries (for software installation) over HTTP without verification (RCE as ROOT by MITM)](https://hackerone.com/reports/186352) to Phabricator - 7 upvotes, $300 20 | 16. [IRC-Bot exposes information](https://hackerone.com/reports/222870) to Phabricator - 7 upvotes, $300 21 | 17. [TOTP Key is shorter than RFC 4226 recommended minimum](https://hackerone.com/reports/435648) to Phabricator - 6 upvotes, $300 22 | 18. [Improperly implemented password recovery link functionality](https://hackerone.com/reports/809) to Phabricator - 5 upvotes, $300 23 | 19. [Persistent XSS: Editor link](https://hackerone.com/reports/4114) to Phabricator - 5 upvotes, $300 24 | 20. [OAuth Stealing Attack (New)](https://hackerone.com/reports/3930) to Phabricator - 4 upvotes, $400 25 | 21. [The special code in editor has no Authority control and can lead to Information Disclosure](https://hackerone.com/reports/221950) to Phabricator - 4 upvotes, $0 26 | 22. [Bypass auth.email-domains](https://hackerone.com/reports/2224) to Phabricator - 3 upvotes, $1000 27 | 23. [Bypass auth.email-domains (2)](https://hackerone.com/reports/2233) to Phabricator - 3 upvotes, $500 28 | 24. [OAuth access_token stealing in Phabricator](https://hackerone.com/reports/3596) to Phabricator - 3 upvotes, $450 29 | 25. [UnAuthorized Editorial Publishing to Blogs](https://hackerone.com/reports/3356) to Phabricator - 3 upvotes, $300 30 | 26. [Control character allowed in username](https://hackerone.com/reports/3921) to Phabricator - 3 upvotes, $300 31 | 27. [Error page Text Injection.](https://hackerone.com/reports/156196) to Phabricator - 3 upvotes, $0 32 | 28. [Enumerating emails through "Forgot Password" form](https://hackerone.com/reports/203614) to Phabricator - 3 upvotes, $0 33 | 29. [Restricted file access when it exists in old versions of task or wiki document](https://hackerone.com/reports/203658) to Phabricator - 3 upvotes, $0 34 | 30. [Autoclose can close any task regardless of policies/spaces](https://hackerone.com/reports/220909) to Phabricator - 3 upvotes, $0 35 | 31. [Request vulnerable to CSRF](https://hackerone.com/reports/513137) to Phabricator - 3 upvotes, $0 36 | 32. [Issue:Form does not contain an anti-CSRF token](https://hackerone.com/reports/513134) to Phabricator - 3 upvotes, $0 37 | 33. [Login CSRF using Twitter OAuth](https://hackerone.com/reports/2228) to Phabricator - 2 upvotes, $300 38 | 34. [Content Spoofing through URL](https://hackerone.com/reports/28792) to Phabricator - 2 upvotes, $0 39 | 35. [Password Policy issue](https://hackerone.com/reports/26758) to Phabricator - 2 upvotes, $0 40 | 36. [link reset problem](https://hackerone.com/reports/164483) to Phabricator - 2 upvotes, $0 41 | 37. [An unsafe design practice in the Passphrase may result in Secret being accidentally changed.](https://hackerone.com/reports/218324) to Phabricator - 2 upvotes, $0 42 | 38. [The mailbox verification API interface is unlimited and can be used as a mailbox bomb](https://hackerone.com/reports/221948) to Phabricator - 2 upvotes, $0 43 | 39. [XSS in editor by any user](https://hackerone.com/reports/18691) to Phabricator - 1 upvotes, $1000 44 | 40. [Multiple so called 'type juggling' attacks. Most notably PhabricatorUser::validateCSRFToken() is 'bypassable' in certain cases.](https://hackerone.com/reports/86022) to Phabricator - 1 upvotes, $450 45 | 41. [Open redirection on secure.phabricator.com](https://hackerone.com/reports/25160) to Phabricator - 1 upvotes, $400 46 | 42. [Abusing daemon logs for Privilege escalation under certain scenarios](https://hackerone.com/reports/16392) to Phabricator - 1 upvotes, $300 47 | 43. [Forgot Password Issue](https://hackerone.com/reports/23363) to Phabricator - 1 upvotes, $300 48 | 44. [Phabricator Diffusion application allows unauthorized users to delete mirrors](https://hackerone.com/reports/38965) to Phabricator - 1 upvotes, $300 49 | 45. [Passphrase credential lock bypass](https://hackerone.com/reports/139626) to Phabricator - 1 upvotes, $300 50 | 46. [CSRF token valid even after the session logout of a particular user](https://hackerone.com/reports/2857) to Phabricator - 1 upvotes, $0 51 | 47. [Back - Refresh - Attack To Obtain User Credentials](https://hackerone.com/reports/21064) to Phabricator - 1 upvotes, $0 52 | 48. [Password Reset Links Not Expiring](https://hackerone.com/reports/22858) to Phabricator - 1 upvotes, $0 53 | 49. [Content spoofing](https://hackerone.com/reports/27564) to Phabricator - 1 upvotes, $0 54 | 50. [Content injection ](https://hackerone.com/reports/36112) to Phabricator - 1 upvotes, $0 55 | 51. [Server Side Request Forgery in macro creation](https://hackerone.com/reports/50537) to Phabricator - 1 upvotes, $0 56 | 52. [No authentication required to add an email address.](https://hackerone.com/reports/139965) to Phabricator - 1 upvotes, $0 57 | 53. [Full path disclosure](https://hackerone.com/reports/143575) to Phabricator - 1 upvotes, $0 58 | 54. [Hyper Link Injection In email and Space Characters Allowed at Password Field.](https://hackerone.com/reports/252699) to Phabricator - 1 upvotes, $0 59 | 55. [Credential gets exposed](https://hackerone.com/reports/255132) to Phabricator - 1 upvotes, $0 60 | 56. [The "Download Raw Diff" URL is viewable by everyone](https://hackerone.com/reports/356408) to Phabricator - 1 upvotes, $0 61 | 57. [Abusing VCS control on phabricator](https://hackerone.com/reports/16315) to Phabricator - 0 upvotes, $600 62 | 58. [Phabricator Phame Blog Skins Local File Inclusion](https://hackerone.com/reports/39428) to Phabricator - 0 upvotes, $500 63 | 59. [SSRF vulnerability (access to metadata server on EC2 and OpenStack)](https://hackerone.com/reports/53088) to Phabricator - 0 upvotes, $300 64 | 60. [XSS with Time-of-Day Format](https://hackerone.com/reports/52822) to Phabricator - 0 upvotes, $300 65 | 61. [Information leakage through Graphviz blocks](https://hackerone.com/reports/88395) to Phabricator - 0 upvotes, $300 66 | 62. [Extended policy checks are buggy](https://hackerone.com/reports/109959) to Phabricator - 0 upvotes, $300 67 | 63. [Dashboard panel embedded onto itself causes a denial of service](https://hackerone.com/reports/85011) to Phabricator - 0 upvotes, $0 68 | 64. [libphutil: removing bytes from a PhutilRope does not work as intended](https://hackerone.com/reports/105657) to Phabricator - 0 upvotes, $0 69 | 70 | 71 | [Back](../README.md) -------------------------------------------------------------------------------- /tops_by_program/TOPSIFCHAIN.md: -------------------------------------------------------------------------------- 1 | Top reports from Sifchain program at HackerOne: 2 | 3 | 1. [Subdomain Takeover At the Main Domain Of Your Site ](https://hackerone.com/reports/1183296) to Sifchain - 32 upvotes, $200 4 | 2. [xmlrpc.php And /wp-json/wp/v2/users FILE IS enable it will used for bruteforce attack and denial of service](https://hackerone.com/reports/1147449) to Sifchain - 17 upvotes, $50 5 | 3. [Clickjacking Vulnerability in sifchain.finance](https://hackerone.com/reports/1185949) to Sifchain - 11 upvotes, $0 6 | 4. [Information Disclosure on https://rpc.sifchain.finance/](https://hackerone.com/reports/1197035) to Sifchain - 10 upvotes, $0 7 | 5. [Wrong implementation of Telegram link on the main page for PC users](https://hackerone.com/reports/1194293) to Sifchain - 7 upvotes, $100 8 | 6. [Subdomain Takeover on proxies.sifchain.finance pointing to vercel](https://hackerone.com/reports/1487793) to Sifchain - 6 upvotes, $100 9 | 7. [Vulnerable for clickjacking attack](https://hackerone.com/reports/1188639) to Sifchain - 6 upvotes, $0 10 | 8. [Email Spoofing on sifchain.finance](https://hackerone.com/reports/1191209) to Sifchain - 6 upvotes, $0 11 | 9. [Path Transversal inside saveContracts.js](https://hackerone.com/reports/1196917) to Sifchain - 6 upvotes, $0 12 | 10. [Clickjacking misconfiguration bug](https://hackerone.com/reports/1176104) to Sifchain - 6 upvotes, $0 13 | 11. [wrong url in hackerone \> goes to wix.com \> unconnected](https://hackerone.com/reports/1187018) to Sifchain - 5 upvotes, $200 14 | 12. [Wrong Url in Main Page](https://hackerone.com/reports/1188629) to Sifchain - 4 upvotes, $200 15 | 13. [Private RSA key for Vagrant exposed in GitHub repository](https://hackerone.com/reports/1183502) to Sifchain - 4 upvotes, $0 16 | 14. [A password in plain text in conf file](https://hackerone.com/reports/1188188) to Sifchain - 4 upvotes, $0 17 | 15. [Cross Origin Resource Sharing Misconfiguration | Lead to sensitive information.](https://hackerone.com/reports/1189363) to Sifchain - 4 upvotes, $0 18 | 16. [Flaws In Social media Icon on error page which can lead to financial loss to a company.](https://hackerone.com/reports/1186926) to Sifchain - 4 upvotes, $0 19 | 17. [CORS misconfiguration](https://hackerone.com/reports/1187543) to Sifchain - 4 upvotes, $0 20 | 18. [Private KEY of crypto wallet](https://hackerone.com/reports/1145581) to Sifchain - 3 upvotes, $0 21 | 19. [RSA PRIVATE KEY discloser](https://hackerone.com/reports/1183520) to Sifchain - 3 upvotes, $0 22 | 20. [ ETHEREUM_PRIVATE_KEY leaked via Open Github Repository](https://hackerone.com/reports/1133670) to Sifchain - 3 upvotes, $0 23 | 21. [Found key_adress and key_password in GitHub history](https://hackerone.com/reports/1188982) to Sifchain - 3 upvotes, $0 24 | 22. [Email spoofing](https://hackerone.com/reports/1187511) to Sifchain - 3 upvotes, $0 25 | 23. [No Rate Limit protection in user subscription form](https://hackerone.com/reports/1195429) to Sifchain - 3 upvotes, $0 26 | 24. [Private eth key found](https://hackerone.com/reports/1181213) to Sifchain - 3 upvotes, $0 27 | 25. [CORS Misconfiguration Leads to Sensitive Exposure on Sifchain main domain](https://hackerone.com/reports/1188684) to Sifchain - 3 upvotes, $0 28 | 26. [Exposed Openapi Token](https://hackerone.com/reports/1132690) to Sifchain - 2 upvotes, $0 29 | 27. [ETHEREUM_PRIVATE_KEY leaked ](https://hackerone.com/reports/1183269) to Sifchain - 2 upvotes, $0 30 | 28. [Social media links not working](https://hackerone.com/reports/1189282) to Sifchain - 2 upvotes, $0 31 | 29. [CORS Misconfiguration](https://hackerone.com/reports/1194280) to Sifchain - 2 upvotes, $0 32 | 30. [Wordpress Users Disclosure (/wp-json/wp/v2/users/) on sifchain.finance](https://hackerone.com/reports/1195194) to Sifchain - 2 upvotes, $0 33 | 31. [Found a url on source code which was disclosing different juicy informations like ip addresses and available endponts](https://hackerone.com/reports/1195432) to Sifchain - 2 upvotes, $0 34 | 32. [No Valid SPF Records/don't have DMARC record](https://hackerone.com/reports/1194598) to Sifchain - 2 upvotes, $0 35 | 33. [Open S3 Bucket | information leakage](https://hackerone.com/reports/1186897) to Sifchain - 2 upvotes, $0 36 | 34. [CORS (Cross-Origin Resource Sharing) origin validation failure -Any website can issue requests made with user credentials and read the responses to th](https://hackerone.com/reports/1188471) to Sifchain - 2 upvotes, $0 37 | 35. [Error Page Content Spoofing or Text Injection](https://hackerone.com/reports/1196253) to Sifchain - 2 upvotes, $0 38 | 36. [Bootstrap library is vulnerable](https://hackerone.com/reports/1198203) to Sifchain - 2 upvotes, $0 39 | 37. [Possible Database Details stored in values.yaml](https://hackerone.com/reports/1199803) to Sifchain - 2 upvotes, $0 40 | 38. [CORS (Cross-Origin Resource Sharing) origin validation failure](https://hackerone.com/reports/1192147) to Sifchain - 2 upvotes, $0 41 | 39. [Possibility of DoS attack at https://sifchain.finance// via CVE-2018-6389 exploitation](https://hackerone.com/reports/1186985) to Sifchain - 1 upvotes, $0 42 | 40. [mongodb credentials leaked in github](https://hackerone.com/reports/1183809) to Sifchain - 1 upvotes, $0 43 | 41. [ Information disclosure on Sifchain](https://hackerone.com/reports/1188998) to Sifchain - 1 upvotes, $0 44 | 42. [HTTPS not enforced at dex.sifchain.finance](https://hackerone.com/reports/1126401) to Sifchain - 1 upvotes, $0 45 | 43. [Cross-site Scripting (XSS) possible at https://sifchain.finance// via CVE-2019-8331 exploitation](https://hackerone.com/reports/1218173) to Sifchain - 1 upvotes, $0 46 | 44. [Origin IP Disclosure Vulnerability](https://hackerone.com/reports/1327443) to Sifchain - 1 upvotes, $0 47 | 45. [4 xss vulnerability dom based cwe 79 ; wordpress bootstrap.min.js is vulnerable](https://hackerone.com/reports/1219002) to Sifchain - 1 upvotes, $0 48 | 46. [ETHEREUM_PRIVATE_KEY leaked via github](https://hackerone.com/reports/1283605) to Sifchain - 1 upvotes, $0 49 | 47. [Sifchain token leak ](https://hackerone.com/reports/1188938) to Sifchain - 1 upvotes, $0 50 | 48. [Clickjacking](https://hackerone.com/reports/1206138) to Sifchain - 1 upvotes, $0 51 | 49. [CSRF in newsletter form](https://hackerone.com/reports/1190705) to Sifchain - 1 upvotes, $0 52 | 50. [No Rate Limit in email leads to huge Mass mailings](https://hackerone.com/reports/1185903) to Sifchain - 1 upvotes, $0 53 | 51. [Username disclosure at Main Domain](https://hackerone.com/reports/1188662) to Sifchain - 1 upvotes, $0 54 | 52. [No valid SPF record found](https://hackerone.com/reports/1187001) to Sifchain - 1 upvotes, $0 55 | 53. [Vulnerability : Email Spoofing](https://hackerone.com/reports/1180668) to Sifchain - 1 upvotes, $0 56 | 54. [Linux Desktop application "sifnoded" executable does not use Pie / no ASLR](https://hackerone.com/reports/1188633) to Sifchain - 1 upvotes, $0 57 | 55. [Vulnerable javascript dependency at Main domain](https://hackerone.com/reports/1188643) to Sifchain - 0 upvotes, $0 58 | 56. [SSH server due to Improper Signature Verification](https://hackerone.com/reports/1294043) to Sifchain - 0 upvotes, $0 59 | 57. [Email Spoofing bug](https://hackerone.com/reports/1176090) to Sifchain - 0 upvotes, $0 60 | 58. [Dependency Confusion Vulnerability in Sifnode Due to Unclaimed npm Packages.](https://hackerone.com/reports/1187816) to Sifchain - 0 upvotes, $0 61 | 59. [Signature Verification /// golang.org/x/crypto/ssh](https://hackerone.com/reports/1276384) to Sifchain - 0 upvotes, $0 62 | 60. [information disclosure](https://hackerone.com/reports/1218784) to Sifchain - 0 upvotes, $0 63 | 61. [clickjacking vulnerability](https://hackerone.com/reports/1199904) to Sifchain - 0 upvotes, $0 64 | 62. [ Clickjacking at sifchain.finance](https://hackerone.com/reports/1212595) to Sifchain - 0 upvotes, $0 65 | 63. [Wrong Url in Main page of sifchain.finance](https://hackerone.com/reports/1195512) to Sifchain - 0 upvotes, $0 66 | 64. [Wrong Implementation of Url in https://docs.sifchain.finance/](https://hackerone.com/reports/1198877) to Sifchain - 0 upvotes, $0 67 | 65. [Session Token in URL](https://hackerone.com/reports/1197078) to Sifchain - 0 upvotes, $0 68 | 66. [No Valid SPF Records at sifchain.finance](https://hackerone.com/reports/1188725) to Sifchain - 0 upvotes, $0 69 | 67. [Clickjacking /framing on sensitive Subdomain ](https://hackerone.com/reports/1195209) to Sifchain - 0 upvotes, $0 70 | 68. [Sifchain Privacy Policy Webpage Uses Wordpress Default Template. Does Not Display Correct Privacy Policy.](https://hackerone.com/reports/1196049) to Sifchain - 0 upvotes, $0 71 | 69. [Information Disclosure at one of your subdomain](https://hackerone.com/reports/1195423) to Sifchain - 0 upvotes, $0 72 | 70. [Design Issues at Main Domain](https://hackerone.com/reports/1188652) to Sifchain - 0 upvotes, $0 73 | 71. [Misconfiguration Certificate Authority Authorization Rule](https://hackerone.com/reports/1186740) to Sifchain - 0 upvotes, $0 74 | -------------------------------------------------------------------------------- /tops_by_program/TOPYAHOO!.md: -------------------------------------------------------------------------------- 1 | Top reports from Yahoo! program at HackerOne: 2 | 3 | 1. [Local File Include on marketing-dam.yahoo.com](https://hackerone.com/reports/7779) to Yahoo! - 19 upvotes, $2500 4 | 2. [Header injection on rmaitrack.ads.vip.bf1.yahoo.com](https://hackerone.com/reports/6322) to Yahoo! - 16 upvotes, $1000 5 | 3. [Cross-site scripting on the main page of flickr by tagging a user.](https://hackerone.com/reports/916) to Yahoo! - 13 upvotes, $2173 6 | 4. [Store XSS Flicker main page](https://hackerone.com/reports/940) to Yahoo! - 12 upvotes, $1960 7 | 5. [XSS Yahoo Messenger Via Calendar.Yahoo.Com ](https://hackerone.com/reports/914) to Yahoo! - 12 upvotes, $677 8 | 6. [REMOTE CODE EXECUTION/LOCAL FILE INCLUSION/XSPA/SSRF, view-source:http://sb*.geo.sp1.yahoo.com/, 4/6/14, #SpringClean](https://hackerone.com/reports/6674) to Yahoo! - 11 upvotes, $3000 9 | 7. [Loadbalancer + URI XSS #3](https://hackerone.com/reports/9703) to Yahoo! - 10 upvotes, $0 10 | 8. [readble .htaccess + Source Code Disclosure (+ .SVN repository)](https://hackerone.com/reports/7813) to Yahoo! - 8 upvotes, $250 11 | 9. [HK.Yahoo.Net Remote Command Execution](https://hackerone.com/reports/2127) to Yahoo! - 7 upvotes, $1276 12 | 10. [Bypass of the Clickjacking protection on Flickr using data URL in iframes](https://hackerone.com/reports/7264) to Yahoo! - 7 upvotes, $250 13 | 11. [From Unrestricted File Upload to Remote Command Execution](https://hackerone.com/reports/4836) to Yahoo! - 6 upvotes, $800 14 | 12. [HTML Injection on flickr screename using IOS App](https://hackerone.com/reports/1483) to Yahoo! - 6 upvotes, $800 15 | 13. [Information Disclosure ](https://hackerone.com/reports/1091) to Yahoo! - 6 upvotes, $0 16 | 14. [SQLi on http://sports.yahoo.com/nfl/draft](https://hackerone.com/reports/1538) to Yahoo! - 5 upvotes, $3705 17 | 15. [Directory Traversal ](https://hackerone.com/reports/1092) to Yahoo! - 5 upvotes, $0 18 | 16. [Local file inclusion ](https://hackerone.com/reports/1675) to Yahoo! - 4 upvotes, $1390 19 | 17. [Significant Information Disclosure/Load balancer access, http://extprodweb11.cc.gq1.yahoo.com/, 4/8/14, #SpringClean](https://hackerone.com/reports/6194) to Yahoo! - 4 upvotes, $500 20 | 18. [reflected XSS, http://extprodweb11.cc.gq1.yahoo.com/, 4/8/14, #SpringClean](https://hackerone.com/reports/6195) to Yahoo! - 4 upvotes, $300 21 | 19. [Java Applet Execution On Y! Messenger](https://hackerone.com/reports/933) to Yahoo! - 4 upvotes, $0 22 | 20. [ads.yahoo.com Unvalidate open url redirection](https://hackerone.com/reports/7731) to Yahoo! - 4 upvotes, $0 23 | 21. [Security.allowDomain("*") in SWFs on img.autos.yahoo.com allows data theft from Yahoo Mail (and others)](https://hackerone.com/reports/1171) to Yahoo! - 3 upvotes, $2500 24 | 22. [SQL Injection ON HK.Promotion](https://hackerone.com/reports/3039) to Yahoo! - 3 upvotes, $1000 25 | 23. [Flickr: Invitations disclosure (resend feature)](https://hackerone.com/reports/1533) to Yahoo! - 3 upvotes, $750 26 | 24. [https://caldav.calendar.yahoo.com/ - XSS (STORED) ](https://hackerone.com/reports/8281) to Yahoo! - 3 upvotes, $500 27 | 25. [invite1.us2.msg.vip.bf1.yahoo.com/ - CSRF/email disclosure](https://hackerone.com/reports/7608) to Yahoo! - 3 upvotes, $400 28 | 26. [XSS Vulnerability (my.yahoo.com)](https://hackerone.com/reports/4256) to Yahoo! - 3 upvotes, $250 29 | 27. [http://conf.member.yahoo.com configuration file disclosure](https://hackerone.com/reports/2598) to Yahoo! - 3 upvotes, $100 30 | 28. [In Fantasy Sports iOS app, signup page is requested over HTTP](https://hackerone.com/reports/2101) to Yahoo! - 3 upvotes, $0 31 | 29. [caesary.yahoo.net Blind Sql Injection](https://hackerone.com/reports/21899) to Yahoo! - 3 upvotes, $0 32 | 30. [Stored Cross Site Scripting Vulnerability in Yahoo Mail](https://hackerone.com/reports/4277) to Yahoo! - 3 upvotes, $0 33 | 31. [XSS in my yahoo](https://hackerone.com/reports/1203) to Yahoo! - 2 upvotes, $800 34 | 32. [information disclosure (LOAD BALANCER + URI XSS)](https://hackerone.com/reports/8284) to Yahoo! - 2 upvotes, $300 35 | 33. [XSS in Yahoo! Web Analytics](https://hackerone.com/reports/5442) to Yahoo! - 2 upvotes, $100 36 | 34. [Default /docs folder of PHPBB3 installation on gamesnet.yahoo.com](https://hackerone.com/reports/17506) to Yahoo! - 2 upvotes, $50 37 | 35. [ClickJacking on http://au.launch.yahoo.com](https://hackerone.com/reports/1229) to Yahoo! - 2 upvotes, $0 38 | 36. [Yahoo YQL Injection? ](https://hackerone.com/reports/1407) to Yahoo! - 2 upvotes, $0 39 | 37. [Open Redirect via Request-URI](https://hackerone.com/reports/15298) to Yahoo! - 2 upvotes, $0 40 | 38. [XSS using yql and developers console proxy](https://hackerone.com/reports/1011) to Yahoo! - 2 upvotes, $0 41 | 39. [Bypass of anti-SSRF defenses in YahooCacheSystem (affecting at least YQL and Pipes)](https://hackerone.com/reports/1066) to Yahoo! - 2 upvotes, $0 42 | 40. [XSS Reflected - Yahoo Travel](https://hackerone.com/reports/1553) to Yahoo! - 2 upvotes, $0 43 | 41. [Yahoo mail login page bruteforce protection bypass](https://hackerone.com/reports/2596) to Yahoo! - 2 upvotes, $0 44 | 42. [Clickjacking at surveylink.yahoo.com](https://hackerone.com/reports/3578) to Yahoo! - 2 upvotes, $0 45 | 43. [Almost all the subdomains are infected.](https://hackerone.com/reports/4359) to Yahoo! - 2 upvotes, $0 46 | 44. [http://us.rd.yahoo.com/](https://hackerone.com/reports/12035) to Yahoo! - 2 upvotes, $0 47 | 45. [XSS on Every sports.yahoo.com page](https://hackerone.com/reports/2168) to Yahoo! - 1 upvotes, $1500 48 | 46. [Server Side Request Forgery](https://hackerone.com/reports/4461) to Yahoo! - 1 upvotes, $500 49 | 47. [XSS in https://hk.user.auctions.yahoo.com](https://hackerone.com/reports/7266) to Yahoo! - 1 upvotes, $500 50 | 48. [Comment Spoofing at http://suggestions.yahoo.com/detail/?prop=directory&fid=97721](https://hackerone.com/reports/6665) to Yahoo! - 1 upvotes, $500 51 | 49. [Cross-origin issue on rmaiauth.ads.vip.bf1.yahoo.com](https://hackerone.com/reports/6268) to Yahoo! - 1 upvotes, $250 52 | 50. [Yahoo! Reflected XSS](https://hackerone.com/reports/18279) to Yahoo! - 1 upvotes, $250 53 | 51. [Vulnerability found, XSS (Cross site Scripting)](https://hackerone.com/reports/1258) to Yahoo! - 1 upvotes, $0 54 | 52. [HTML Code Injection ](https://hackerone.com/reports/1376) to Yahoo! - 1 upvotes, $0 55 | 53. [Yahoo open redirect using ad](https://hackerone.com/reports/2322) to Yahoo! - 1 upvotes, $0 56 | 54. [A csrf vulnerability which add and remove a favorite team from a user account.](https://hackerone.com/reports/1620) to Yahoo! - 1 upvotes, $0 57 | 55. [Insufficient validation of redirect URL on login page allows hijacking user name and password](https://hackerone.com/reports/2126) to Yahoo! - 1 upvotes, $0 58 | 56. [Reflected XSS in mail.yahoo.com](https://hackerone.com/reports/2240) to Yahoo! - 1 upvotes, $0 59 | 57. [Authentication bypass at fast.corp.yahoo.com](https://hackerone.com/reports/3577) to Yahoo! - 1 upvotes, $0 60 | 58. [Information Disclosure, groups.yahoo.com,6-april-2014, #SpringClean](https://hackerone.com/reports/5986) to Yahoo! - 1 upvotes, $0 61 | 59. [clickjacking on leaving group(flick)](https://hackerone.com/reports/7745) to Yahoo! - 1 upvotes, $0 62 | 60. [Yahoo! Messenger v11.5.0.228 emoticons.xml shortcut Value Handling Stack-Based Buffer Overflow](https://hackerone.com/reports/10767) to Yahoo! - 1 upvotes, $0 63 | 61. [Open Proxy, http://www.smushit.com/ysmush.it/, 4/09/14, #SpringClean](https://hackerone.com/reports/6704) to Yahoo! - 0 upvotes, $2000 64 | 62. [CSRF Token missing on http://baseball.fantasysports.yahoo.com/b1/127146/messages](https://hackerone.com/reports/6700) to Yahoo! - 0 upvotes, $400 65 | 63. [Infrastructure and Application Admin Interfaces (OWASP‐CM‐007)](https://hackerone.com/reports/11414) to Yahoo! - 0 upvotes, $250 66 | 64. [Yahoo Sports Fantasy Golf (Join Public Group)](https://hackerone.com/reports/16414) to Yahoo! - 0 upvotes, $200 67 | 65. [CSRF Token is missing on DELETE message option on http://baseball.fantasysports.yahoo.com/b1/127146/messages](https://hackerone.com/reports/6702) to Yahoo! - 0 upvotes, $200 68 | 66. [Testing for user enumeration (OWASP‐AT‐002) - https://gh.bouncer.login.yahoo.com](https://hackerone.com/reports/12708) to Yahoo! - 0 upvotes, $100 69 | 67. [Authorization issue on creative.yahoo.com](https://hackerone.com/reports/12685) to Yahoo! - 0 upvotes, $50 70 | 68. [Open redirect on tw.money.yahoo.com](https://hackerone.com/reports/4570) to Yahoo! - 0 upvotes, $0 71 | 69. [TESTING FOR REFLECTED CROSS SITE SCRIPTING (OWASP‐DV‐001)](https://hackerone.com/reports/12011) to Yahoo! - 0 upvotes, $0 72 | 70. [Multiple vulnerabilities](https://hackerone.com/reports/14248) to Yahoo! - 0 upvotes, $0 73 | 71. [URL Redirection](https://hackerone.com/reports/1429) to Yahoo! - 0 upvotes, $0 74 | 72. [clickjacking ](https://hackerone.com/reports/1207) to Yahoo! - 0 upvotes, $0 75 | 73. [Authentication Bypass in Yahoo Groups](https://hackerone.com/reports/1209) to Yahoo! - 0 upvotes, $0 76 | 74. [Open URL Redirection](https://hackerone.com/reports/4521) to Yahoo! - 0 upvotes, $0 77 | 75. [Out of date version](https://hackerone.com/reports/5221) to Yahoo! - 0 upvotes, $0 78 | 76. [Authentication Bypass due to Session Mismanagement](https://hackerone.com/reports/10912) to Yahoo! - 0 upvotes, $0 79 | -------------------------------------------------------------------------------- /tops_by_program/TOPVIMEO.md: -------------------------------------------------------------------------------- 1 | [Back](../README.md) 2 | 3 | Top reports from Vimeo program at HackerOne: 4 | 5 | 1. [SSRF leaking internal google cloud data through upload function [SSH Keys, etc..]](https://hackerone.com/reports/549882) to Vimeo - 229 upvotes, $5000 6 | 2. [Domain pointing to vimeo portfolio are prone to takeover using on-demand.](https://hackerone.com/reports/387307) to Vimeo - 69 upvotes, $1500 7 | 3. [Improper Authentication in Vimeo's API 'versions' endpoint.](https://hackerone.com/reports/328724) to Vimeo - 52 upvotes, $2000 8 | 4. [Reflected File Download (RFD) in download video](https://hackerone.com/reports/378941) to Vimeo - 52 upvotes, $700 9 | 5. [Watch any Password Video without password](https://hackerone.com/reports/155618) to Vimeo - 43 upvotes, $500 10 | 6. [Downloading password protected / restricted videos](https://hackerone.com/reports/145467) to Vimeo - 40 upvotes, $600 11 | 7. [All Vimeo Private videos disclosure via Authorization Bypass](https://hackerone.com/reports/137502) to Vimeo - 29 upvotes, $600 12 | 8. [OAuth 2 Authorization Bypass via CSRF and Cross Site Flashing](https://hackerone.com/reports/136582) to Vimeo - 28 upvotes, $1000 13 | 9. [Make API calls on behalf of another user (CSRF protection bypass)](https://hackerone.com/reports/44146) to Vimeo - 23 upvotes, $1000 14 | 10. [Disclosure of sensitive information through Google Cloud Storage bucket](https://hackerone.com/reports/176013) to Vimeo - 22 upvotes, $500 15 | 11. [XSS on vimeo.com/home after other user follows you](https://hackerone.com/reports/87854) to Vimeo - 16 upvotes, $1500 16 | 12. [Images and Subtitles Leakage from private videos](https://hackerone.com/reports/136850) to Vimeo - 16 upvotes, $125 17 | 13. [CSRF on Vimeo via cross site flashing leading to info disclosure and private videos go public](https://hackerone.com/reports/136481) to Vimeo - 14 upvotes, $750 18 | 14. [URGENT - Subdomain Takeover on status.vimeo.com due to unclaimed domain pointing to statuspage.io](https://hackerone.com/reports/49663) to Vimeo - 13 upvotes, $100 19 | 15. [Vimeo.com Insecure Direct Object References Reset Password](https://hackerone.com/reports/42587) to Vimeo - 8 upvotes, $5000 20 | 16. [Stored XSS on player.vimeo.com](https://hackerone.com/reports/85488) to Vimeo - 8 upvotes, $500 21 | 17. [[vimeopro.com] CRLF Injection](https://hackerone.com/reports/39181) to Vimeo - 6 upvotes, $500 22 | 18. [XSS when using captions/subtitles on video player based on Flash (requires user interaction)](https://hackerone.com/reports/88508) to Vimeo - 6 upvotes, $200 23 | 19. [Application XSS filter function Bypass may allow Multiple stored XSS](https://hackerone.com/reports/44217) to Vimeo - 6 upvotes, $100 24 | 20. [XSS on vimeo.com | "Search within these results" feature (requires user interaction)](https://hackerone.com/reports/88105) to Vimeo - 6 upvotes, $100 25 | 21. [Securing "Reset password" pages from bots](https://hackerone.com/reports/43807) to Vimeo - 6 upvotes, $0 26 | 22. [Adding profile picture to anyone on Vimeo](https://hackerone.com/reports/43617) to Vimeo - 5 upvotes, $1000 27 | 23. [Error page Text Injection.](https://hackerone.com/reports/130914) to Vimeo - 5 upvotes, $0 28 | 24. [XSS on mobile version of vimeo.com where the button "Follow" appears](https://hackerone.com/reports/88088) to Vimeo - 5 upvotes, $0 29 | 25. [XSS on player.vimeo.com without user interaction and vimeo.com with user interaction](https://hackerone.com/reports/96229) to Vimeo - 4 upvotes, $250 30 | 26. [Can message users without the proper authorization](https://hackerone.com/reports/46113) to Vimeo - 4 upvotes, $100 31 | 27. [XSS on any site that includes the moogaloop flash player | deprecated embed code ](https://hackerone.com/reports/44512) to Vimeo - 3 upvotes, $1000 32 | 28. [API: missing invalidation of OAuth2 Authorization Code during access revocation causes authorization bypass](https://hackerone.com/reports/57603) to Vimeo - 3 upvotes, $500 33 | 29. [Invite any user to your group without even following him](https://hackerone.com/reports/52707) to Vimeo - 3 upvotes, $250 34 | 30. [CRITICAL full source code/config disclosure for Cameo](https://hackerone.com/reports/43998) to Vimeo - 3 upvotes, $100 35 | 31. [Reflected XSS on vimeo.com/musicstore](https://hackerone.com/reports/85615) to Vimeo - 3 upvotes, $100 36 | 32. [Poodle bleed vulnerability in cloud sub domain](https://hackerone.com/reports/44202) to Vimeo - 3 upvotes, $0 37 | 33. [Insecure Direct Object References in https://vimeo.com/forums](https://hackerone.com/reports/52176) to Vimeo - 2 upvotes, $500 38 | 34. [subdomain takeover 1511493148.cloud.vimeo.com](https://hackerone.com/reports/46954) to Vimeo - 2 upvotes, $250 39 | 35. [Vimeo + & Vimeo PRO Unautorised Tax bypass](https://hackerone.com/reports/49561) to Vimeo - 2 upvotes, $250 40 | 36. [A user can add videos to other user's private groups](https://hackerone.com/reports/50786) to Vimeo - 2 upvotes, $250 41 | 37. [Insecure Direct Object References that allows to read any comment (even if it should be private)](https://hackerone.com/reports/52181) to Vimeo - 2 upvotes, $150 42 | 38. [Missing rate limit on private videos password](https://hackerone.com/reports/124564) to Vimeo - 2 upvotes, $0 43 | 39. [XSS in Subtitles of Vimeo Flash Player and Hubnut ](https://hackerone.com/reports/137023) to Vimeo - 2 upvotes, $0 44 | 40. [abusing Thumbnails(https://vimeo.com/upload/select_thumb) to see a private video](https://hackerone.com/reports/43850) to Vimeo - 1 upvotes, $1000 45 | 41. [A user can post comments on other user's private videos](https://hackerone.com/reports/50829) to Vimeo - 1 upvotes, $500 46 | 42. [Buying ondemand videos that 0.1 and sometimes for free ](https://hackerone.com/reports/43602) to Vimeo - 1 upvotes, $260 47 | 43. [Ability to Download Music Tracks Without Paying (Missing permission check on`/musicstore/download`)](https://hackerone.com/reports/43770) to Vimeo - 1 upvotes, $250 48 | 44. [A user can edit comments even after video comments are disabled](https://hackerone.com/reports/50776) to Vimeo - 1 upvotes, $250 49 | 45. [CRITICAL vulnerability - Insecure Direct Object Reference - Unauthorized access to `Videos` of Channel whose privacy is set to `Private`.](https://hackerone.com/reports/45960) to Vimeo - 1 upvotes, $250 50 | 46. [Post in private groups after getting removed](https://hackerone.com/reports/51817) to Vimeo - 1 upvotes, $250 51 | 47. [[URGENT ISSUE] Add or Delete the videos in watch later list of any user .](https://hackerone.com/reports/52982) to Vimeo - 1 upvotes, $250 52 | 48. [A user can enhance their videos with paid tracks without buying the track](https://hackerone.com/reports/50941) to Vimeo - 1 upvotes, $250 53 | 49. [Stored XSS on vimeo.com and player.vimeo.com](https://hackerone.com/reports/87577) to Vimeo - 1 upvotes, $200 54 | 50. [Vimeo Search - XSS Vulnerability [http://vimeo.com/search]](https://hackerone.com/reports/44798) to Vimeo - 1 upvotes, $100 55 | 51. [XSS on Vimeo](https://hackerone.com/reports/45484) to Vimeo - 1 upvotes, $100 56 | 52. [Private, embeddable videos leaks data through Facebook & Open Graph](https://hackerone.com/reports/121919) to Vimeo - 1 upvotes, $100 57 | 53. [USER PRIVACY VIOLATED (PRIVATE DATA GETTING TRANSFER OVER INSECURE CHANNEL ) ](https://hackerone.com/reports/44056) to Vimeo - 1 upvotes, $0 58 | 54. [CSRF bypass](https://hackerone.com/reports/45428) to Vimeo - 1 upvotes, $0 59 | 55. [Brute force on "vimeo" cookie](https://hackerone.com/reports/46109) to Vimeo - 1 upvotes, $0 60 | 56. [Full account takeover via Add a New Email to account without email verified and without password confirmation.](https://hackerone.com/reports/45084) to Vimeo - 1 upvotes, $0 61 | 57. [No Limitation on Following allows user to follow people automatically!](https://hackerone.com/reports/43846) to Vimeo - 1 upvotes, $0 62 | 58. [Share your channel to any user on vimeo without following him](https://hackerone.com/reports/52708) to Vimeo - 0 upvotes, $250 63 | 59. [APIs for channels allow HTML entities that may cause XSS issue](https://hackerone.com/reports/42702) to Vimeo - 0 upvotes, $100 64 | 60. [ftp upload of video allows naming that is not sanitized as the manual naming](https://hackerone.com/reports/45368) to Vimeo - 0 upvotes, $100 65 | 61. [Vimeo.com - reflected xss vulnerability](https://hackerone.com/reports/42584) to Vimeo - 0 upvotes, $100 66 | 62. [player.vimeo.com - Reflected XSS Vulnerability](https://hackerone.com/reports/43672) to Vimeo - 0 upvotes, $100 67 | 63. [Vimeo.com - Reflected XSS Vulnerability](https://hackerone.com/reports/42582) to Vimeo - 0 upvotes, $100 68 | 64. [Legacy API exposes private video titles](https://hackerone.com/reports/111386) to Vimeo - 0 upvotes, $100 69 | 65. [unvalid open authentication with facebook](https://hackerone.com/reports/44425) to Vimeo - 0 upvotes, $0 70 | 66. [Misconfigured crossdomain.xml - vimeo.com](https://hackerone.com/reports/43070) to Vimeo - 0 upvotes, $0 71 | 67. [profile photo update bypass ](https://hackerone.com/reports/43758) to Vimeo - 0 upvotes, $0 72 | 68. [Bypassing Email verification ](https://hackerone.com/reports/49304) to Vimeo - 0 upvotes, $0 73 | 69. [May cause account take over (Via invitation page)](https://hackerone.com/reports/56182) to Vimeo - 0 upvotes, $0 74 | 70. [Open Redirection Security Filter bypassed](https://hackerone.com/reports/44157) to Vimeo - 0 upvotes, $0 75 | 76 | 77 | [Back](../README.md) -------------------------------------------------------------------------------- /tops_by_program/TOPCONCRETE5.md: -------------------------------------------------------------------------------- 1 | Top reports from concrete5 program at HackerOne: 2 | 3 | 1. [Remote Code Execution (Reverse Shell) - File Manager](https://hackerone.com/reports/768322) to concrete5 - 111 upvotes, $0 4 | 2. [Time-base SQL Injection in Search Users](https://hackerone.com/reports/876800) to concrete5 - 54 upvotes, $0 5 | 3. [Password Reset link hijacking via Host Header Poisoning ](https://hackerone.com/reports/226659) to concrete5 - 51 upvotes, $0 6 | 4. [SVG file that HTML Included is able to upload via File Manager](https://hackerone.com/reports/437863) to concrete5 - 25 upvotes, $0 7 | 5. [XSS in select attribute options](https://hackerone.com/reports/753567) to concrete5 - 20 upvotes, $0 8 | 6. [SSRF thru File Replace](https://hackerone.com/reports/243865) to concrete5 - 17 upvotes, $0 9 | 7. [Reflected XSS vulnerability in Database name field on installation screen](https://hackerone.com/reports/289330) to concrete5 - 17 upvotes, $0 10 | 8. ['cnvID' parameter vulnerable to Insecure Direct Object References](https://hackerone.com/reports/265284) to concrete5 - 15 upvotes, $0 11 | 9. [Cross Site Scripting (XSS) Stored - Private messaging](https://hackerone.com/reports/768313) to concrete5 - 15 upvotes, $0 12 | 10. [Remote Code Execution through Extension Bypass on Log Functionality](https://hackerone.com/reports/841947) to concrete5 - 14 upvotes, $0 13 | 11. [Local File Inclusion path bypass](https://hackerone.com/reports/147570) to concrete5 - 13 upvotes, $0 14 | 12. [Stored XSS in Headline TextControl element in Express forms [ concrete5 8.1.0 ]](https://hackerone.com/reports/230278) to concrete5 - 12 upvotes, $0 15 | 13. [Unauthenticated reflected XSS in preview_as_user function](https://hackerone.com/reports/643442) to concrete5 - 12 upvotes, $0 16 | 14. [Bypass auth.email-domains](https://hackerone.com/reports/4795) to concrete5 - 9 upvotes, $0 17 | 15. [Local File Inclusion Vulnerability in Concrete5 version 5.7.3.1](https://hackerone.com/reports/59665) to concrete5 - 9 upvotes, $0 18 | 16. [CSRF Full Account Takeover](https://hackerone.com/reports/152052) to concrete5 - 9 upvotes, $0 19 | 17. [Stored XSS in Pages SEO dialog Name field (concrete5 8.1.0)](https://hackerone.com/reports/230029) to concrete5 - 9 upvotes, $0 20 | 18. [Stored XSS vulnerability in RSS Feeds Description field](https://hackerone.com/reports/248133) to concrete5 - 9 upvotes, $0 21 | 19. [Stored XSS in Private Messages 'Reply' allows to execute malicious JavaScript against any user while replying to the message which contains payload](https://hackerone.com/reports/247517) to concrete5 - 8 upvotes, $0 22 | 20. [HttpOnly flag not set for cookie on concrete5.org](https://hackerone.com/reports/4792) to concrete5 - 7 upvotes, $0 23 | 21. [Stored XSS in Express Objects - Concrete5 v8.1.0](https://hackerone.com/reports/221325) to concrete5 - 7 upvotes, $0 24 | 22. [Stored XSS vulnerability in additional URLs in 'Location' dialog [Sitemap]](https://hackerone.com/reports/251358) to concrete5 - 7 upvotes, $0 25 | 23. [Stored XSS on Add Event in Calendar](https://hackerone.com/reports/300532) to concrete5 - 7 upvotes, $0 26 | 24. [Stored XSS on Add Calendar](https://hackerone.com/reports/300571) to concrete5 - 7 upvotes, $0 27 | 25. [Stored XSS in the file search filter](https://hackerone.com/reports/873584) to concrete5 - 7 upvotes, $0 28 | 26. [Stored XSS in Name field in User Groups/Group Details form](https://hackerone.com/reports/247521) to concrete5 - 6 upvotes, $0 29 | 27. [Unauthenticated HTML Injection Stored - ContactUs form](https://hackerone.com/reports/768327) to concrete5 - 6 upvotes, $0 30 | 28. [Stored XSS on express entries](https://hackerone.com/reports/873474) to concrete5 - 5 upvotes, $0 31 | 29. [XSS in private message](https://hackerone.com/reports/4826) to concrete5 - 4 upvotes, $0 32 | 30. [XSS on [/concrete/concrete/elements/dashboard/sitemap.php]](https://hackerone.com/reports/6853) to concrete5 - 4 upvotes, $0 33 | 31. [Stored XSS in RSS Feeds Title (Concrete5 v8.1.0)](https://hackerone.com/reports/221380) to concrete5 - 4 upvotes, $0 34 | 32. [XSS IN member List (Because of City Textbox)](https://hackerone.com/reports/4839) to concrete5 - 3 upvotes, $0 35 | 33. [FULL PATH DISCLOSUR ](https://hackerone.com/reports/7736) to concrete5 - 3 upvotes, $0 36 | 34. [/index.php/dashboard/sitemap/explore/ Cross-site scripting](https://hackerone.com/reports/4808) to concrete5 - 2 upvotes, $0 37 | 35. [stored XSS in concrete5 5.7.2.1](https://hackerone.com/reports/38890) to concrete5 - 2 upvotes, $0 38 | 36. [SQL injection in conc/index.php/ccm/system/search/users/submit](https://hackerone.com/reports/38778) to concrete5 - 2 upvotes, $0 39 | 37. [Multiple Cross Site Request Forgery Vulnerabilities in Concrete5 version 5.7.3.1](https://hackerone.com/reports/59660) to concrete5 - 2 upvotes, $0 40 | 38. [Multiple Stored Cross Site Scripting Vulnerabilities in Concrete5 version 5.7.3.1](https://hackerone.com/reports/59662) to concrete5 - 2 upvotes, $0 41 | 39. [Content Spoofing possible in concrete5.org](https://hackerone.com/reports/168078) to concrete5 - 2 upvotes, $0 42 | 40. [Administrators can add other administrators](https://hackerone.com/reports/304642) to concrete5 - 2 upvotes, $0 43 | 41. [page_controls_menu_js can reveal collection version of page](https://hackerone.com/reports/4938) to concrete5 - 1 upvotes, $0 44 | 42. [https://concrete5.org ::: HeartBleed Attack (CVE-2014-0160)](https://hackerone.com/reports/6475) to concrete5 - 1 upvotes, $0 45 | 43. [dashboard/pages/types [Unknown column 'Array' in 'where clause'] disclosure.](https://hackerone.com/reports/4811) to concrete5 - 1 upvotes, $0 46 | 44. [CONCRETE5 - path disclosure.](https://hackerone.com/reports/4931) to concrete5 - 1 upvotes, $0 47 | 45. [broken authentication](https://hackerone.com/reports/23921) to concrete5 - 1 upvotes, $0 48 | 46. [Weak random number generator used in concrete/authentication/concrete/controller.php](https://hackerone.com/reports/31171) to concrete5 - 1 upvotes, $0 49 | 47. [Sendmail Remote Code Execution Vulnerability in Concrete5 version 5.7.3.1](https://hackerone.com/reports/59663) to concrete5 - 1 upvotes, $0 50 | 48. [No CSRF protection when creating new community points actions, and related stored XSS](https://hackerone.com/reports/65808) to concrete5 - 1 upvotes, $0 51 | 49. [Stored XSS in adding fileset](https://hackerone.com/reports/42248) to concrete5 - 1 upvotes, $0 52 | 50. [ProBlog 2.6.6 CSRF Exploit](https://hackerone.com/reports/133847) to concrete5 - 1 upvotes, $0 53 | 51. [Full Page Caching Stored XSS Vulnerability](https://hackerone.com/reports/148300) to concrete5 - 1 upvotes, $0 54 | 52. [Unsafe usage of Host HTTP header in Concrete5 version 5.7.3.1](https://hackerone.com/reports/59666) to concrete5 - 1 upvotes, $0 55 | 53. [Cross-Site Scripting in getMarketplacePurchaseFrame](https://hackerone.com/reports/6843) to concrete5 - 0 upvotes, $0 56 | 54. [XSS in Theme Preview Tools File](https://hackerone.com/reports/4777) to concrete5 - 0 upvotes, $0 57 | 55. [Stored XSS in concrete5 5.7.0.4.](https://hackerone.com/reports/30019) to concrete5 - 0 upvotes, $0 58 | 56. [Multiple Reflected Cross Site Scripting Vulnerabilities in Concrete5 version 5.7.3.1](https://hackerone.com/reports/59661) to concrete5 - 0 upvotes, $0 59 | 57. [SQL Injection Vulnerability in Concrete5 version 5.7.3.1](https://hackerone.com/reports/59664) to concrete5 - 0 upvotes, $0 60 | 58. [Stored XSS on Title of Page List in edit page list](https://hackerone.com/reports/50554) to concrete5 - 0 upvotes, $0 61 | 59. [Stored XSS on Search Title](https://hackerone.com/reports/50556) to concrete5 - 0 upvotes, $0 62 | 60. [Stored XSS in Contact Form](https://hackerone.com/reports/50564) to concrete5 - 0 upvotes, $0 63 | 61. [Stored XSS in Title of the topic List](https://hackerone.com/reports/50626) to concrete5 - 0 upvotes, $0 64 | 62. [Stored XSS in title of date navigation](https://hackerone.com/reports/50627) to concrete5 - 0 upvotes, $0 65 | 63. [Stored XSS in Feature tile ](https://hackerone.com/reports/50639) to concrete5 - 0 upvotes, $0 66 | 64. [Stored Xss in Feature Paragraph](https://hackerone.com/reports/50642) to concrete5 - 0 upvotes, $0 67 | 65. [Stored XSS in Testimonial name](https://hackerone.com/reports/50644) to concrete5 - 0 upvotes, $0 68 | 66. [Stored XSS in testimonial Company](https://hackerone.com/reports/50656) to concrete5 - 0 upvotes, $0 69 | 67. [Stored XSS in Testimonial Position](https://hackerone.com/reports/50645) to concrete5 - 0 upvotes, $0 70 | 68. [Stored XSS In Company URL](https://hackerone.com/reports/50662) to concrete5 - 0 upvotes, $0 71 | 69. [Stored XSS in Image Alt. Text](https://hackerone.com/reports/50782) to concrete5 - 0 upvotes, $0 72 | 70. [Stored XSS in Message to Display When No Pages Listed.](https://hackerone.com/reports/50780) to concrete5 - 0 upvotes, $0 73 | 71. [Stored XSS in Bio/Quote](https://hackerone.com/reports/50779) to concrete5 - 0 upvotes, $0 74 | 72. [Stored XSS on Blog's page Tile](https://hackerone.com/reports/50552) to concrete5 - 0 upvotes, $0 75 | 73. [Self Xss on File Replace](https://hackerone.com/reports/50481) to concrete5 - 0 upvotes, $0 76 | 74. [Multiple XSS Vulnerabilities in Concrete5 5.7.3.1](https://hackerone.com/reports/62294) to concrete5 - 0 upvotes, $0 77 | 75. [No csrf protection on index.php/ccm/system/user/add_group, index.php/ccm/system/user/remove_group](https://hackerone.com/reports/64184) to concrete5 - 0 upvotes, $0 78 | 76. [Host Header Injection allow HiJack Password Reset Link](https://hackerone.com/reports/301592) to concrete5 - 0 upvotes, $0 79 | -------------------------------------------------------------------------------- /tops_by_program/TOPCOINBASE.md: -------------------------------------------------------------------------------- 1 | Top reports from Coinbase program at HackerOne: 2 | 3 | 1. [Double Payout via PayPal](https://hackerone.com/reports/307239) to Coinbase - 261 upvotes, $10000 4 | 2. [Ethereum account balance manipulation](https://hackerone.com/reports/300748) to Coinbase - 251 upvotes, $10000 5 | 3. [ETH contract handling errors](https://hackerone.com/reports/328526) to Coinbase - 200 upvotes, $21000 6 | 4. [HTML injection in apps user review ](https://hackerone.com/reports/104543) to Coinbase - 25 upvotes, $200 7 | 5. [[buy.coinbase.com]Content Injection](https://hackerone.com/reports/218680) to Coinbase - 23 upvotes, $100 8 | 6. [Authentication Issue](https://hackerone.com/reports/176979) to Coinbase - 22 upvotes, $200 9 | 7. [Prepopulation of email address and name leaks information provided to other merchants](https://hackerone.com/reports/316290) to Coinbase - 15 upvotes, $250 10 | 8. [Stored CSS Injection](https://hackerone.com/reports/315865) to Coinbase - 15 upvotes, $100 11 | 9. [XSSI (Cross Site Script Inclusion)](https://hackerone.com/reports/118631) to Coinbase - 13 upvotes, $200 12 | 10. [Captcha Bypass in Coinbase SignUp Form](https://hackerone.com/reports/246801) to Coinbase - 13 upvotes, $100 13 | 11. [Requestor Email Disclosure via Email Notification](https://hackerone.com/reports/202361) to Coinbase - 13 upvotes, $0 14 | 12. [Application error message](https://hackerone.com/reports/147577) to Coinbase - 12 upvotes, $100 15 | 13. [Email leak in transcations in Android app](https://hackerone.com/reports/126376) to Coinbase - 11 upvotes, $500 16 | 14. [Bypassing 2FA for BTC transfers](https://hackerone.com/reports/10554) to Coinbase - 10 upvotes, $1000 17 | 15. [Blacklist bypass on Callback URLs](https://hackerone.com/reports/53004) to Coinbase - 10 upvotes, $100 18 | 16. [Coinbase Android Application - Bitcoin Wallet Leaks OAuth Response Code](https://hackerone.com/reports/5314) to Coinbase - 9 upvotes, $1000 19 | 17. [Session Issue Maybe Can lead to huge loss [CRITICAL]](https://hackerone.com/reports/112496) to Coinbase - 9 upvotes, $1000 20 | 18. [Stored-XSS in https://www.coinbase.com/](https://hackerone.com/reports/100829) to Coinbase - 8 upvotes, $5000 21 | 19. [OAuth authorization page vulnerable to clickjacking](https://hackerone.com/reports/65825) to Coinbase - 8 upvotes, $5000 22 | 20. [Information disclosure same issue #176002](https://hackerone.com/reports/248599) to Coinbase - 8 upvotes, $100 23 | 21. [Information disclosure of user by email using buy widget](https://hackerone.com/reports/176002) to Coinbase - 6 upvotes, $100 24 | 22. [Information leakage on https://docs.gdax.com](https://hackerone.com/reports/168509) to Coinbase - 6 upvotes, $100 25 | 23. [Content Injection error page](https://hackerone.com/reports/148952) to Coinbase - 6 upvotes, $0 26 | 24. [Coinbase Android Security Vulnerabilities](https://hackerone.com/reports/5786) to Coinbase - 5 upvotes, $100 27 | 25. [Create Multiple Account Using Similar X-CSRF token](https://hackerone.com/reports/155726) to Coinbase - 5 upvotes, $0 28 | 26. [coinbase Email leak while sending and requesting](https://hackerone.com/reports/168289) to Coinbase - 5 upvotes, $0 29 | 27. [window.opener is leaking to external domains upon redirect on Safari](https://hackerone.com/reports/160498) to Coinbase - 4 upvotes, $300 30 | 28. [User email enumuration using Gmail](https://hackerone.com/reports/90308) to Coinbase - 4 upvotes, $100 31 | 29. [Race condition allowing user to review app multiple times](https://hackerone.com/reports/106360) to Coinbase - 4 upvotes, $100 32 | 30. [No authorization required in iOS device web-application](https://hackerone.com/reports/148538) to Coinbase - 4 upvotes, $0 33 | 31. [The 'Create a New Account' action is vulnerable to CSRF](https://hackerone.com/reports/109810) to Coinbase - 4 upvotes, $0 34 | 32. [Leaking CSRF token over HTTP resulting in CSRF protection bypass](https://hackerone.com/reports/15412) to Coinbase - 3 upvotes, $1000 35 | 33. [Transactions visible on Unconfirmed devices](https://hackerone.com/reports/100186) to Coinbase - 3 upvotes, $500 36 | 34. [New Device confirmation tokens are not properly validated.](https://hackerone.com/reports/30238) to Coinbase - 3 upvotes, $100 37 | 35. [ByPassing the email Validation Email on Sign up process in mobile apps](https://hackerone.com/reports/57764) to Coinbase - 3 upvotes, $100 38 | 36. [No authorization required in Windows phone web-application](https://hackerone.com/reports/148537) to Coinbase - 3 upvotes, $0 39 | 37. [Open redirect on sign in ](https://hackerone.com/reports/231760) to Coinbase - 3 upvotes, $0 40 | 38. [Multiple Issues related to registering applications](https://hackerone.com/reports/5933) to Coinbase - 2 upvotes, $1000 41 | 39. [CSRF on "Set as primary" option on the accounts page](https://hackerone.com/reports/10563) to Coinbase - 2 upvotes, $100 42 | 40. [User's legal name could be changed despite front end controls being disabled](https://hackerone.com/reports/131192) to Coinbase - 2 upvotes, $100 43 | 41. [Window.opener bug at www.coinbase.com](https://hackerone.com/reports/181088) to Coinbase - 2 upvotes, $100 44 | 42. [Information Disclosure That shows the webroot of CoinBase Server](https://hackerone.com/reports/5073) to Coinbase - 2 upvotes, $0 45 | 43. [2FA settings allowed to be changed with no delay/freeze on funds](https://hackerone.com/reports/16696) to Coinbase - 2 upvotes, $0 46 | 44. [XXE in OAuth2 Applications gallery profile App logo](https://hackerone.com/reports/104620) to Coinbase - 2 upvotes, $0 47 | 45. [An adversary can overwhelm the resources by automating Forgot password/Sign Up requests](https://hackerone.com/reports/119605) to Coinbase - 2 upvotes, $0 48 | 46. [Invoice Details activate JS that filled in ](https://hackerone.com/reports/21034) to Coinbase - 1 upvotes, $1000 49 | 47. [Sandboxed iframes don't show confirmation screen](https://hackerone.com/reports/54733) to Coinbase - 1 upvotes, $1000 50 | 48. [Sending payments via QR code does not require confirmation](https://hackerone.com/reports/126784) to Coinbase - 1 upvotes, $1000 51 | 49. [Misconfiguration in 2 factor allows sensitive data expose](https://hackerone.com/reports/119129) to Coinbase - 1 upvotes, $500 52 | 50. [Direct URL access to completed reports](https://hackerone.com/reports/109815) to Coinbase - 1 upvotes, $200 53 | 51. [Credit Card Validation Issue](https://hackerone.com/reports/29234) to Coinbase - 1 upvotes, $100 54 | 52. [New Device Confirmation, token is valid until not used. ](https://hackerone.com/reports/36594) to Coinbase - 1 upvotes, $100 55 | 53. [OAUTH pemission set as true= lead to authorize malicious application](https://hackerone.com/reports/87561) to Coinbase - 1 upvotes, $100 56 | 54. [User Enumeration, Information Disclosure and Lack of Rate Limitation on API](https://hackerone.com/reports/5200) to Coinbase - 1 upvotes, $0 57 | 55. [Improper Validation of the Referrer header leading to Open URL Redirection](https://hackerone.com/reports/5199) to Coinbase - 1 upvotes, $0 58 | 56. [IFRAME loaded from External Domains ](https://hackerone.com/reports/5205) to Coinbase - 1 upvotes, $0 59 | 57. [Simultaneous Session Logon : Improper Session Management](https://hackerone.com/reports/11722) to Coinbase - 1 upvotes, $0 60 | 58. [Two-factor authentication (via SMS)](https://hackerone.com/reports/66223) to Coinbase - 1 upvotes, $0 61 | 59. [Balance Manipulation - BUG](https://hackerone.com/reports/94925) to Coinbase - 1 upvotes, $0 62 | 60. [Cookie not secure](https://hackerone.com/reports/140742) to Coinbase - 1 upvotes, $0 63 | 61. [Transaction Pending Via Ip Change ](https://hackerone.com/reports/143541) to Coinbase - 1 upvotes, $0 64 | 62. [X-Frame-Options](https://hackerone.com/reports/237071) to Coinbase - 1 upvotes, $0 65 | 63. [Csrf bug on signup session](https://hackerone.com/reports/230428) to Coinbase - 1 upvotes, $0 66 | 64. [New Device Confirmation Bug](https://hackerone.com/reports/266288) to Coinbase - 1 upvotes, $0 67 | 65. [User provided values passed to PHP unset() function](https://hackerone.com/reports/292500) to Coinbase - 1 upvotes, $0 68 | 66. [Big Bug with Vault which i have already reported: Case #606962](https://hackerone.com/reports/65084) to Coinbase - 0 upvotes, $5000 69 | 67. [2 factor authentication design flaw](https://hackerone.com/reports/7369) to Coinbase - 0 upvotes, $100 70 | 68. [CSRF in function "Set as primary" on accounts page](https://hackerone.com/reports/10829) to Coinbase - 0 upvotes, $100 71 | 69. [open authentication bug](https://hackerone.com/reports/48065) to Coinbase - 0 upvotes, $100 72 | 70. [SPF records not found](https://hackerone.com/reports/92740) to Coinbase - 0 upvotes, $100 73 | 71. [ Cookie missing the HttpOnly flag ](https://hackerone.com/reports/5204) to Coinbase - 0 upvotes, $0 74 | 72. [iframes considered harmful](https://hackerone.com/reports/55827) to Coinbase - 0 upvotes, $0 75 | 73. [Potential for Double Spend via Sign Message Utility](https://hackerone.com/reports/106315) to Coinbase - 0 upvotes, $0 76 | 74. [Runtime manipulation iOS app breaking the PIN](https://hackerone.com/reports/80512) to Coinbase - 0 upvotes, $0 77 | 75. [Device confirmation Flaw](https://hackerone.com/reports/254869) to Coinbase - 0 upvotes, $0 78 | 76. [CSRF bug on password change](https://hackerone.com/reports/230436) to Coinbase - 0 upvotes, $0 79 | 77. [Information disclosue in Android Application](https://hackerone.com/reports/201855) to Coinbase - 0 upvotes, $0 80 | 78. [ Information disclosure in coinbase android app](https://hackerone.com/reports/192197) to Coinbase - 0 upvotes, $0 81 | 79. [Inaccurate Payment receipt ](https://hackerone.com/reports/121417) to Coinbase - 0 upvotes, $0 82 | 80. [User provided values trusted in sensitive actions](https://hackerone.com/reports/327867) to Coinbase - 0 upvotes, $0 83 | -------------------------------------------------------------------------------- /tops_by_program/TOPVERIZONMEDIA.md: -------------------------------------------------------------------------------- 1 | Top reports from Verizon Media program at HackerOne: 2 | 3 | 1. [Local File Include on marketing-dam.yahoo.com](https://hackerone.com/reports/7779) to Verizon Media - 16 upvotes, $2500 4 | 2. [Header injection on rmaitrack.ads.vip.bf1.yahoo.com](https://hackerone.com/reports/6322) to Verizon Media - 15 upvotes, $1000 5 | 3. [Cross-site scripting on the main page of flickr by tagging a user.](https://hackerone.com/reports/916) to Verizon Media - 12 upvotes, $2173 6 | 4. [Store XSS Flicker main page](https://hackerone.com/reports/940) to Verizon Media - 12 upvotes, $1960 7 | 5. [XSS Yahoo Messenger Via Calendar.Yahoo.Com ](https://hackerone.com/reports/914) to Verizon Media - 12 upvotes, $677 8 | 6. [REMOTE CODE EXECUTION/LOCAL FILE INCLUSION/XSPA/SSRF, view-source:http://sb*.geo.sp1.yahoo.com/, 4/6/14, #SpringClean](https://hackerone.com/reports/6674) to Verizon Media - 10 upvotes, $3000 9 | 7. [Loadbalancer + URI XSS #3](https://hackerone.com/reports/9703) to Verizon Media - 9 upvotes, $0 10 | 8. [readble .htaccess + Source Code Disclosure (+ .SVN repository)](https://hackerone.com/reports/7813) to Verizon Media - 8 upvotes, $250 11 | 9. [HK.Yahoo.Net Remote Command Execution](https://hackerone.com/reports/2127) to Verizon Media - 7 upvotes, $1276 12 | 10. [From Unrestricted File Upload to Remote Command Execution](https://hackerone.com/reports/4836) to Verizon Media - 6 upvotes, $800 13 | 11. [SQLi on http://sports.yahoo.com/nfl/draft](https://hackerone.com/reports/1538) to Verizon Media - 5 upvotes, $3705 14 | 12. [HTML Injection on flickr screename using IOS App](https://hackerone.com/reports/1483) to Verizon Media - 5 upvotes, $800 15 | 13. [Bypass of the Clickjacking protection on Flickr using data URL in iframes](https://hackerone.com/reports/7264) to Verizon Media - 5 upvotes, $250 16 | 14. [Information Disclosure ](https://hackerone.com/reports/1091) to Verizon Media - 5 upvotes, $0 17 | 15. [Local file inclusion ](https://hackerone.com/reports/1675) to Verizon Media - 4 upvotes, $1390 18 | 16. [Significant Information Disclosure/Load balancer access, http://extprodweb11.cc.gq1.yahoo.com/, 4/8/14, #SpringClean](https://hackerone.com/reports/6194) to Verizon Media - 4 upvotes, $500 19 | 17. [reflected XSS, http://extprodweb11.cc.gq1.yahoo.com/, 4/8/14, #SpringClean](https://hackerone.com/reports/6195) to Verizon Media - 4 upvotes, $300 20 | 18. [ads.yahoo.com Unvalidate open url redirection](https://hackerone.com/reports/7731) to Verizon Media - 4 upvotes, $0 21 | 19. [Security.allowDomain("*") in SWFs on img.autos.yahoo.com allows data theft from Yahoo Mail (and others)](https://hackerone.com/reports/1171) to Verizon Media - 3 upvotes, $2500 22 | 20. [SQL Injection ON HK.Promotion](https://hackerone.com/reports/3039) to Verizon Media - 3 upvotes, $1000 23 | 21. [Flickr: Invitations disclosure (resend feature)](https://hackerone.com/reports/1533) to Verizon Media - 3 upvotes, $750 24 | 22. [https://caldav.calendar.yahoo.com/ - XSS (STORED) ](https://hackerone.com/reports/8281) to Verizon Media - 3 upvotes, $500 25 | 23. [invite1.us2.msg.vip.bf1.yahoo.com/ - CSRF/email disclosure](https://hackerone.com/reports/7608) to Verizon Media - 3 upvotes, $400 26 | 24. [XSS Vulnerability (my.yahoo.com)](https://hackerone.com/reports/4256) to Verizon Media - 3 upvotes, $250 27 | 25. [http://conf.member.yahoo.com configuration file disclosure](https://hackerone.com/reports/2598) to Verizon Media - 3 upvotes, $100 28 | 26. [Java Applet Execution On Y! Messenger](https://hackerone.com/reports/933) to Verizon Media - 3 upvotes, $0 29 | 27. [Directory Traversal ](https://hackerone.com/reports/1092) to Verizon Media - 3 upvotes, $0 30 | 28. [XSS in my yahoo](https://hackerone.com/reports/1203) to Verizon Media - 2 upvotes, $800 31 | 29. [information disclosure (LOAD BALANCER + URI XSS)](https://hackerone.com/reports/8284) to Verizon Media - 2 upvotes, $300 32 | 30. [XSS in Yahoo! Web Analytics](https://hackerone.com/reports/5442) to Verizon Media - 2 upvotes, $100 33 | 31. [Default /docs folder of PHPBB3 installation on gamesnet.yahoo.com](https://hackerone.com/reports/17506) to Verizon Media - 2 upvotes, $50 34 | 32. [In Fantasy Sports iOS app, signup page is requested over HTTP](https://hackerone.com/reports/2101) to Verizon Media - 2 upvotes, $0 35 | 33. [caesary.yahoo.net Blind Sql Injection](https://hackerone.com/reports/21899) to Verizon Media - 2 upvotes, $0 36 | 34. [Open Redirect via Request-URI](https://hackerone.com/reports/15298) to Verizon Media - 2 upvotes, $0 37 | 35. [XSS using yql and developers console proxy](https://hackerone.com/reports/1011) to Verizon Media - 2 upvotes, $0 38 | 36. [Bypass of anti-SSRF defenses in YahooCacheSystem (affecting at least YQL and Pipes)](https://hackerone.com/reports/1066) to Verizon Media - 2 upvotes, $0 39 | 37. [XSS Reflected - Yahoo Travel](https://hackerone.com/reports/1553) to Verizon Media - 2 upvotes, $0 40 | 38. [Yahoo mail login page bruteforce protection bypass](https://hackerone.com/reports/2596) to Verizon Media - 2 upvotes, $0 41 | 39. [Clickjacking at surveylink.yahoo.com](https://hackerone.com/reports/3578) to Verizon Media - 2 upvotes, $0 42 | 40. [Stored Cross Site Scripting Vulnerability in Yahoo Mail](https://hackerone.com/reports/4277) to Verizon Media - 2 upvotes, $0 43 | 41. [Almost all the subdomains are infected.](https://hackerone.com/reports/4359) to Verizon Media - 2 upvotes, $0 44 | 42. [http://us.rd.yahoo.com/](https://hackerone.com/reports/12035) to Verizon Media - 2 upvotes, $0 45 | 43. [XSS on Every sports.yahoo.com page](https://hackerone.com/reports/2168) to Verizon Media - 1 upvotes, $1500 46 | 44. [Server Side Request Forgery](https://hackerone.com/reports/4461) to Verizon Media - 1 upvotes, $500 47 | 45. [XSS in https://hk.user.auctions.yahoo.com](https://hackerone.com/reports/7266) to Verizon Media - 1 upvotes, $500 48 | 46. [Comment Spoofing at http://suggestions.yahoo.com/detail/?prop=directory&fid=97721](https://hackerone.com/reports/6665) to Verizon Media - 1 upvotes, $500 49 | 47. [Cross-origin issue on rmaiauth.ads.vip.bf1.yahoo.com](https://hackerone.com/reports/6268) to Verizon Media - 1 upvotes, $250 50 | 48. [Yahoo! Reflected XSS](https://hackerone.com/reports/18279) to Verizon Media - 1 upvotes, $250 51 | 49. [ClickJacking on http://au.launch.yahoo.com](https://hackerone.com/reports/1229) to Verizon Media - 1 upvotes, $0 52 | 50. [Yahoo YQL Injection? ](https://hackerone.com/reports/1407) to Verizon Media - 1 upvotes, $0 53 | 51. [Yahoo open redirect using ad](https://hackerone.com/reports/2322) to Verizon Media - 1 upvotes, $0 54 | 52. [A csrf vulnerability which add and remove a favorite team from a user account.](https://hackerone.com/reports/1620) to Verizon Media - 1 upvotes, $0 55 | 53. [Insufficient validation of redirect URL on login page allows hijacking user name and password](https://hackerone.com/reports/2126) to Verizon Media - 1 upvotes, $0 56 | 54. [Reflected XSS in mail.yahoo.com](https://hackerone.com/reports/2240) to Verizon Media - 1 upvotes, $0 57 | 55. [Authentication bypass at fast.corp.yahoo.com](https://hackerone.com/reports/3577) to Verizon Media - 1 upvotes, $0 58 | 56. [Information Disclosure, groups.yahoo.com,6-april-2014, #SpringClean](https://hackerone.com/reports/5986) to Verizon Media - 1 upvotes, $0 59 | 57. [clickjacking on leaving group(flick)](https://hackerone.com/reports/7745) to Verizon Media - 1 upvotes, $0 60 | 58. [Yahoo! Messenger v11.5.0.228 emoticons.xml shortcut Value Handling Stack-Based Buffer Overflow](https://hackerone.com/reports/10767) to Verizon Media - 1 upvotes, $0 61 | 59. [Open Proxy, http://www.smushit.com/ysmush.it/, 4/09/14, #SpringClean](https://hackerone.com/reports/6704) to Verizon Media - 0 upvotes, $2000 62 | 60. [CSRF Token missing on http://baseball.fantasysports.yahoo.com/b1/127146/messages](https://hackerone.com/reports/6700) to Verizon Media - 0 upvotes, $400 63 | 61. [Infrastructure and Application Admin Interfaces (OWASP‐CM‐007)](https://hackerone.com/reports/11414) to Verizon Media - 0 upvotes, $250 64 | 62. [Yahoo Sports Fantasy Golf (Join Public Group)](https://hackerone.com/reports/16414) to Verizon Media - 0 upvotes, $200 65 | 63. [CSRF Token is missing on DELETE message option on http://baseball.fantasysports.yahoo.com/b1/127146/messages](https://hackerone.com/reports/6702) to Verizon Media - 0 upvotes, $200 66 | 64. [Testing for user enumeration (OWASP‐AT‐002) - https://gh.bouncer.login.yahoo.com](https://hackerone.com/reports/12708) to Verizon Media - 0 upvotes, $100 67 | 65. [Authorization issue on creative.yahoo.com](https://hackerone.com/reports/12685) to Verizon Media - 0 upvotes, $50 68 | 66. [Vulnerability found, XSS (Cross site Scripting)](https://hackerone.com/reports/1258) to Verizon Media - 0 upvotes, $0 69 | 67. [HTML Code Injection ](https://hackerone.com/reports/1376) to Verizon Media - 0 upvotes, $0 70 | 68. [Open redirect on tw.money.yahoo.com](https://hackerone.com/reports/4570) to Verizon Media - 0 upvotes, $0 71 | 69. [TESTING FOR REFLECTED CROSS SITE SCRIPTING (OWASP‐DV‐001)](https://hackerone.com/reports/12011) to Verizon Media - 0 upvotes, $0 72 | 70. [Multiple vulnerabilities](https://hackerone.com/reports/14248) to Verizon Media - 0 upvotes, $0 73 | 71. [URL Redirection](https://hackerone.com/reports/1429) to Verizon Media - 0 upvotes, $0 74 | 72. [clickjacking ](https://hackerone.com/reports/1207) to Verizon Media - 0 upvotes, $0 75 | 73. [Authentication Bypass in Yahoo Groups](https://hackerone.com/reports/1209) to Verizon Media - 0 upvotes, $0 76 | 74. [Open URL Redirection](https://hackerone.com/reports/4521) to Verizon Media - 0 upvotes, $0 77 | 75. [Out of date version](https://hackerone.com/reports/5221) to Verizon Media - 0 upvotes, $0 78 | 76. [Authentication Bypass due to Session Mismanagement](https://hackerone.com/reports/10912) to Verizon Media - 0 upvotes, $0 79 | -------------------------------------------------------------------------------- /tops_by_bug_type/TOPOAUTH.md: -------------------------------------------------------------------------------- 1 | Top OAuth reports from HackerOne: 2 | 3 | 1. [Shopify Stocky App OAuth Misconfiguration](https://hackerone.com/reports/740989) to Shopify - 513 upvotes, $5000 4 | 2. [Chained Bugs to Leak Victim's Uber's FB Oauth Token](https://hackerone.com/reports/202781) to Uber - 388 upvotes, $7500 5 | 3. [Insufficient OAuth callback validation which leads to Periscope account takeover](https://hackerone.com/reports/110293) to Twitter - 258 upvotes, $5040 6 | 4. [Ability to bypass email verification for OAuth grants results in accounts takeovers on 3rd parties](https://hackerone.com/reports/922456) to GitLab - 219 upvotes, $3000 7 | 5. [Unauthenticated blind SSRF in OAuth Jira authorization controller](https://hackerone.com/reports/398799) to GitLab - 218 upvotes, $4000 8 | 6. [OAuth `redirect_uri` bypass using IDN homograph attack resulting in user's access token leakage](https://hackerone.com/reports/861940) to Semrush - 218 upvotes, $1000 9 | 7. [Stealing Facebook OAuth Code Through Screenshot viewer](https://hackerone.com/reports/488269) to Rockstar Games - 192 upvotes, $750 10 | 8. [Referer Leakage Vulnerability in socialclub.rockstargames.com/crew/ leads to FB'S OAuth token theft.](https://hackerone.com/reports/787160) to Rockstar Games - 106 upvotes, $750 11 | 9. [User account compromised authentication bypass via oauth token impersonation](https://hackerone.com/reports/739321) to Picsart - 91 upvotes, $0 12 | 10. [Incorrect details on OAuth permissions screen allows DMs to be read without permission](https://hackerone.com/reports/434763) to Twitter - 71 upvotes, $2940 13 | 11. [Facebook OAuth Code Theft through referer leakage on support.rockstargames.com](https://hackerone.com/reports/482743) to Rockstar Games - 67 upvotes, $750 14 | 12. [CSRF on Periscope Web OAuth authorization endpoint ](https://hackerone.com/reports/215381) to Twitter - 63 upvotes, $2520 15 | 13. [Stealing Users OAuth Tokens through redirect_uri parameter](https://hackerone.com/reports/665651) to GSA Bounty - 51 upvotes, $750 16 | 14. [Misconfigured oauth leads to Pre account takeover ](https://hackerone.com/reports/1074047) to Bumble - 50 upvotes, $300 17 | 15. [[auth2.zomato.com] Reflected XSS at `oauth2/fallbacks/error` | ORY Hydra an OAuth 2.0 and OpenID Connect Provider](https://hackerone.com/reports/456333) to Zomato - 44 upvotes, $250 18 | 16. [Ability to bypass social OAuth and take over any account [d2c-api]](https://hackerone.com/reports/729960) to Genasys Technologies - 40 upvotes, $0 19 | 17. [Gitlab Oauth Misconfiguration Lead To Account Takeover ](https://hackerone.com/reports/541701) to Vercel - 39 upvotes, $0 20 | 18. [Oauth flow on the comments widget login can lead to the access code leakage](https://hackerone.com/reports/292783) to Ed - 38 upvotes, $0 21 | 19. [Stealing Users OAUTH Tokens via redirect_uri ](https://hackerone.com/reports/405100) to BOHEMIA INTERACTIVE a.s. - 38 upvotes, $0 22 | 20. [Mattermost Server OAuth Flow Cross-Site Scripting](https://hackerone.com/reports/1216203) to Mattermost - 37 upvotes, $900 23 | 21. [Broken OAuth leads to change photo profile users .](https://hackerone.com/reports/642475) to Dropbox - 37 upvotes, $512 24 | 22. [Race Conditions in OAuth 2 API implementations](https://hackerone.com/reports/55140) to Internet Bug Bounty - 35 upvotes, $2500 25 | 23. [Smuggle SocialClub's Facebook OAuth Code via Referer Leakage](https://hackerone.com/reports/342709) to Rockstar Games - 35 upvotes, $750 26 | 24. [Twitter iOS fails to validate server certificate and sends oauth token](https://hackerone.com/reports/168538) to Twitter - 34 upvotes, $2100 27 | 25. [Open Redirect on Gitllab Oauth leading to Acount Takeover](https://hackerone.com/reports/677617) to Vercel - 34 upvotes, $0 28 | 26. [`account_info.read` scope OAuth app access token can change token owner's account name.](https://hackerone.com/reports/1031240) to Dropbox - 33 upvotes, $1728 29 | 27. [Image Injection vulnerability on screenshot-viewer/responsive/image may allow Facebook OAuth token theft.](https://hackerone.com/reports/655288) to Rockstar Games - 32 upvotes, $500 30 | 28. [User session access due to Oauth whitelist host bypass and postMessage](https://hackerone.com/reports/875938) to Mail.ru - 30 upvotes, $0 31 | 29. [OAuth 2 Authorization Bypass via CSRF and Cross Site Flashing](https://hackerone.com/reports/136582) to Vimeo - 28 upvotes, $1000 32 | 30. [Debug information disclosure on oauth-redirector.services.greenhouse.io](https://hackerone.com/reports/315205) to Greenhouse.io - 28 upvotes, $100 33 | 31. [Open Redirect through POST Request in OAuth](https://hackerone.com/reports/1129761) to Moneybird - 27 upvotes, $50 34 | 32. [[Critical] - Steal OAuth Tokens](https://hackerone.com/reports/131202) to Twitter - 24 upvotes, $840 35 | 33. [XSS in OAuth Redirect Url](https://hackerone.com/reports/163707) to Dropbox - 21 upvotes, $0 36 | 34. [Open redirect in https://www.rockstargames.com/GTAOnline/restricted-content/agegate/form may lead to Facebook OAuth token theft](https://hackerone.com/reports/798121) to Rockstar Games - 19 upvotes, $750 37 | 35. [Account takeover via Pornhub Oauth](https://hackerone.com/reports/192648) to YouPorn - 17 upvotes, $1000 38 | 36. [[qiwi.com] Oauth захват аккаунта](https://hackerone.com/reports/159507) to QIWI - 17 upvotes, $950 39 | 37. [XSS on OAuth authorize/authenticate endpoint](https://hackerone.com/reports/87040) to Twitter - 16 upvotes, $2520 40 | 38. [Insecure OAuth redirection at [admin.8x8.vc]](https://hackerone.com/reports/770548) to 8x8 - 16 upvotes, $0 41 | 39. [SocialClub's Facebook OAuth Theft through Warehouse XSS.](https://hackerone.com/reports/316948) to Rockstar Games - 13 upvotes, $750 42 | 40. [configure a redirect URI for Facebook OAuth](https://hackerone.com/reports/140432) to Gratipay - 13 upvotes, $10 43 | 41. [Image Injection on www.rockstargames.com/screenshot-viewer/responsive/image may allow facebook oauth token theft.](https://hackerone.com/reports/497655) to Rockstar Games - 11 upvotes, $500 44 | 42. [leaking Digits OAuth authorization to third party websites](https://hackerone.com/reports/166942) to Twitter - 10 upvotes, $560 45 | 43. [Stored XSS in OAuth redirect URI ](https://hackerone.com/reports/261138) to Nextcloud - 10 upvotes, $0 46 | 44. [Coinbase Android Application - Bitcoin Wallet Leaks OAuth Response Code](https://hackerone.com/reports/5314) to Coinbase - 9 upvotes, $1000 47 | 45. [Open redirection in OAuth](https://hackerone.com/reports/55525) to Shopify - 9 upvotes, $500 48 | 46. [Open redirection in OAuth](https://hackerone.com/reports/405697) to Shopify - 9 upvotes, $0 49 | 47. [OAuth authorization page vulnerable to clickjacking](https://hackerone.com/reports/65825) to Coinbase - 8 upvotes, $5000 50 | 48. [Image Injection on `/bully/anniversaryedition` may lead to FB's OAuth Token Theft.](https://hackerone.com/reports/659784) to Rockstar Games - 8 upvotes, $500 51 | 49. [Race Condition in Oauth 2.0 flow can lead to malicious applications create multiple valid sessions](https://hackerone.com/reports/699112) to Razer - 8 upvotes, $250 52 | 50. [Bug in OAuth Success Redirect URI Validation](https://hackerone.com/reports/753547) to Polymail, Inc. - 6 upvotes, $0 53 | 51. [Image Injection vulnerability affecting www.rockstargames.com/careers may lead to Facebook OAuth Theft](https://hackerone.com/reports/491654) to Rockstar Games - 5 upvotes, $500 54 | 52. [OAuth Stealing Attack (New)](https://hackerone.com/reports/3930) to Phabricator - 5 upvotes, $400 55 | 53. [Wordpress.com REST API oauth bypass via Cross Site Flashing](https://hackerone.com/reports/176308) to Automattic - 5 upvotes, $150 56 | 54. [Image Injection on /bully/anniversaryedition may lead to OAuth token theft.](https://hackerone.com/reports/498358) to Rockstar Games - 4 upvotes, $500 57 | 55. [Registration bypass using OAuth logical bug](https://hackerone.com/reports/64946) to Legal Robot - 4 upvotes, $40 58 | 56. [XSS in uber oauth](https://hackerone.com/reports/131052) to Uber - 4 upvotes, $0 59 | 57. [API OAuth Public Key disclosure in mobile app](https://hackerone.com/reports/160120) to Instacart - 4 upvotes, $0 60 | 58. [Oauth Misconfiguration Lead To Account Takeover](https://hackerone.com/reports/1212374) to Reddit - 4 upvotes, $0 61 | 59. [Image injection /br/games/info may lead to phishing attacks or FB OAuth theft.](https://hackerone.com/reports/510388) to Rockstar Games - 3 upvotes, $500 62 | 60. [OAuth access_token stealing in Phabricator](https://hackerone.com/reports/3596) to Phabricator - 3 upvotes, $450 63 | 61. [Login CSRF using Twitter OAuth](https://hackerone.com/reports/2228) to Phabricator - 3 upvotes, $300 64 | 62. [Broken Authentication (including Slack OAuth bugs)](https://hackerone.com/reports/2559) to Slack - 3 upvotes, $100 65 | 63. [Problem with OAuth](https://hackerone.com/reports/46485) to Twitter - 2 upvotes, $1260 66 | 64. [Attach Pinterest account - no State/CSRF parameter in Oauth Call back](https://hackerone.com/reports/111218) to Shopify - 2 upvotes, $500 67 | 65. [Flaw in login with twitter to steal Oauth tokens](https://hackerone.com/reports/44492) to Twitter - 2 upvotes, $140 68 | 66. [OAUTH pemission set as true= lead to authorize malicious application](https://hackerone.com/reports/87561) to Coinbase - 1 upvotes, $100 69 | 67. [Cryptographic Side Channel in OAuth Library](https://hackerone.com/reports/31168) to WP API - 1 upvotes, $50 70 | 68. [State parameter missing on google OAuth](https://hackerone.com/reports/2688) to Slack - 1 upvotes, $0 71 | 69. [OAuth Bug](https://hackerone.com/reports/9460) to Respondly - 1 upvotes, $0 72 | 70. [Login CSRF using Twitter oauth](https://hackerone.com/reports/13555) to Factlink - 1 upvotes, $0 73 | 71. [Social Oauth Disconnect CSRF at znakcup.ru](https://hackerone.com/reports/1074869) to Mail.ru - 1 upvotes, $0 74 | 72. [OAuth open redirect](https://hackerone.com/reports/7900) to Respondly - 0 upvotes, $0 75 | 73. [oauth redirect uri validation bug leads to open redirect and account compromise](https://hackerone.com/reports/20661) to WePay - 0 upvotes, $0 76 | 74. [Login CSRF using Google OAuth](https://hackerone.com/reports/118737) to ThisData - 0 upvotes, $0 77 | -------------------------------------------------------------------------------- /tops_by_program/TOPVALVE.md: -------------------------------------------------------------------------------- 1 | Top reports from Valve program at HackerOne: 2 | 3 | 1. [RCE on Steam Client via buffer overflow in Server Info](https://hackerone.com/reports/470520) to Valve - 1251 upvotes, $18000 4 | 2. [Getting all the CD keys of any game](https://hackerone.com/reports/391217) to Valve - 598 upvotes, $20000 5 | 3. [XSS in steam react chat client](https://hackerone.com/reports/409850) to Valve - 448 upvotes, $7500 6 | 4. [Panorama UI XSS leads to Remote Code Execution via Kick/Disconnect Message](https://hackerone.com/reports/631956) to Valve - 406 upvotes, $9000 7 | 5. [Modify in-flight data to payment provider Smart2Pay](https://hackerone.com/reports/1295844) to Valve - 374 upvotes, $7500 8 | 6. [SQL Injection in report_xml.php through countryFilter[] parameter](https://hackerone.com/reports/383127) to Valve - 344 upvotes, $25000 9 | 7. [Malformed .BMP file in Counter-Strike 1.6 may cause shellcode injection](https://hackerone.com/reports/397545) to Valve - 317 upvotes, $2000 10 | 8. [Malformed NAV file leads to buffer overflow and code execution in Left4Dead2.exe](https://hackerone.com/reports/542180) to Valve - 261 upvotes, $10000 11 | 9. [Unchecked weapon id in WeaponList message parser on client leads to RCE](https://hackerone.com/reports/513154) to Valve - 224 upvotes, $3000 12 | 10. [OOB reads in network message handlers leads to RCE](https://hackerone.com/reports/807772) to Valve - 203 upvotes, $7500 13 | 11. [RCE on CS:GO client using unsanitized entity ID in EntityMsg message](https://hackerone.com/reports/584603) to Valve - 197 upvotes, $9000 14 | 12. [Buffer overrun in Steam SILK voice decoder](https://hackerone.com/reports/1180252) to Valve - 177 upvotes, $7500 15 | 13. [[Portal 2] Remote Code Execution via voice packets](https://hackerone.com/reports/733267) to Valve - 165 upvotes, $5000 16 | 14. [[Half-Life 1] Malformed map name leads to memory corruption and code execution](https://hackerone.com/reports/402566) to Valve - 162 upvotes, $1500 17 | 15. [Malformed .BSP Access Violation in CS:GO can lead to Remote Code Execution](https://hackerone.com/reports/351014) to Valve - 149 upvotes, $12500 18 | 16. [ISteamAssets gives partners control over unrelated community market transactions](https://hackerone.com/reports/577584) to Valve - 105 upvotes, $5000 19 | 17. [MySQL username and password leaked in developer.valvesoftware.com via source code dislosure](https://hackerone.com/reports/291057) to Valve - 105 upvotes, $1000 20 | 18. [Specially Crafted Closed Captions File can lead to Remote Code Execution in CS:GO and other Source Games](https://hackerone.com/reports/463286) to Valve - 104 upvotes, $7500 21 | 19. [[help.steampowered.com] Account takeover bruteforcing SteamGuard](https://hackerone.com/reports/407971) to Valve - 104 upvotes, $2500 22 | 20. [Malformed save files (.sav) allow to write files with arbitrary extensions and content in GoldSrc-based games.](https://hackerone.com/reports/458842) to Valve - 99 upvotes, $1500 23 | 21. [Malformed .MDL triggers an Access Violation on GoldSRC (hl.exe)](https://hackerone.com/reports/495793) to Valve - 89 upvotes, $2000 24 | 22. [ImageMagick GIF coder vulnerability leading to memory disclosure](https://hackerone.com/reports/315256) to Valve - 85 upvotes, $1000 25 | 23. [Access to microtransaction sales data for lots of apps from 2014 to present at /valvefinance/sanity/](https://hackerone.com/reports/975212) to Valve - 80 upvotes, $9000 26 | 24. [[steam client] Opening a specific steam:// url overwrites files at an arbitrary location](https://hackerone.com/reports/667242) to Valve - 78 upvotes, $750 27 | 25. [Arbitrary File Write as SYSTEM from unprivileged user](https://hackerone.com/reports/583184) to Valve - 70 upvotes, $1250 28 | 26. [Malformed playlist.txt in GoldSrc games leads to Access Violation & arbitrary code execution](https://hackerone.com/reports/504951) to Valve - 62 upvotes, $1000 29 | 27. [CS:GO Server -\> Client RCE through OOB access in CSVCMsg_SplitScreen + Info leak in HTTP download](https://hackerone.com/reports/1070835) to Valve - 60 upvotes, $7500 30 | 28. [[Source Engine] Material path truncation leads to Remote Code Execution](https://hackerone.com/reports/544096) to Valve - 56 upvotes, $2500 31 | 29. [Steam chat - trade offer presentation vulnerability](https://hackerone.com/reports/745447) to Valve - 56 upvotes, $750 32 | 30. [Buffer overflow In hl.exe's launch -game argument allows an attacker to execute arbitrary code locally or from browser](https://hackerone.com/reports/832750) to Valve - 54 upvotes, $1150 33 | 31. [Big Picture web browser leaks login cookies and discloses sensitive information (may lead to account takeover)](https://hackerone.com/reports/1079561) to Valve - 52 upvotes, $2500 34 | 32. [Link filter protection bypass](https://hackerone.com/reports/291750) to Valve - 50 upvotes, $750 35 | 33. [[CS:GO] Unchecked texture file name with TEXTUREFLAGS_DEPTHRENDERTARGET can lead to Remote Code Execution](https://hackerone.com/reports/550625) to Valve - 46 upvotes, $2500 36 | 34. [Arbitrary file creation with semi-controlled content (leads to DoS, EoP and others) at Steam Windows Client](https://hackerone.com/reports/682774) to Valve - 41 upvotes, $1250 37 | 35. [Stored XXS @ https://steamcommunity.com/search/users/#text= via Profile Name](https://hackerone.com/reports/351171) to Valve - 36 upvotes, $750 38 | 36. [Stored XSS in the guide's GameplayVersion (www.dota2.com)](https://hackerone.com/reports/380045) to Valve - 34 upvotes, $750 39 | 37. [Signedness issue in ClassInfo message handler leads to RCE on CS:GO client](https://hackerone.com/reports/876719) to Valve - 33 upvotes, $7500 40 | 38. [Buffer overflows in demo parsing](https://hackerone.com/reports/350119) to Valve - 33 upvotes, $750 41 | 39. [Hidden scheduled partner events are propagated to Steam clients in CMsgClientClanState](https://hackerone.com/reports/780167) to Valve - 31 upvotes, $750 42 | 40. [Xss was found by exploiting the URL markdown on http://store.steampowered.com](https://hackerone.com/reports/313250) to Valve - 30 upvotes, $1000 43 | 41. [Malformed Skybox .TGA in Half-Life (GoldSRC) leads to Access Violation](https://hackerone.com/reports/351016) to Valve - 30 upvotes, $1000 44 | 42. [Reflected XSS in www.dota2.com](https://hackerone.com/reports/292457) to Valve - 28 upvotes, $350 45 | 43. [Malformed map detailed texture files in GoldSrc games lead to Remote Code Execution](https://hackerone.com/reports/505173) to Valve - 28 upvotes, $350 46 | 44. [LFI in pChart php library](https://hackerone.com/reports/288298) to Valve - 27 upvotes, $1000 47 | 45. [GoldSrc: Buffer Overflow in DELTA_ParseDelta function leads to RCE](https://hackerone.com/reports/484745) to Valve - 25 upvotes, $3000 48 | 46. [code injection, steam chat client](https://hackerone.com/reports/411329) to Valve - 25 upvotes, $750 49 | 47. [[GoldSrc] RCE via malformed BSP file](https://hackerone.com/reports/763403) to Valve - 24 upvotes, $450 50 | 48. [unlock self-lock by brute force ](https://hackerone.com/reports/410221) to Valve - 23 upvotes, $900 51 | 49. [Read Access to all comments on unauthorized forums' discussions! IDOR! ](https://hackerone.com/reports/308610) to Valve - 23 upvotes, $500 52 | 50. [Deleting other people's comments on ModeratorMessages](https://hackerone.com/reports/357952) to Valve - 23 upvotes, $500 53 | 51. [[GoldSrc] RCE via 'spk' Console Command](https://hackerone.com/reports/769014) to Valve - 23 upvotes, $350 54 | 52. [GetReports works for hubs you don't have access to](https://hackerone.com/reports/350937) to Valve - 22 upvotes, $750 55 | 53. [Malformed BSP in GoldSrc Engine may cause shellcode injection](https://hackerone.com/reports/458929) to Valve - 21 upvotes, $1750 56 | 54. [GetGlobalAchievementPercentagesForApp is missing the same release checks as GetSchemaForGame](https://hackerone.com/reports/541020) to Valve - 21 upvotes, $1650 57 | 55. [Unauthorized updates to extended_info properties in /store/ajaxpackagesave](https://hackerone.com/reports/815547) to Valve - 20 upvotes, $2500 58 | 56. [[CS 1.6] Map cycle abuse allows arbitrary file read/write](https://hackerone.com/reports/590279) to Valve - 20 upvotes, $750 59 | 57. [Suspended users can bypass UGC upload ban](https://hackerone.com/reports/354660) to Valve - 19 upvotes, $500 60 | 58. [Privilege Escalation vulnerability in steam's Remote Play feature leads to arbitrary kernel-mode driver installation](https://hackerone.com/reports/852091) to Valve - 17 upvotes, $750 61 | 59. [resetreportedcount & updatetags doesn't verify appid param](https://hackerone.com/reports/351106) to Valve - 16 upvotes, $750 62 | 60. [Potential buffer overflow in demoplayer module of GoldSource Engine](https://hackerone.com/reports/440758) to Valve - 16 upvotes, $200 63 | 61. [Aapp name leakage on economy history page](https://hackerone.com/reports/349681) to Valve - 15 upvotes, $500 64 | 62. [Malformed .WAV triggers an Access Violation on GoldSRC (hl.exe)](https://hackerone.com/reports/495789) to Valve - 14 upvotes, $200 65 | 63. [Reflected XSS on help.steampowered.com](https://hackerone.com/reports/390429) to Valve - 13 upvotes, $750 66 | 64. [ajaxgetachievementsforgame is not guarded for unreleased apps](https://hackerone.com/reports/835087) to Valve - 13 upvotes, $750 67 | 65. [Comment restriction in subsection "Workshop" of domain "steamcommunity.com" can be bypassed using IDOR](https://hackerone.com/reports/365504) to Valve - 13 upvotes, $200 68 | 66. [XSS @ store.steampowered.com via agecheck path name](https://hackerone.com/reports/406704) to Valve - 12 upvotes, $750 69 | 67. [Add apps to packages 0, 61, 62 with /store/ajaxpackagemerge](https://hackerone.com/reports/972243) to Valve - 11 upvotes, $2500 70 | 68. [Vulnerability in GoldSource Engine allows to upload and run an arbitrary DLL on client](https://hackerone.com/reports/508894) to Valve - 11 upvotes, $1000 71 | 69. [Unfiltered input allows for XSS in "Playtime Item Grants" fields](https://hackerone.com/reports/353334) to Valve - 11 upvotes, $750 72 | 70. [[GoldSrc] Remote Code Execution using malicious WAD list in BSP file](https://hackerone.com/reports/675710) to Valve - 11 upvotes, $750 73 | 71. [CSRF | Ban or unban users in broadcast's chat](https://hackerone.com/reports/381237) to Valve - 9 upvotes, $500 74 | -------------------------------------------------------------------------------- /tops_by_program/TOPWORDPRESS.md: -------------------------------------------------------------------------------- 1 | Top reports from WordPress program at HackerOne: 2 | 3 | 1. [Stored XSS Vulnerability](https://hackerone.com/reports/643908) to WordPress - 390 upvotes, $500 4 | 2. [Stored XSS in Private Message component (BuddyPress)](https://hackerone.com/reports/487081) to WordPress - 331 upvotes, $500 5 | 3. [RCE as Admin defeats WordPress hardening and file permissions](https://hackerone.com/reports/436928) to WordPress - 158 upvotes, $800 6 | 4. [Stored XSS on byddypress Plug-in via groups name](https://hackerone.com/reports/592316) to WordPress - 131 upvotes, $450 7 | 5. [Wordpress unzip_file path traversal](https://hackerone.com/reports/205481) to WordPress - 113 upvotes, $800 8 | 6. [Reflected XSS on https://make.wordpress.org via 'channel' parameter](https://hackerone.com/reports/659419) to WordPress - 95 upvotes, $387 9 | 7. [CSRF to HTML Injection in Comments](https://hackerone.com/reports/428019) to WordPress - 94 upvotes, $950 10 | 8. [Clickjacking on donation page](https://hackerone.com/reports/921709) to WordPress - 88 upvotes, $50 11 | 9. [Privilege Escalation via REST API to Administrator leads to RCE](https://hackerone.com/reports/1107282) to WordPress - 84 upvotes, $1125 12 | 10. [Potential unprivileged Stored XSS through wp_targeted_link_rel](https://hackerone.com/reports/509930) to WordPress - 80 upvotes, $650 13 | 11. [Mssing Authorization on Private Message replies (BuddyPress)](https://hackerone.com/reports/490782) to WordPress - 63 upvotes, $375 14 | 12. [plugins.trac.wordpress.org likely vulnerable to Cross Site Tracing (xst), TRACE HTTP method should be disabled](https://hackerone.com/reports/222692) to WordPress - 55 upvotes, $150 15 | 13. [Authenticated XXE](https://hackerone.com/reports/1095645) to WordPress - 39 upvotes, $600 16 | 14. [Multiple stored XSS in WordPress](https://hackerone.com/reports/221507) to WordPress - 35 upvotes, $1200 17 | 15. ["Bad Protocols Validation" Bypass in "wp_kses_bad_protocol_once" using HTML-encoding without trailing semicolons](https://hackerone.com/reports/339483) to WordPress - 34 upvotes, $350 18 | 16. [Logic flaw in the Post creation process allows creating posts with arbitrary types without needing the corresponding nonce](https://hackerone.com/reports/404323) to WordPress - 33 upvotes, $900 19 | 17. [Add users to groups who have restricted group invites](https://hackerone.com/reports/538008) to WordPress - 29 upvotes, $275 20 | 18. [[mercantile.wordpress.org] Reflected XSS via AngularJS Template Injection](https://hackerone.com/reports/230234) to WordPress - 28 upvotes, $300 21 | 19. [Information / sensitive data disclosure on some endpoints](https://hackerone.com/reports/273726) to WordPress - 28 upvotes, $0 22 | 20. [Stored XSS on Broken Themes via filename](https://hackerone.com/reports/406289) to WordPress - 24 upvotes, $300 23 | 21. [Authenticated Stored Cross-site Scripting in bbPress](https://hackerone.com/reports/881918) to WordPress - 24 upvotes, $225 24 | 22. [Open API For Username enumeration](https://hackerone.com/reports/385322) to WordPress - 24 upvotes, $0 25 | 23. [Wordpress 4.7.2 - Two XSS in Media Upload when file too large.](https://hackerone.com/reports/203515) to WordPress - 23 upvotes, $350 26 | 24. [XSS via unicode characters in upload filename](https://hackerone.com/reports/179695) to WordPress - 22 upvotes, $600 27 | 25. [Reflected Swf XSS In ( plugins.svn.wordpress.org )](https://hackerone.com/reports/270060) to WordPress - 21 upvotes, $350 28 | 26. [DOM Based XSS In mercantile.wordpress.org](https://hackerone.com/reports/230435) to WordPress - 21 upvotes, $275 29 | 27. [Wordpress 4.7 - CSRF -\> HTTP SSRF any private ip:port and basic-auth](https://hackerone.com/reports/187520) to WordPress - 20 upvotes, $750 30 | 28. [[FG-VD-18-165] Wordpress Cross-Site Scripting Vulnerability Notification II](https://hackerone.com/reports/460911) to WordPress - 20 upvotes, $650 31 | 29. [Content Spoofing @ https://irclogs.wordpress.org/](https://hackerone.com/reports/278151) to WordPress - 20 upvotes, $0 32 | 30. [Infrastructure - Photon - SSRF](https://hackerone.com/reports/204513) to WordPress - 19 upvotes, $350 33 | 31. [Arbitrary change of blog's background image via CSRF](https://hackerone.com/reports/881855) to WordPress - 19 upvotes, $350 34 | 32. [XSS in the search bar of mercantile.wordpress.org](https://hackerone.com/reports/221893) to WordPress - 18 upvotes, $275 35 | 33. [WordPress DB Class, bad implementation of prepare method guides to sqli and information disclosure](https://hackerone.com/reports/179920) to WordPress - 17 upvotes, $0 36 | 34. [Reflected XSS at https://da.wordpress.org/themes/?s= via "s=" parameter ](https://hackerone.com/reports/222040) to WordPress - 16 upvotes, $387 37 | 35. [Arbitrary file deletion in wp-core - guides towards RCE and information disclosure](https://hackerone.com/reports/291878) to WordPress - 16 upvotes, $0 38 | 36. [CSRF to add admin [wordpress]](https://hackerone.com/reports/149589) to WordPress - 15 upvotes, $1337 39 | 37. [Authenticated Cross-site Scripting in Template Name](https://hackerone.com/reports/220903) to WordPress - 15 upvotes, $350 40 | 38. [Reflected XSS: Taxonomy Converter via tax parameter](https://hackerone.com/reports/495515) to WordPress - 15 upvotes, $275 41 | 39. [Clickjacking In jobs.wordpress.net](https://hackerone.com/reports/223024) to WordPress - 15 upvotes, $0 42 | 40. [Stored self-XSS in mercantile.wordpress.org checkout](https://hackerone.com/reports/230232) to WordPress - 14 upvotes, $275 43 | 41. [Buddypress 2.9.1 - Exceeding the maximum upload size - XSS leading to potential RCE. ](https://hackerone.com/reports/263109) to WordPress - 14 upvotes, $275 44 | 42. [Open Redirect on the nl.wordpress.net](https://hackerone.com/reports/309058) to WordPress - 14 upvotes, $50 45 | 43. [Clickjacking wordcamp.org](https://hackerone.com/reports/230581) to WordPress - 14 upvotes, $0 46 | 44. [Stored XSS in Post Preview as Contributor](https://hackerone.com/reports/497724) to WordPress - 13 upvotes, $650 47 | 45. [[mercantile.wordpress.org] Reflected XSS](https://hackerone.com/reports/240256) to WordPress - 13 upvotes, $225 48 | 46. [Missing SSL can leak job token ](https://hackerone.com/reports/222036) to WordPress - 12 upvotes, $0 49 | 47. [pre-auth Stored XSS in comments via javascript: url when administrator edits user supplied comment](https://hackerone.com/reports/633231) to WordPress - 11 upvotes, $650 50 | 48. [Clickjacking mercantile.wordpress.org](https://hackerone.com/reports/264125) to WordPress - 11 upvotes, $0 51 | 49. [Stored xss via template injection](https://hackerone.com/reports/250837) to WordPress - 10 upvotes, $300 52 | 50. [[support.wordcamp.org] - publicly accessible .svn repository](https://hackerone.com/reports/309714) to WordPress - 10 upvotes, $0 53 | 51. [MediaElements XSS](https://hackerone.com/reports/299112) to WordPress - 9 upvotes, $450 54 | 52. [Lack of Sanitization and Insufficient Authentication](https://hackerone.com/reports/249759) to WordPress - 9 upvotes, $300 55 | 53. [code.wordpress.net subdomain Takeover](https://hackerone.com/reports/295330) to WordPress - 9 upvotes, $25 56 | 54. [Stored XSS on Wordpress 5.3 via Title Post](https://hackerone.com/reports/754352) to WordPress - 9 upvotes, $0 57 | 55. [[Buddypress] Arbitrary File Deletion through bp_avatar_set](https://hackerone.com/reports/183568) to WordPress - 8 upvotes, $350 58 | 56. [XSS on support.wordcamp.org in ajax-quote.php](https://hackerone.com/reports/355773) to WordPress - 8 upvotes, $225 59 | 57. [Allow authenticated users can edit, trash,and add new in BuddyPress Emails function](https://hackerone.com/reports/833782) to WordPress - 8 upvotes, $225 60 | 58. [Stored but [SELF] XSS in mercantile.wordpress.org](https://hackerone.com/reports/222224) to WordPress - 8 upvotes, $150 61 | 59. [Self-XSS in WordPress Editor Link Modal](https://hackerone.com/reports/224556) to WordPress - 8 upvotes, $150 62 | 60. [xss - reflected](https://hackerone.com/reports/384112) to WordPress - 8 upvotes, $50 63 | 61. [Clickjacking - https://mercantile.wordpress.org/](https://hackerone.com/reports/258283) to WordPress - 8 upvotes, $0 64 | 62. [[BuddyPress 2.9.1] Open Redirect via "wp_http_referer" parameter on "bp-profile-edit" endpoint](https://hackerone.com/reports/277502) to WordPress - 7 upvotes, $275 65 | 63. [Lack of Password Confirmation when Changing Password and Email](https://hackerone.com/reports/224214) to WordPress - 7 upvotes, $0 66 | 64. [WordPress core - Denial of Service via Cross Site Request Forgery](https://hackerone.com/reports/153093) to WordPress - 6 upvotes, $250 67 | 65. [Account takeover vulnerability by editor role privileged users/attackers via clickjacking](https://hackerone.com/reports/388254) to WordPress - 6 upvotes, $0 68 | 66. [Unauthenticated hidden groups disclosure via Ajax groups search](https://hackerone.com/reports/282176) to WordPress - 5 upvotes, $275 69 | 67. [CSRF in Profile Fields allows deleting any field in BuddyPress](https://hackerone.com/reports/836187) to WordPress - 5 upvotes, $225 70 | 68. [Improper Access Control in Buddypress core allows reply,delete any user's activity](https://hackerone.com/reports/837256) to WordPress - 4 upvotes, $225 71 | 69. [Administrator(s) Information disclosure via JSON on wordpress.org](https://hackerone.com/reports/221734) to WordPress - 4 upvotes, $0 72 | 70. [Wordpress 4.8.1 - Rogue editor leads to RCE. And the risks of same origin frame scripting in general](https://hackerone.com/reports/263718) to WordPress - 4 upvotes, $0 73 | 71. [Privilege Escalation in BuddyPress core allows Moderate to Administrator ](https://hackerone.com/reports/837018) to WordPress - 3 upvotes, $225 74 | 72. [Stored XSS in WordPress](https://hackerone.com/reports/276105) to WordPress - 3 upvotes, $0 75 | 73. [Parameter tampering : Price Manipulation of Products](https://hackerone.com/reports/682344) to WordPress - 3 upvotes, $0 76 | 74. [antispambot does not always escape \<, \>, &, " and '](https://hackerone.com/reports/298218) to WordPress - 3 upvotes, $0 77 | 75. [CSRF on comment post](https://hackerone.com/reports/914232) to WordPress - 3 upvotes, $0 78 | 76. [Clickjacking irclogs.wordpress.org](https://hackerone.com/reports/267075) to WordPress - 2 upvotes, $0 79 | 77. [WordPress Automatic Update Protocol Does Not Authenticate Updates Provided by the Server](https://hackerone.com/reports/228854) to WordPress - 2 upvotes, $0 80 | 78. [UnResolved ChangeSet are Visible to Public That also Causes Information Disclosure](https://hackerone.com/reports/282843) to WordPress - 0 upvotes, $0 81 | -------------------------------------------------------------------------------- /tops_by_program/TOPPARAGONINITIATIVEENTERPRISES.md: -------------------------------------------------------------------------------- 1 | Top reports from Paragon Initiative Enterprises program at HackerOne: 2 | 3 | 1. [BAD Code ! ](https://hackerone.com/reports/180074) to Paragon Initiative Enterprises - 483 upvotes, $0 4 | 2. [DMARC Not found for paragonie.com URGENT](https://hackerone.com/reports/179828) to Paragon Initiative Enterprises - 136 upvotes, $0 5 | 3. [Subdomain Takeover](https://hackerone.com/reports/180393) to Paragon Initiative Enterprises - 67 upvotes, $0 6 | 4. [I am because bug](https://hackerone.com/reports/226094) to Paragon Initiative Enterprises - 38 upvotes, $0 7 | 5. [ssl info shown ](https://hackerone.com/reports/149369) to Paragon Initiative Enterprises - 31 upvotes, $0 8 | 6. [[Critical] billion dollars issue](https://hackerone.com/reports/244836) to Paragon Initiative Enterprises - 29 upvotes, $0 9 | 7. [Stored Cross-Site-Scripting in CMS Airship's authors profiles](https://hackerone.com/reports/148741) to Paragon Initiative Enterprises - 23 upvotes, $50 10 | 8. [Email Spoof](https://hackerone.com/reports/115452) to Paragon Initiative Enterprises - 16 upvotes, $0 11 | 9. [Site support SNI But Browser can't](https://hackerone.com/reports/149442) to Paragon Initiative Enterprises - 15 upvotes, $0 12 | 10. [Content-type sniffing leads to stored XSS in CMS Airship on Internet Explorer ](https://hackerone.com/reports/151231) to Paragon Initiative Enterprises - 15 upvotes, $0 13 | 11. [Spf ](https://hackerone.com/reports/116927) to Paragon Initiative Enterprises - 14 upvotes, $0 14 | 12. [Stored XSS using SVG ](https://hackerone.com/reports/148853) to Paragon Initiative Enterprises - 12 upvotes, $50 15 | 13. [Paragonie Airship Admin CSRF on Extensions Pages](https://hackerone.com/reports/243094) to Paragon Initiative Enterprises - 11 upvotes, $100 16 | 14. [Full directory path listing](https://hackerone.com/reports/230098) to Paragon Initiative Enterprises - 10 upvotes, $0 17 | 15. [Improper access control lead To delete anyone comment](https://hackerone.com/reports/273805) to Paragon Initiative Enterprises - 8 upvotes, $100 18 | 16. [Directory Disclose,Email Disclose Zendmail vulnerability](https://hackerone.com/reports/228112) to Paragon Initiative Enterprises - 8 upvotes, $50 19 | 17. [Stored XSS in comments](https://hackerone.com/reports/148751) to Paragon Initiative Enterprises - 6 upvotes, $25 20 | 18. [[Airship CMS] Local File Inclusion - RST Parser](https://hackerone.com/reports/179034) to Paragon Initiative Enterprises - 6 upvotes, $0 21 | 19. [Incorrect detection of onion URLs](https://hackerone.com/reports/181210) to Paragon Initiative Enterprises - 5 upvotes, $50 22 | 20. [Session Management](https://hackerone.com/reports/145300) to Paragon Initiative Enterprises - 5 upvotes, $0 23 | 21. [Issue with password reset functionality [Minor]](https://hackerone.com/reports/149027) to Paragon Initiative Enterprises - 5 upvotes, $0 24 | 22. [Incomplete fix for #181225 (target=_blank vulnerability)](https://hackerone.com/reports/226104) to Paragon Initiative Enterprises - 5 upvotes, $0 25 | 23. [Open-redirect on paragonie.com](https://hackerone.com/reports/113112) to Paragon Initiative Enterprises - 4 upvotes, $50 26 | 24. [Cross-site-Scripting](https://hackerone.com/reports/226203) to Paragon Initiative Enterprises - 4 upvotes, $50 27 | 25. [Invited user to a Author profile can remove the owner of that Author](https://hackerone.com/reports/274541) to Paragon Initiative Enterprises - 4 upvotes, $50 28 | 26. [CSRF AT SUBSCRIBE TO LIST ](https://hackerone.com/reports/115323) to Paragon Initiative Enterprises - 4 upvotes, $0 29 | 27. [Broken Authentication & Session Management - Failure to Invalidate Session on all other browsers at Password change](https://hackerone.com/reports/226712) to Paragon Initiative Enterprises - 4 upvotes, $0 30 | 28. [Airship: Persistent XSS via Comment](https://hackerone.com/reports/301973) to Paragon Initiative Enterprises - 4 upvotes, $0 31 | 29. [CSRF token does not valided during blog comment](https://hackerone.com/reports/273998) to Paragon Initiative Enterprises - 3 upvotes, $25 32 | 30. [User enumeration via Password reset page [Minor]](https://hackerone.com/reports/148911) to Paragon Initiative Enterprises - 3 upvotes, $0 33 | 31. [Email Spoofing With Your Website's Email](https://hackerone.com/reports/163156) to Paragon Initiative Enterprises - 3 upvotes, $0 34 | 32. [SMTP server allows anonymous relay from internal addresses to internal addresses](https://hackerone.com/reports/144385) to Paragon Initiative Enterprises - 3 upvotes, $0 35 | 33. [Github repo's wiki publicly editable](https://hackerone.com/reports/461429) to Paragon Initiative Enterprises - 3 upvotes, $0 36 | 34. [Recaptcha Secret key Leaked](https://hackerone.com/reports/1416665) to Paragon Initiative Enterprises - 3 upvotes, $0 37 | 35. [Missing rel=noopener noreferrer in target=_blank links (Phishing attack)](https://hackerone.com/reports/181225) to Paragon Initiative Enterprises - 2 upvotes, $50 38 | 36. [Information Disclosure in Error Page](https://hackerone.com/reports/115219) to Paragon Initiative Enterprises - 2 upvotes, $0 39 | 37. [Missing SPF](https://hackerone.com/reports/115294) to Paragon Initiative Enterprises - 2 upvotes, $0 40 | 38. [Email spoofing in security@paragonie.com](https://hackerone.com/reports/148763) to Paragon Initiative Enterprises - 2 upvotes, $0 41 | 39. [Nginx Version Disclosure On Forbidden Page](https://hackerone.com/reports/148768) to Paragon Initiative Enterprises - 2 upvotes, $0 42 | 40. [Full path disclosure when CSRF validation failed ](https://hackerone.com/reports/148890) to Paragon Initiative Enterprises - 2 upvotes, $0 43 | 41. [Session Management Issue CMS Airship](https://hackerone.com/reports/148914) to Paragon Initiative Enterprises - 2 upvotes, $0 44 | 42. [[URGENT] Password reset emails are sent in clear-text (without encryption)](https://hackerone.com/reports/149028) to Paragon Initiative Enterprises - 2 upvotes, $0 45 | 43. [Full Path Disclosure by removing CSRF token](https://hackerone.com/reports/150018) to Paragon Initiative Enterprises - 2 upvotes, $0 46 | 44. [Not clearing hex-decoded variable after usage in Authentication](https://hackerone.com/reports/168293) to Paragon Initiative Enterprises - 2 upvotes, $0 47 | 45. [directory information disclose](https://hackerone.com/reports/226212) to Paragon Initiative Enterprises - 2 upvotes, $0 48 | 46. [Full Path Disclousure on https://airship.paragonie.com](https://hackerone.com/reports/226514) to Paragon Initiative Enterprises - 2 upvotes, $0 49 | 47. [no session logout after changing the password in https://bridge.cspr.ng/](https://hackerone.com/reports/226518) to Paragon Initiative Enterprises - 2 upvotes, $0 50 | 48. [Improper validation of Email ](https://hackerone.com/reports/226334) to Paragon Initiative Enterprises - 2 upvotes, $0 51 | 49. [Your Application Have Cacheable SSL Pages](https://hackerone.com/reports/115296) to Paragon Initiative Enterprises - 2 upvotes, $0 52 | 50. [Github wikis are editable by anyone https://github.com/paragonie/password_lock/wiki](https://hackerone.com/reports/661977) to Paragon Initiative Enterprises - 2 upvotes, $0 53 | 51. [Full Path Disclosure](https://hackerone.com/reports/115337) to Paragon Initiative Enterprises - 1 upvotes, $50 54 | 52. [Vunerability : spf](https://hackerone.com/reports/130990) to Paragon Initiative Enterprises - 1 upvotes, $0 55 | 53. [DNSsec not configured](https://hackerone.com/reports/115246) to Paragon Initiative Enterprises - 1 upvotes, $0 56 | 54. [The Anti-CSRF Library fails to restrict token to a particular IP address when being behind a reverse-proxy/WAF](https://hackerone.com/reports/134894) to Paragon Initiative Enterprises - 1 upvotes, $0 57 | 55. [Missing SPF for paragonie.com](https://hackerone.com/reports/115315) to Paragon Initiative Enterprises - 1 upvotes, $0 58 | 56. [SSL certificate public key less than 2048 bit](https://hackerone.com/reports/115271) to Paragon Initiative Enterprises - 1 upvotes, $0 59 | 57. [Email Authentication Bypass](https://hackerone.com/reports/135283) to Paragon Initiative Enterprises - 1 upvotes, $0 60 | 58. [Full path disclosure vulnerability on paragonie.com](https://hackerone.com/reports/145260) to Paragon Initiative Enterprises - 1 upvotes, $0 61 | 59. [Email Authentication bypass Vulnerability](https://hackerone.com/reports/115245) to Paragon Initiative Enterprises - 1 upvotes, $0 62 | 60. [Cross-domain AJAX request](https://hackerone.com/reports/113339) to Paragon Initiative Enterprises - 1 upvotes, $0 63 | 61. [Email spoofing](https://hackerone.com/reports/115232) to Paragon Initiative Enterprises - 1 upvotes, $0 64 | 62. [Missing SPF records for paragonie.com](https://hackerone.com/reports/115250) to Paragon Initiative Enterprises - 1 upvotes, $0 65 | 63. [file full path discloser.](https://hackerone.com/reports/116057) to Paragon Initiative Enterprises - 1 upvotes, $0 66 | 64. [Missing SPF for paragonie.com](https://hackerone.com/reports/115390) to Paragon Initiative Enterprises - 1 upvotes, $0 67 | 65. [Blind SQL INJ](https://hackerone.com/reports/115304) to Paragon Initiative Enterprises - 1 upvotes, $0 68 | 66. [Airship doesn't reject weak passwords](https://hackerone.com/reports/148903) to Paragon Initiative Enterprises - 1 upvotes, $0 69 | 67. [Using plain git protocol (vulnerable to MITM)](https://hackerone.com/reports/181214) to Paragon Initiative Enterprises - 1 upvotes, $0 70 | 68. [There is an vulnerability in https://bridge.cspr.ng where an attacker can users directory](https://hackerone.com/reports/226505) to Paragon Initiative Enterprises - 1 upvotes, $0 71 | 69. [Missing SPF for https://paragonie.com/](https://hackerone.com/reports/115214) to Paragon Initiative Enterprises - 0 upvotes, $0 72 | 70. [Missing GIT tag/commit verification in Docker](https://hackerone.com/reports/181212) to Paragon Initiative Enterprises - 0 upvotes, $0 73 | 71. [Not using Binary::safe* functions for substr/strlen function](https://hackerone.com/reports/181315) to Paragon Initiative Enterprises - 0 upvotes, $0 74 | 72. [Non-secure requests are not automatically upgraded to HTTPS](https://hackerone.com/reports/241950) to Paragon Initiative Enterprises - 0 upvotes, $0 75 | 73. [Full Path Disclosure in airship.paragonie.com '/cabins/'](https://hackerone.com/reports/226343) to Paragon Initiative Enterprises - 0 upvotes, $0 76 | 74. [Full Path Disclosure in password lock](https://hackerone.com/reports/115422) to Paragon Initiative Enterprises - 0 upvotes, $0 77 | 75. [Full Path Disclosure In EasyDB](https://hackerone.com/reports/119494) to Paragon Initiative Enterprises - 0 upvotes, $0 78 | -------------------------------------------------------------------------------- /tops_by_program/TOPCURL.md: -------------------------------------------------------------------------------- 1 | Top reports from curl program at HackerOne: 2 | 3 | 1. [CVE-2021-22901: TLS session caching disaster](https://hackerone.com/reports/1180380) to curl - 70 upvotes, $2000 4 | 2. [curl overwrite local file with -J](https://hackerone.com/reports/887462) to curl - 52 upvotes, $700 5 | 3. [CVE-2020-8286: Inferior OCSP verification](https://hackerone.com/reports/1048457) to curl - 49 upvotes, $900 6 | 4. [CVE-2020-8284: trusting FTP PASV responses](https://hackerone.com/reports/1040166) to curl - 30 upvotes, $700 7 | 5. [Windows Privilege Escalation: Malicious OpenSSL Engine](https://hackerone.com/reports/608577) to curl - 23 upvotes, $200 8 | 6. [An integer overflow found in /lib/urlapi.c](https://hackerone.com/reports/547630) to curl - 23 upvotes, $150 9 | 7. [Partial password leak over DNS on HTTP redirect](https://hackerone.com/reports/874778) to curl - 21 upvotes, $400 10 | 8. [CVE-2022-27776: Auth/cookie leak on redirect ](https://hackerone.com/reports/1547048) to curl - 17 upvotes, $0 11 | 9. [CVE-2021-22945: UAF and double-free in MQTT sending](https://hackerone.com/reports/1269242) to curl - 14 upvotes, $1000 12 | 10. [Heap Buffer Overflow at lib/tftp.c](https://hackerone.com/reports/550696) to curl - 13 upvotes, $200 13 | 11. [Connect-only connections can use the wrong connection](https://hackerone.com/reports/948876) to curl - 11 upvotes, $500 14 | 12. [Heap buffer overflow in TFTP when using small blksize](https://hackerone.com/reports/684603) to curl - 11 upvotes, $250 15 | 13. [CVE-2021-22897: schannel cipher selection surprise](https://hackerone.com/reports/1172857) to curl - 10 upvotes, $800 16 | 14. [SMB access smuggling via FILE URL on Windows](https://hackerone.com/reports/726117) to curl - 9 upvotes, $400 17 | 15. [CVE-2021-22946: Protocol downgrade required TLS bypassed](https://hackerone.com/reports/1334111) to curl - 8 upvotes, $1000 18 | 16. [CVE-2021-22947: STARTTLS protocol injection via MITM](https://hackerone.com/reports/1334763) to curl - 7 upvotes, $1500 19 | 17. [CVE-2022-27778: curl removes wrong file on error](https://hackerone.com/reports/1553598) to curl - 7 upvotes, $0 20 | 18. [krb5: double-free in read_data() after realloc() fail](https://hackerone.com/reports/686823) to curl - 6 upvotes, $200 21 | 19. [CVE-2021-22890: TLS 1.3 session ticket proxy host mixup](https://hackerone.com/reports/1129529) to curl - 6 upvotes, $0 22 | 20. [--libcurl code injection via trigraphs](https://hackerone.com/reports/1548535) to curl - 6 upvotes, $0 23 | 21. [CVE-2022-27774: Credential leak on redirect](https://hackerone.com/reports/1543773) to curl - 6 upvotes, $0 24 | 22. [CVE-2022-27780: percent-encoded path separator in URL host](https://hackerone.com/reports/1553841) to curl - 6 upvotes, $0 25 | 23. [CVE-2021-22898: TELNET stack contents disclosure](https://hackerone.com/reports/1176461) to curl - 5 upvotes, $1000 26 | 24. [CVE-2021-22876: Automatic referer leaks credentials](https://hackerone.com/reports/1101882) to curl - 5 upvotes, $800 27 | 25. [Github wikis are editable by anyone #Githubwikistakeover](https://hackerone.com/reports/545052) to curl - 5 upvotes, $0 28 | 26. [ Remote memory disclosure vulnerability in libcurl on 64 Bit Windows](https://hackerone.com/reports/1444539) to curl - 5 upvotes, $0 29 | 27. [CVE-2022-22576: OAUTH2 bearer bypass in connection re-use](https://hackerone.com/reports/1526328) to curl - 5 upvotes, $0 30 | 28. [CVE-2022-30115: HSTS bypass via trailing dot](https://hackerone.com/reports/1557449) to curl - 5 upvotes, $0 31 | 29. [CVE-2021-22924: Bad connection reuse due to flawed path name checks](https://hackerone.com/reports/1223565) to curl - 4 upvotes, $1200 32 | 30. [Signed integer overflow in tool_progress_cb()](https://hackerone.com/reports/591770) to curl - 4 upvotes, $0 33 | 31. [Invalid write (or double free) triggers curl command line tool crash](https://hackerone.com/reports/875775) to curl - 4 upvotes, $0 34 | 32. [Integer overflows in tool_operate.c at line 1541](https://hackerone.com/reports/661847) to curl - 4 upvotes, $0 35 | 33. [SSRF via maliciously crafted URL due to host confusion](https://hackerone.com/reports/704621) to curl - 4 upvotes, $0 36 | 34. [CVE-2022-27782: TLS and SSH connection too eager reuse](https://hackerone.com/reports/1555796) to curl - 4 upvotes, $0 37 | 35. [CVE-2021-22925: TELNET stack contents disclosure again](https://hackerone.com/reports/1223882) to curl - 3 upvotes, $800 38 | 36. [CVE-2021-22922: Wrong content via metalink not discarded](https://hackerone.com/reports/1213175) to curl - 3 upvotes, $700 39 | 37. [CVE-2021-22923: Metalink download sends credentials](https://hackerone.com/reports/1213181) to curl - 3 upvotes, $700 40 | 38. [Active Mixed Content over HTTPS](https://hackerone.com/reports/640532) to curl - 3 upvotes, $0 41 | 39. [curl overwrites local file with -J option if file non-readable, but file writable.](https://hackerone.com/reports/926638) to curl - 3 upvotes, $0 42 | 40. [Poll loop/hang on incomplete HTTP header](https://hackerone.com/reports/889160) to curl - 3 upvotes, $0 43 | 41. [Integer overflow in the source code tool_cb_prg.c](https://hackerone.com/reports/600359) to curl - 3 upvotes, $0 44 | 42. [Denial of Service vulnerability in curl when parsing MQTT server response](https://hackerone.com/reports/1521610) to curl - 3 upvotes, $0 45 | 43. [CURLOPT_SSH_HOST_PUBLIC_KEY_MD5 bypass if string not 32 chars](https://hackerone.com/reports/1549461) to curl - 3 upvotes, $0 46 | 44. [CVE-2022-27775: Bad local IPv6 connection reuse](https://hackerone.com/reports/1546268) to curl - 3 upvotes, $0 47 | 45. [CVE-2022-27779: cookie for trailing dot TLD](https://hackerone.com/reports/1553301) to curl - 3 upvotes, $0 48 | 46. [Memory leak in CURLOPT_XOAUTH2_BEARER](https://hackerone.com/reports/1567257) to curl - 3 upvotes, $0 49 | 47. [Credential leak on redirect](https://hackerone.com/reports/1568175) to curl - 3 upvotes, $0 50 | 48. [CVE-2022-27781: CERTINFO never-ending busy-loop](https://hackerone.com/reports/1555441) to curl - 3 upvotes, $0 51 | 49. [CVE-2021-22926: CURLOPT_SSLCERT mixup with Secure Transport](https://hackerone.com/reports/1234760) to curl - 2 upvotes, $1000 52 | 50. [Abusing URL Parsers by long schema name](https://hackerone.com/reports/1049624) to curl - 2 upvotes, $0 53 | 51. [Heap Buffer Overflow (READ of size 1) in ourWriteOut](https://hackerone.com/reports/765664) to curl - 2 upvotes, $0 54 | 52. [Libcurl ocasionally sends HTTPS traffic to port 443 rather than specified port 8080](https://hackerone.com/reports/637800) to curl - 2 upvotes, $0 55 | 53. [Integer overlow in "header_append" function](https://hackerone.com/reports/627245) to curl - 2 upvotes, $0 56 | 54. [curl on Windows can be forced to execute code via OpenSSL environment variables](https://hackerone.com/reports/714215) to curl - 2 upvotes, $0 57 | 55. [Binary output bypass](https://hackerone.com/reports/1468962) to curl - 2 upvotes, $0 58 | 56. [CURLOPT_SSH_HOST_PUBLIC_KEY_SHA256 comparison disaster](https://hackerone.com/reports/1549435) to curl - 2 upvotes, $0 59 | 57. [Insecure Frame (External)](https://hackerone.com/reports/640530) to curl - 1 upvotes, $0 60 | 58. [Parallel upload hangs curl if upload file not found](https://hackerone.com/reports/1019372) to curl - 1 upvotes, $0 61 | 59. [CVE-2020-8285: FTP wildcard stack overflow](https://hackerone.com/reports/1045844) to curl - 1 upvotes, $0 62 | 60. [libcurl: SMTP end-of-response out-of-bounds read - CVE-2019-3823](https://hackerone.com/reports/518097) to curl - 1 upvotes, $0 63 | 61. [Race condition with CURL_LOCK_DATA_CONNECT can cause connections to be used at the same time](https://hackerone.com/reports/724134) to curl - 1 upvotes, $0 64 | 62. [Division by zero if terminal width is 2](https://hackerone.com/reports/774883) to curl - 1 upvotes, $0 65 | 63. [Unexpected access to process open files via file:///proc/self/fd/n](https://hackerone.com/reports/770190) to curl - 1 upvotes, $0 66 | 64. [use after free in cookie.c](https://hackerone.com/reports/707006) to curl - 1 upvotes, $0 67 | 65. [Potential invocation of qsort on uninitialized memory during cookie save](https://hackerone.com/reports/696822) to curl - 1 upvotes, $0 68 | 66. [Resource leak when using a normal site as DOH server](https://hackerone.com/reports/694988) to curl - 1 upvotes, $0 69 | 67. [Buffer write overflow when forming dns over http request](https://hackerone.com/reports/694449) to curl - 1 upvotes, $0 70 | 68. [Integer overflow at line 1603 in the src/operator.c file](https://hackerone.com/reports/662412) to curl - 1 upvotes, $0 71 | 69. [huge COLUMNS causes progress-bar to buffer overflow](https://hackerone.com/reports/636013) to curl - 1 upvotes, $0 72 | 70. [Inadequate Cryptographic Key Size and Insecure Cryptographic Mode. File Name :- curl_ntlm_core.c](https://hackerone.com/reports/1113663) to curl - 1 upvotes, $0 73 | 71. [Proxy-Authorization header carried to a new host on a redirect](https://hackerone.com/reports/1086259) to curl - 1 upvotes, $0 74 | 72. [Occasional use-after-free in multi_done() libcurl-7.81.0](https://hackerone.com/reports/1463013) to curl - 1 upvotes, $0 75 | 73. [Use of Unsafe function || Strcpy](https://hackerone.com/reports/1485379) to curl - 1 upvotes, $0 76 | 74. [curl proceeds with unsafe connections when -K file can't be read](https://hackerone.com/reports/1542881) to curl - 1 upvotes, $0 77 | 75. [Certificate authentication re-use on redirect](https://hackerone.com/reports/1563061) to curl - 1 upvotes, $0 78 | 76. [Cookie injection from non-secure context](https://hackerone.com/reports/1560324) to curl - 1 upvotes, $0 79 | 77. [error parse uri path in curl](https://hackerone.com/reports/1566462) to curl - 1 upvotes, $0 80 | 78. [Port and service scanning on localhost due to improper URL validation.](https://hackerone.com/reports/773313) to curl - 0 upvotes, $0 81 | 79. [Data race conditions reported by helgrind when performing parallel DNS queries in libcurl](https://hackerone.com/reports/1019457) to curl - 0 upvotes, $0 82 | 80. [Only OpenSSL handles a CRL when passed in via CApath ](https://hackerone.com/reports/713975) to curl - 0 upvotes, $0 83 | 81. [curl successfully matches IP address literal in URL against IP address literal in certificate Common Name](https://hackerone.com/reports/715413) to curl - 0 upvotes, $0 84 | 82. [Curl_auth_create_plain_message integer overflow leads to heap buffer overflow](https://hackerone.com/reports/872089) to curl - 0 upvotes, $0 85 | 83. [curl still vulnerable to SMB access smuggling via FILE URL on Windows](https://hackerone.com/reports/812969) to curl - 0 upvotes, $0 86 | 84. [Incorrect IPv6 literal parsing leads to validated connection to unexpected https server.](https://hackerone.com/reports/688048) to curl - 0 upvotes, $0 87 | 85. [Double-free of `trailers_buf' on `Curl_http_compile_trailers()` failure](https://hackerone.com/reports/687734) to curl - 0 upvotes, $0 88 | -------------------------------------------------------------------------------- /tops_by_program/TOPCONCRETECMS.md: -------------------------------------------------------------------------------- 1 | Top reports from Concrete CMS program at HackerOne: 2 | 3 | 1. [Remote Code Execution (Reverse Shell) - File Manager](https://hackerone.com/reports/768322) to Concrete CMS - 111 upvotes, $0 4 | 2. [Time-base SQL Injection in Search Users](https://hackerone.com/reports/876800) to Concrete CMS - 56 upvotes, $0 5 | 3. [Password Reset link hijacking via Host Header Poisoning ](https://hackerone.com/reports/226659) to Concrete CMS - 53 upvotes, $0 6 | 4. [SVG file that HTML Included is able to upload via File Manager](https://hackerone.com/reports/437863) to Concrete CMS - 26 upvotes, $0 7 | 5. [Arbitrary File delete via PHAR deserialization](https://hackerone.com/reports/921288) to Concrete CMS - 25 upvotes, $0 8 | 6. [XSS in select attribute options](https://hackerone.com/reports/753567) to Concrete CMS - 20 upvotes, $0 9 | 7. [SSRF thru File Replace](https://hackerone.com/reports/243865) to Concrete CMS - 17 upvotes, $0 10 | 8. [Reflected XSS vulnerability in Database name field on installation screen](https://hackerone.com/reports/289330) to Concrete CMS - 17 upvotes, $0 11 | 9. [Authenticated path traversal to RCE](https://hackerone.com/reports/1102067) to Concrete CMS - 16 upvotes, $0 12 | 10. ['cnvID' parameter vulnerable to Insecure Direct Object References](https://hackerone.com/reports/265284) to Concrete CMS - 15 upvotes, $0 13 | 11. [Cross Site Scripting (XSS) Stored - Private messaging](https://hackerone.com/reports/768313) to Concrete CMS - 15 upvotes, $0 14 | 12. [Remote Code Execution through Extension Bypass on Log Functionality](https://hackerone.com/reports/841947) to Concrete CMS - 14 upvotes, $0 15 | 13. [Local File Inclusion path bypass](https://hackerone.com/reports/147570) to Concrete CMS - 13 upvotes, $0 16 | 14. [Stored XSS in Headline TextControl element in Express forms [ concrete5 8.1.0 ]](https://hackerone.com/reports/230278) to Concrete CMS - 12 upvotes, $0 17 | 15. [Unauthenticated reflected XSS in preview_as_user function](https://hackerone.com/reports/643442) to Concrete CMS - 12 upvotes, $0 18 | 16. [SSRF bypass](https://hackerone.com/reports/863221) to Concrete CMS - 11 upvotes, $0 19 | 17. [Bypass auth.email-domains](https://hackerone.com/reports/4795) to Concrete CMS - 9 upvotes, $0 20 | 18. [Local File Inclusion Vulnerability in Concrete5 version 5.7.3.1](https://hackerone.com/reports/59665) to Concrete CMS - 9 upvotes, $0 21 | 19. [CSRF Full Account Takeover](https://hackerone.com/reports/152052) to Concrete CMS - 9 upvotes, $0 22 | 20. [Stored XSS in Pages SEO dialog Name field (concrete5 8.1.0)](https://hackerone.com/reports/230029) to Concrete CMS - 9 upvotes, $0 23 | 21. [Stored XSS vulnerability in RSS Feeds Description field](https://hackerone.com/reports/248133) to Concrete CMS - 9 upvotes, $0 24 | 22. [A bypass of adding remote files in concrete5 FIlemanager leads to remote code execution](https://hackerone.com/reports/1350444) to Concrete CMS - 9 upvotes, $0 25 | 23. [HttpOnly flag not set for cookie on concrete5.org](https://hackerone.com/reports/4792) to Concrete CMS - 8 upvotes, $0 26 | 24. [Stored XSS in Private Messages 'Reply' allows to execute malicious JavaScript against any user while replying to the message which contains payload](https://hackerone.com/reports/247517) to Concrete CMS - 8 upvotes, $0 27 | 25. [Stored unauth XSS in calendar event via CSRF](https://hackerone.com/reports/1102018) to Concrete CMS - 8 upvotes, $0 28 | 26. [Stored XSS in Express Objects - Concrete5 v8.1.0](https://hackerone.com/reports/221325) to Concrete CMS - 7 upvotes, $0 29 | 27. [Stored XSS in Name field in User Groups/Group Details form](https://hackerone.com/reports/247521) to Concrete CMS - 7 upvotes, $0 30 | 28. [Stored XSS vulnerability in additional URLs in 'Location' dialog [Sitemap]](https://hackerone.com/reports/251358) to Concrete CMS - 7 upvotes, $0 31 | 29. [Stored XSS on Add Event in Calendar](https://hackerone.com/reports/300532) to Concrete CMS - 7 upvotes, $0 32 | 30. [Stored XSS on Add Calendar](https://hackerone.com/reports/300571) to Concrete CMS - 7 upvotes, $0 33 | 31. [Stored XSS in the file search filter](https://hackerone.com/reports/873584) to Concrete CMS - 7 upvotes, $0 34 | 32. [Unauthenticated HTML Injection Stored - ContactUs form](https://hackerone.com/reports/768327) to Concrete CMS - 6 upvotes, $0 35 | 33. [Fetching the update json scheme from concrete5 over HTTP leads to remote code execution](https://hackerone.com/reports/982130) to Concrete CMS - 6 upvotes, $0 36 | 34. [Stored XSS on express entries](https://hackerone.com/reports/873474) to Concrete CMS - 5 upvotes, $0 37 | 35. [FULL PATH DISCLOSUR ](https://hackerone.com/reports/7736) to Concrete CMS - 4 upvotes, $0 38 | 36. [XSS in private message](https://hackerone.com/reports/4826) to Concrete CMS - 4 upvotes, $0 39 | 37. [XSS on [/concrete/concrete/elements/dashboard/sitemap.php]](https://hackerone.com/reports/6853) to Concrete CMS - 4 upvotes, $0 40 | 38. [Stored XSS in RSS Feeds Title (Concrete5 v8.1.0)](https://hackerone.com/reports/221380) to Concrete CMS - 4 upvotes, $0 41 | 39. [Stored XSS in Conversations (both client and admin) when Active Conversation Editor is set to "Rich Text"](https://hackerone.com/reports/616770) to Concrete CMS - 4 upvotes, $0 42 | 40. [XSS IN member List (Because of City Textbox)](https://hackerone.com/reports/4839) to Concrete CMS - 3 upvotes, $0 43 | 41. [Phar Deserialization Vulnerability via Logging Settings](https://hackerone.com/reports/1063039) to Concrete CMS - 3 upvotes, $0 44 | 42. [/index.php/dashboard/sitemap/explore/ Cross-site scripting](https://hackerone.com/reports/4808) to Concrete CMS - 2 upvotes, $0 45 | 43. [stored XSS in concrete5 5.7.2.1](https://hackerone.com/reports/38890) to Concrete CMS - 2 upvotes, $0 46 | 44. [SQL injection in conc/index.php/ccm/system/search/users/submit](https://hackerone.com/reports/38778) to Concrete CMS - 2 upvotes, $0 47 | 45. [Multiple Cross Site Request Forgery Vulnerabilities in Concrete5 version 5.7.3.1](https://hackerone.com/reports/59660) to Concrete CMS - 2 upvotes, $0 48 | 46. [Multiple Stored Cross Site Scripting Vulnerabilities in Concrete5 version 5.7.3.1](https://hackerone.com/reports/59662) to Concrete CMS - 2 upvotes, $0 49 | 47. [Content Spoofing possible in concrete5.org](https://hackerone.com/reports/168078) to Concrete CMS - 2 upvotes, $0 50 | 48. [Administrators can add other administrators](https://hackerone.com/reports/304642) to Concrete CMS - 2 upvotes, $0 51 | 49. [page_controls_menu_js can reveal collection version of page](https://hackerone.com/reports/4938) to Concrete CMS - 1 upvotes, $0 52 | 50. [https://concrete5.org ::: HeartBleed Attack (CVE-2014-0160)](https://hackerone.com/reports/6475) to Concrete CMS - 1 upvotes, $0 53 | 51. [dashboard/pages/types [Unknown column 'Array' in 'where clause'] disclosure.](https://hackerone.com/reports/4811) to Concrete CMS - 1 upvotes, $0 54 | 52. [CONCRETE5 - path disclosure.](https://hackerone.com/reports/4931) to Concrete CMS - 1 upvotes, $0 55 | 53. [broken authentication](https://hackerone.com/reports/23921) to Concrete CMS - 1 upvotes, $0 56 | 54. [Weak random number generator used in concrete/authentication/concrete/controller.php](https://hackerone.com/reports/31171) to Concrete CMS - 1 upvotes, $0 57 | 55. [Sendmail Remote Code Execution Vulnerability in Concrete5 version 5.7.3.1](https://hackerone.com/reports/59663) to Concrete CMS - 1 upvotes, $0 58 | 56. [No CSRF protection when creating new community points actions, and related stored XSS](https://hackerone.com/reports/65808) to Concrete CMS - 1 upvotes, $0 59 | 57. [Stored XSS in adding fileset](https://hackerone.com/reports/42248) to Concrete CMS - 1 upvotes, $0 60 | 58. [ProBlog 2.6.6 CSRF Exploit](https://hackerone.com/reports/133847) to Concrete CMS - 1 upvotes, $0 61 | 59. [Full Page Caching Stored XSS Vulnerability](https://hackerone.com/reports/148300) to Concrete CMS - 1 upvotes, $0 62 | 60. [Unsafe usage of Host HTTP header in Concrete5 version 5.7.3.1](https://hackerone.com/reports/59666) to Concrete CMS - 1 upvotes, $0 63 | 61. [Cross-Site Scripting in getMarketplacePurchaseFrame](https://hackerone.com/reports/6843) to Concrete CMS - 0 upvotes, $0 64 | 62. [XSS in Theme Preview Tools File](https://hackerone.com/reports/4777) to Concrete CMS - 0 upvotes, $0 65 | 63. [Stored XSS in concrete5 5.7.0.4.](https://hackerone.com/reports/30019) to Concrete CMS - 0 upvotes, $0 66 | 64. [Multiple Reflected Cross Site Scripting Vulnerabilities in Concrete5 version 5.7.3.1](https://hackerone.com/reports/59661) to Concrete CMS - 0 upvotes, $0 67 | 65. [SQL Injection Vulnerability in Concrete5 version 5.7.3.1](https://hackerone.com/reports/59664) to Concrete CMS - 0 upvotes, $0 68 | 66. [Stored XSS on Title of Page List in edit page list](https://hackerone.com/reports/50554) to Concrete CMS - 0 upvotes, $0 69 | 67. [Stored XSS on Search Title](https://hackerone.com/reports/50556) to Concrete CMS - 0 upvotes, $0 70 | 68. [Stored XSS in Contact Form](https://hackerone.com/reports/50564) to Concrete CMS - 0 upvotes, $0 71 | 69. [Stored XSS in Title of the topic List](https://hackerone.com/reports/50626) to Concrete CMS - 0 upvotes, $0 72 | 70. [Stored XSS in title of date navigation](https://hackerone.com/reports/50627) to Concrete CMS - 0 upvotes, $0 73 | 71. [Stored XSS in Feature tile ](https://hackerone.com/reports/50639) to Concrete CMS - 0 upvotes, $0 74 | 72. [Stored Xss in Feature Paragraph](https://hackerone.com/reports/50642) to Concrete CMS - 0 upvotes, $0 75 | 73. [Stored XSS in Testimonial name](https://hackerone.com/reports/50644) to Concrete CMS - 0 upvotes, $0 76 | 74. [Stored XSS in testimonial Company](https://hackerone.com/reports/50656) to Concrete CMS - 0 upvotes, $0 77 | 75. [Stored XSS in Testimonial Position](https://hackerone.com/reports/50645) to Concrete CMS - 0 upvotes, $0 78 | 76. [Stored XSS In Company URL](https://hackerone.com/reports/50662) to Concrete CMS - 0 upvotes, $0 79 | 77. [Stored XSS in Image Alt. Text](https://hackerone.com/reports/50782) to Concrete CMS - 0 upvotes, $0 80 | 78. [Stored XSS in Message to Display When No Pages Listed.](https://hackerone.com/reports/50780) to Concrete CMS - 0 upvotes, $0 81 | 79. [Stored XSS in Bio/Quote](https://hackerone.com/reports/50779) to Concrete CMS - 0 upvotes, $0 82 | 80. [Stored XSS on Blog's page Tile](https://hackerone.com/reports/50552) to Concrete CMS - 0 upvotes, $0 83 | 81. [Self Xss on File Replace](https://hackerone.com/reports/50481) to Concrete CMS - 0 upvotes, $0 84 | 82. [Multiple XSS Vulnerabilities in Concrete5 5.7.3.1](https://hackerone.com/reports/62294) to Concrete CMS - 0 upvotes, $0 85 | 83. [No csrf protection on index.php/ccm/system/user/add_group, index.php/ccm/system/user/remove_group](https://hackerone.com/reports/64184) to Concrete CMS - 0 upvotes, $0 86 | 84. [Host Header Injection allow HiJack Password Reset Link](https://hackerone.com/reports/301592) to Concrete CMS - 0 upvotes, $0 87 | -------------------------------------------------------------------------------- /tops_by_program/TOPOWNCLOUD.md: -------------------------------------------------------------------------------- 1 | Top reports from ownCloud program at HackerOne: 2 | 3 | 1. [Possible to steal any protected files on Android](https://hackerone.com/reports/377107) to ownCloud - 109 upvotes, $750 4 | 2. [Banner Grabbing - Apache Server Version Disclousure](https://hackerone.com/reports/269467) to ownCloud - 19 upvotes, $0 5 | 3. [Arbitrary Code Injection in ownCloud’s Windows Client](https://hackerone.com/reports/155657) to ownCloud - 16 upvotes, $100 6 | 4. [Remote Code Execution through Deserialization Attack in OwnBackup app.](https://hackerone.com/reports/562335) to ownCloud - 15 upvotes, $0 7 | 5. [Remote Code Execution through "Files_antivirus" plugin](https://hackerone.com/reports/903872) to ownCloud - 14 upvotes, $0 8 | 6. [Theft of protected files on Android](https://hackerone.com/reports/1454002) to ownCloud - 10 upvotes, $50 9 | 7. [Protocol Smuggling over LDAP password field](https://hackerone.com/reports/1054282) to ownCloud - 9 upvotes, $50 10 | 8. [Password Complexity Not Enforced On Password Change](https://hackerone.com/reports/276123) to ownCloud - 9 upvotes, $0 11 | 9. [SMB User Authentication Bypass and Persistence](https://hackerone.com/reports/148151) to ownCloud - 8 upvotes, $150 12 | 10. [RCE in ci.owncloud.com / ci.owncloud.org](https://hackerone.com/reports/98559) to ownCloud - 8 upvotes, $0 13 | 11. [User Information Disclosure via REST API](https://hackerone.com/reports/197786) to ownCloud - 7 upvotes, $0 14 | 12. [HTML Injection in Owncloud](https://hackerone.com/reports/215410) to ownCloud - 6 upvotes, $150 15 | 13. [Accessable Htaccess](https://hackerone.com/reports/171272) to ownCloud - 6 upvotes, $0 16 | 14. [[api.owncloud.org] CRLF Injection](https://hackerone.com/reports/154306) to ownCloud - 6 upvotes, $0 17 | 15. [Outdated Jenkins server hosted at OwnCloud.org](https://hackerone.com/reports/208566) to ownCloud - 6 upvotes, $0 18 | 16. [Open Redirector via (apps/files_pdfviewer) for un-authenticated users.](https://hackerone.com/reports/131082) to ownCloud - 5 upvotes, $150 19 | 17. [ownCloud 2.2.2.6192 DLL Hijacking Vulnerability](https://hackerone.com/reports/151475) to ownCloud - 5 upvotes, $50 20 | 18. [apps.owncloud.com: Malicious file upload leads to remote code execution](https://hackerone.com/reports/84374) to ownCloud - 5 upvotes, $0 21 | 19. [HTML injection in Desktop Client](https://hackerone.com/reports/206877) to ownCloud - 5 upvotes, $0 22 | 20. [Exploiting unauthenticated encryption mode](https://hackerone.com/reports/108082) to ownCloud - 4 upvotes, $350 23 | 21. [[doc.owncloud.org] CRLF Injection](https://hackerone.com/reports/154275) to ownCloud - 4 upvotes, $0 24 | 22. [Stored xss](https://hackerone.com/reports/187380) to ownCloud - 4 upvotes, $0 25 | 23. [apps.owncloud.com: XSS via referrer](https://hackerone.com/reports/83374) to ownCloud - 3 upvotes, $0 26 | 24. [owncloud.com: Parameter pollution in social sharing buttons](https://hackerone.com/reports/106024) to ownCloud - 3 upvotes, $0 27 | 25. [Reflected XSS in owncloud.com](https://hackerone.com/reports/127259) to ownCloud - 3 upvotes, $0 28 | 26. [Cross site scripting in apps.owncloud.com](https://hackerone.com/reports/129551) to ownCloud - 3 upvotes, $0 29 | 27. [doc.owncloud.org: XSS via Referrer](https://hackerone.com/reports/130951) to ownCloud - 3 upvotes, $0 30 | 28. [bug reporting template encourages users to paste config file with passwords](https://hackerone.com/reports/196969) to ownCloud - 3 upvotes, $0 31 | 29. [doc.owncloud.com: CVE-2015-5477 BIND9 TKEY Vulnerability + Exploit (Denial of Service)](https://hackerone.com/reports/217381) to ownCloud - 3 upvotes, $0 32 | 30. [Password appears in user name field](https://hackerone.com/reports/85559) to ownCloud - 2 upvotes, $0 33 | 31. [apps.owncloud.com: SSL Server Allows Anonymous Authentication Vulnerability (SMTP)](https://hackerone.com/reports/83803) to ownCloud - 2 upvotes, $0 34 | 32. [Webview Vulnerablity [OwnCloudAndroid Application] ](https://hackerone.com/reports/87835) to ownCloud - 2 upvotes, $0 35 | 33. [owncloud.com: Content Sniffing not disabled](https://hackerone.com/reports/83251) to ownCloud - 2 upvotes, $0 36 | 34. [XXE at host vpn.owncloud.com](https://hackerone.com/reports/105980) to ownCloud - 2 upvotes, $0 37 | 35. [Lack of HSTS on https://apps.owncloud.com](https://hackerone.com/reports/84453) to ownCloud - 2 upvotes, $0 38 | 36. [CSRF in apps.owncloud.com](https://hackerone.com/reports/84395) to ownCloud - 2 upvotes, $0 39 | 37. [[forum.owncloud.org] IE, Edge XSS via Request-URI](https://hackerone.com/reports/154319) to ownCloud - 2 upvotes, $0 40 | 38. [password reset email spamming](https://hackerone.com/reports/224095) to ownCloud - 2 upvotes, $0 41 | 39. [owncloud.com open redirect](https://hackerone.com/reports/258632) to ownCloud - 2 upvotes, $0 42 | 40. [Information Exposure Through Directory Listing](https://hackerone.com/reports/110655) to ownCloud - 1 upvotes, $250 43 | 41. [Full Path Disclosure ](https://hackerone.com/reports/85201) to ownCloud - 1 upvotes, $25 44 | 42. [apps.owncloud.com: Edit Question didn't check ACLs](https://hackerone.com/reports/85532) to ownCloud - 1 upvotes, $0 45 | 43. [gallery_plus: Content Spoofing ](https://hackerone.com/reports/87752) to ownCloud - 1 upvotes, $0 46 | 44. [apps.owncloud.com: Path Disclosure](https://hackerone.com/reports/83801) to ownCloud - 1 upvotes, $0 47 | 45. [[s3.owncloud.com] Web Server HTTP Trace/Track Method Support ](https://hackerone.com/reports/90601) to ownCloud - 1 upvotes, $0 48 | 46. [demo.owncloud.org: HTTP compression is enabled potentially leading to BREACH attack](https://hackerone.com/reports/84105) to ownCloud - 1 upvotes, $0 49 | 47. [Config](https://hackerone.com/reports/84797) to ownCloud - 1 upvotes, $0 50 | 48. [apps.owncloud.com: Stored XSS in profile page](https://hackerone.com/reports/84371) to ownCloud - 1 upvotes, $0 51 | 49. [owncloud.com: Outdated plugins contains public exploits ](https://hackerone.com/reports/84581) to ownCloud - 1 upvotes, $0 52 | 50. [apps.owncloud.com: Session Cookie in URL can be captured by hackers](https://hackerone.com/reports/83667) to ownCloud - 1 upvotes, $0 53 | 51. [apps.owncloud.com: Potential XSS](https://hackerone.com/reports/85577) to ownCloud - 1 upvotes, $0 54 | 52. [Apache Range Header Denial of Service Attack (Confirmed PoC)](https://hackerone.com/reports/88904) to ownCloud - 1 upvotes, $0 55 | 53. [Self-XSS in mails sent by hello@owncloud.com](https://hackerone.com/reports/92111) to ownCloud - 1 upvotes, $0 56 | 54. [owncloud.com: Persistent XSS In Account Profile](https://hackerone.com/reports/116254) to ownCloud - 1 upvotes, $0 57 | 55. [owncloud.com: Account Compromise Through CSRF](https://hackerone.com/reports/84372) to ownCloud - 1 upvotes, $0 58 | 56. [doc.owncloud.org has missing PHP handler](https://hackerone.com/reports/121382) to ownCloud - 1 upvotes, $0 59 | 57. [doc.owncloud.org: X-XSS-Protection not enabled](https://hackerone.com/reports/128493) to ownCloud - 1 upvotes, $0 60 | 58. [doc.owncloud.com: PHP info page disclosure ](https://hackerone.com/reports/134216) to ownCloud - 1 upvotes, $0 61 | 59. [This is not the security issue.](https://hackerone.com/reports/257106) to ownCloud - 1 upvotes, $0 62 | 60. [Full Path Disclosure ](https://hackerone.com/reports/87505) to ownCloud - 0 upvotes, $25 63 | 61. [daily.owncloud.com: Information disclosure](https://hackerone.com/reports/84085) to ownCloud - 0 upvotes, $0 64 | 62. [owncloud.com: Allowed an attacker to force a user to change profile details. (XCSRF)](https://hackerone.com/reports/83239) to ownCloud - 0 upvotes, $0 65 | 63. [demo.owncloud.org: Web Server HTTP Trace/Track Method Support Cross-Site Tracing Vulnerability](https://hackerone.com/reports/83837) to ownCloud - 0 upvotes, $0 66 | 64. [apps.owncloud.com: SSL Session cookie without secure flag set](https://hackerone.com/reports/83710) to ownCloud - 0 upvotes, $0 67 | 65. [owncloud.com: CVE-2015-5477 BIND9 TKEY Vulnerability + Exploit (Denial of Service)](https://hackerone.com/reports/89097) to ownCloud - 0 upvotes, $0 68 | 66. [No email verification during registration](https://hackerone.com/reports/90643) to ownCloud - 0 upvotes, $0 69 | 67. [apps.owncloud.com: Mixed Active Scripting Issue ](https://hackerone.com/reports/85541) to ownCloud - 0 upvotes, $0 70 | 68. [owncloud.com: PermError SPF Permanent Error: Too many DNS lookups](https://hackerone.com/reports/83578) to ownCloud - 0 upvotes, $0 71 | 69. [owncloud.com: DOM Based XSS](https://hackerone.com/reports/83178) to ownCloud - 0 upvotes, $0 72 | 70. [owncloud.com: Cross Site Tracing](https://hackerone.com/reports/83373) to ownCloud - 0 upvotes, $0 73 | 71. [owncloud.com: WP Super Cache plugin is outdated](https://hackerone.com/reports/90980) to ownCloud - 0 upvotes, $0 74 | 72. [directory listing in https://demo.owncloud.org/doc/](https://hackerone.com/reports/105149) to ownCloud - 0 upvotes, $0 75 | 73. [apps.owncloud.com: Referer protection Bypassed](https://hackerone.com/reports/92644) to ownCloud - 0 upvotes, $0 76 | 74. [[https://test1.owncloud.com/owncloud6/] Guessable password used for admin user](https://hackerone.com/reports/107849) to ownCloud - 0 upvotes, $0 77 | 75. [Apache documentation](https://hackerone.com/reports/90321) to ownCloud - 0 upvotes, $0 78 | 76. [owncloud.help: Text Injection](https://hackerone.com/reports/112304) to ownCloud - 0 upvotes, $0 79 | 77. [s2.owncloud.com: SSL Session cookie without secure flag set](https://hackerone.com/reports/83856) to ownCloud - 0 upvotes, $0 80 | 78. [test1.owncloud.com: Web Server HTTP Trace/Track Method Support Cross-Site Tracing Vulnerability](https://hackerone.com/reports/83971) to ownCloud - 0 upvotes, $0 81 | 79. [*.owncloud.com / *.owncloud.org: Using not strong enough SSL ciphers](https://hackerone.com/reports/84078) to ownCloud - 0 upvotes, $0 82 | 80. [s2.owncloud.com: Web Server HTTP Trace/Track Method Support Cross-Site Tracing Vulnerability](https://hackerone.com/reports/83855) to ownCloud - 0 upvotes, $0 83 | 81. [Mixed Active Scripting Issue on stats.owncloud.org](https://hackerone.com/reports/108692) to ownCloud - 0 upvotes, $0 84 | 82. [otrs.owncloud.com: Reflected Cross-Site Scripting](https://hackerone.com/reports/108288) to ownCloud - 0 upvotes, $0 85 | 83. [The csrf token remains same after user logs in](https://hackerone.com/reports/111262) to ownCloud - 0 upvotes, $0 86 | 84. [No Any Kind of Protection on Delete account](https://hackerone.com/reports/113211) to ownCloud - 0 upvotes, $0 87 | 85. [DROWN Attack](https://hackerone.com/reports/119808) to ownCloud - 0 upvotes, $0 88 | 86. [apps.owncloud.com: Multiple reflected XSS by insecure URL generation (IE only)](https://hackerone.com/reports/83381) to ownCloud - 0 upvotes, $0 89 | 87. [apps.owncloud.com: CSRF change privacy settings](https://hackerone.com/reports/85565) to ownCloud - 0 upvotes, $0 90 | 88. [File System Monitoring Queue Overflow](https://hackerone.com/reports/881891) to ownCloud - 0 upvotes, $0 91 | -------------------------------------------------------------------------------- /tops_by_program/TOPTHEINTERNET.md: -------------------------------------------------------------------------------- 1 | Top reports from The Internet program at HackerOne: 2 | 3 | 1. [Key Reinstallation Attacks: Breaking WPA2 by forcing nonce reuse](https://hackerone.com/reports/286740) to The Internet - 190 upvotes, $25000 4 | 2. [Ubuntu Linux privilege escalation (dirty_sock)](https://hackerone.com/reports/496285) to The Internet - 101 upvotes, $1000 5 | 3. [RCE via ssh:// URIs in multiple VCS ](https://hackerone.com/reports/260005) to The Internet - 38 upvotes, $3000 6 | 4. [Race Conditions in OAuth 2 API implementations](https://hackerone.com/reports/55140) to The Internet - 35 upvotes, $2500 7 | 5. [ACME TLS-SNI-01/02 challenge vulnerable when combined with shared hosting providers](https://hackerone.com/reports/304378) to The Internet - 34 upvotes, $0 8 | 6. [ZeroMQ libzmq remote code execution](https://hackerone.com/reports/477073) to The Internet - 29 upvotes, $1000 9 | 7. [Mailsploit: a sender spoofing bug in over 30 email clients](https://hackerone.com/reports/295339) to The Internet - 27 upvotes, $0 10 | 8. [4 severe remote + several minor OpenVPN vulnerabilities](https://hackerone.com/reports/242579) to The Internet - 27 upvotes, $0 11 | 9. [DOMPurify bypass](https://hackerone.com/reports/1024734) to The Internet - 23 upvotes, $0 12 | 10. [Insufficient shell characters filtering leads to (potentially remote) code execution (CVE-2016-3714)](https://hackerone.com/reports/143966) to The Internet - 21 upvotes, $7500 13 | 11. [TLS Virtual Host Confusion](https://hackerone.com/reports/501) to The Internet - 19 upvotes, $7500 14 | 12. [Multiple HTTP Smuggling reports](https://hackerone.com/reports/648434) to The Internet - 16 upvotes, $0 15 | 13. [GNU Bourne-Again Shell (Bash) 'Shellshock' Vulnerability](https://hackerone.com/reports/29839) to The Internet - 15 upvotes, $20000 16 | 14. [CVE-2019-5736: Escape from Docker and Kubernetes containers to root on host](https://hackerone.com/reports/495495) to The Internet - 14 upvotes, $1000 17 | 15. [TLS Triple Handshake Attack](https://hackerone.com/reports/7277) to The Internet - 12 upvotes, $7500 18 | 16. [Exim off-by-one RCE vulnerability](https://hackerone.com/reports/322935) to The Internet - 11 upvotes, $1500 19 | 17. [Cross-site information assertion leak via Content Security Policy](https://hackerone.com/reports/16910) to The Internet - 11 upvotes, $0 20 | 18. [Drupal 7 pre auth sql injection and remote code execution](https://hackerone.com/reports/31756) to The Internet - 10 upvotes, $3000 21 | 19. [Critical vulnerability in JSON Web Encryption (JWE) - RFC 7516 Invalid Curve attack](https://hackerone.com/reports/213437) to The Internet - 10 upvotes, $1000 22 | 20. [Linux kernel: CVE-2017-7308: a signedness issue in AF_PACKET sockets](https://hackerone.com/reports/684567) to The Internet - 10 upvotes, $0 23 | 21. [rpcbind "rpcbomb" CVE-2017-8779, CVE-2017-8804](https://hackerone.com/reports/235016) to The Internet - 10 upvotes, $0 24 | 22. [Mercurial git subrepo lead to arbritary command injection](https://hackerone.com/reports/294147) to The Internet - 9 upvotes, $1500 25 | 23. [Linux kernel: CVE-2017-1000112: a memory corruption due to UFO to non-UFO path switch](https://hackerone.com/reports/684573) to The Internet - 9 upvotes, $0 26 | 24. [Linux kernel: CVE-2017-6074: DCCP double-free vulnerability](https://hackerone.com/reports/347282) to The Internet - 8 upvotes, $1000 27 | 25. [Industry-Wide MITM Vulnerability Impacting the JVM Ecosystem](https://hackerone.com/reports/608620) to The Internet - 8 upvotes, $0 28 | 26. [OpenSSH: Memory corruption in AES-GCM support](https://hackerone.com/reports/500) to The Internet - 7 upvotes, $1500 29 | 27. [ntpd: read_mru_list() does inadequate incoming packet checks](https://hackerone.com/reports/147310) to The Internet - 7 upvotes, $500 30 | 28. [[bower] Arbitrary File Write through improper validation of symlinks while package extraction](https://hackerone.com/reports/492512) to The Internet - 7 upvotes, $500 31 | 29. [libtiff 4.0.6 heap bufer overflow / out of bounds read (CVE-2016-9273)](https://hackerone.com/reports/181642) to The Internet - 6 upvotes, $500 32 | 30. [RCE on default Ubuntu Desktop \>= 12.10 Quantal](https://hackerone.com/reports/192512) to The Internet - 6 upvotes, $0 33 | 31. [Dragonblood: Design and Implementation Flaws in WPA3 and EAP-pwd](https://hackerone.com/reports/745276) to The Internet - 5 upvotes, $750 34 | 32. [libtiff 4.0.6 segfault / read outside of buffer (CVE-2016-9297)](https://hackerone.com/reports/182140) to The Internet - 5 upvotes, $500 35 | 33. [Unsecure: Bypass alerts of Little Flocker / Little Snitch / HandsOff! / BlockBlock (same concept can be applied to other security tools)](https://hackerone.com/reports/265232) to The Internet - 5 upvotes, $0 36 | 34. [CVE-2017-10966: Heap-use-after-free in Irssi \<1.0.4](https://hackerone.com/reports/247028) to The Internet - 5 upvotes, $0 37 | 35. [Exim use-after-free vulnerability while reading mail header involving BDAT commands](https://hackerone.com/reports/296991) to The Internet - 5 upvotes, $0 38 | 36. [Malicious Server can force read any file on clients system with default configuration in MySQL Clients](https://hackerone.com/reports/171593) to The Internet - 5 upvotes, $0 39 | 37. [Bypassing Same Origin Policy With JSONP APIs and Flash](https://hackerone.com/reports/10373) to The Internet - 4 upvotes, $3000 40 | 38. [OpenSSH / dropbearSSHd xauth command injection](https://hackerone.com/reports/122113) to The Internet - 4 upvotes, $1500 41 | 39. [Denial of service in libxml2, using malicious lzma file to consume available system memory](https://hackerone.com/reports/270059) to The Internet - 4 upvotes, $0 42 | 40. [CVE-2017-11367: Global buffer overflow (READ of size 4) in shoco C library ](https://hackerone.com/reports/250581) to The Internet - 4 upvotes, $0 43 | 41. [Two vulnerability in GNU binutils](https://hackerone.com/reports/323017) to The Internet - 4 upvotes, $0 44 | 42. [FREAK: Factoring RSA_EXPORT Keys to Impersonate TLS Servers](https://hackerone.com/reports/50170) to The Internet - 3 upvotes, $7500 45 | 43. [open redirect in rfc6749](https://hackerone.com/reports/26962) to The Internet - 3 upvotes, $3000 46 | 44. [Mercurial can be tricked into granting authorized users access to the Python debugger](https://hackerone.com/reports/222020) to The Internet - 3 upvotes, $500 47 | 45. [Silent omission of certificate hostname verification in LibreSSL and BoringSSL](https://hackerone.com/reports/329645) to The Internet - 3 upvotes, $0 48 | 46. [pngcrush double-free/segfault could result in DoS (CVE-2015-7700)](https://hackerone.com/reports/93546) to The Internet - 3 upvotes, $0 49 | 47. [CVE-2017-5969: libxml2 when used in recover mode, allows remote attackers to cause a denial of service (NULL pointer dereference)](https://hackerone.com/reports/262665) to The Internet - 3 upvotes, $0 50 | 48. [CVE-2017-10965: Null pointer dereference in Irssi \<1.0.4 ](https://hackerone.com/reports/247027) to The Internet - 3 upvotes, $0 51 | 49. [GarlicRust - heartbleed style vulnerability in major I2P C++ router implementations](https://hackerone.com/reports/295740) to The Internet - 3 upvotes, $0 52 | 50. [Exim handles BDAT data incorrectly and leads to crash/hang](https://hackerone.com/reports/296994) to The Internet - 3 upvotes, $0 53 | 51. [Widespread failure of certificate validation in Android apps](https://hackerone.com/reports/2293) to The Internet - 3 upvotes, $0 54 | 52. [Incorrect logic in MySQL & MariaDB protocol leads to remote SSRF/Remote file read](https://hackerone.com/reports/156511) to The Internet - 3 upvotes, $0 55 | 53. [Uncontrolled Resource Consumption with XMPP-Layer Compression](https://hackerone.com/reports/5928) to The Internet - 2 upvotes, $500 56 | 54. [pngcrush_measure_idat() off-by-one error (CVE-2015-2158)](https://hackerone.com/reports/73429) to The Internet - 2 upvotes, $0 57 | 55. [Multiple issues in Libxml2 (2.9.2 - 2.9.5)](https://hackerone.com/reports/293126) to The Internet - 2 upvotes, $0 58 | 56. [external entity expansion in Apache POI ](https://hackerone.com/reports/25537) to The Internet - 2 upvotes, $0 59 | 57. [CVE-2017-8798 - miniupnp getHTTPResponse chunked encoding integer signedness error](https://hackerone.com/reports/227344) to The Internet - 2 upvotes, $0 60 | 58. [CVE-2016-4796 OpenJPEG color_cmyk_to_rgb Out-of-Bounds Read Vulnerability](https://hackerone.com/reports/167955) to The Internet - 2 upvotes, $0 61 | 59. [CVE-2016-7163 OpenJPEG opj_pi_create_decode Integer Overflow Vulnerability](https://hackerone.com/reports/167512) to The Internet - 2 upvotes, $0 62 | 60. [putty pscp client-side post-auth stack buffer overwrite when processing remote file size ](https://hackerone.com/reports/120903) to The Internet - 2 upvotes, $0 63 | 61. [Heap overflow in H. Spencer’s regex library on 32 bit systems ](https://hackerone.com/reports/47779) to The Internet - 1 upvotes, $3000 64 | 62. [CVE-2017-13090 wget heap smash](https://hackerone.com/reports/287667) to The Internet - 1 upvotes, $0 65 | 63. [CVE-2017-13089 wget stack smash](https://hackerone.com/reports/287666) to The Internet - 1 upvotes, $0 66 | 64. [Ericsson Erlang OTP Core Allocation Subsystem Integer Overflow (All Versions)](https://hackerone.com/reports/28640) to The Internet - 1 upvotes, $0 67 | 65. [Roundcube virtualmin privilege escalation (CVE-2017-8114)](https://hackerone.com/reports/242119) to The Internet - 1 upvotes, $0 68 | 66. [The “Malstaller” Attack, global hijacking of any installation process to achieve RCE with elevated privileges, Windows OS (vendor agnostic) ](https://hackerone.com/reports/165969) to The Internet - 1 upvotes, $0 69 | 67. [CVE-2016-3182 OpenJPEG color_esycc_to_rgb Out-of-Bounds Read Vulnerability](https://hackerone.com/reports/167953) to The Internet - 1 upvotes, $0 70 | 68. [CVE-2016-3183 OpenJPEG sycc422_to_rgb Out-of-Bounds Read Vulnerability](https://hackerone.com/reports/167947) to The Internet - 1 upvotes, $0 71 | 69. [LZ4 Core](https://hackerone.com/reports/17688) to The Internet - 0 upvotes, $6000 72 | 70. [Multiple issues in looking-glass software (aka from web to BGP injections)](https://hackerone.com/reports/16330) to The Internet - 0 upvotes, $5000 73 | 71. [Bad Write in TTF font parsing (win32k.sys)](https://hackerone.com/reports/48100) to The Internet - 0 upvotes, $5000 74 | 72. [rsync hash collisions may allow an attacker to corrupt or modify files](https://hackerone.com/reports/20873) to The Internet - 0 upvotes, $3000 75 | 73. [libcurl: URL request injection](https://hackerone.com/reports/73242) to The Internet - 0 upvotes, $3000 76 | 74. [libcurl duphandle read out of bounds](https://hackerone.com/reports/104014) to The Internet - 0 upvotes, $1000 77 | 75. [CVE-2016-1924 OpenJPEG opj_tgt_reset Out-of-Bounds Read Vulnerability](https://hackerone.com/reports/167957) to The Internet - 0 upvotes, $0 78 | 76. [CVE-2016-5157 OpenJPEG opj_dwt_interleave_v Out-of-Bounds Write Vulnerability](https://hackerone.com/reports/167510) to The Internet - 0 upvotes, $0 79 | -------------------------------------------------------------------------------- /tops_by_program/TOPQIWI.md: -------------------------------------------------------------------------------- 1 | Top reports from QIWI program at HackerOne: 2 | 3 | 1. [SQL injection on contactws.contact-sys.com in TScenObject action ScenObjects leads to remote code execution](https://hackerone.com/reports/816254) to QIWI - 461 upvotes, $5500 4 | 2. [Unauthenticated SSRF in jira.tochka.com leading to RCE in confluence.bank24.int](https://hackerone.com/reports/713900) to QIWI - 215 upvotes, $1000 5 | 3. [Remote Code Execution on contactws.contact-sys.com via SQL injection in TCertObject operation "Delete"](https://hackerone.com/reports/816086) to QIWI - 192 upvotes, $1000 6 | 4. [MobileIron Unauthenticated RCE on mdm.qiwi.com with WAF bypass](https://hackerone.com/reports/983548) to QIWI - 146 upvotes, $3500 7 | 5. [SQL injection on contactws.contact-sys.com in TRateObject.AddForOffice in USER_ID parameter leads to remote code execution](https://hackerone.com/reports/816560) to QIWI - 115 upvotes, $1000 8 | 6. [account takeover https://qiwi.me ](https://hackerone.com/reports/685304) to QIWI - 106 upvotes, $750 9 | 7. [account takeover https://idea.qiwi.com/ ](https://hackerone.com/reports/464426) to QIWI - 87 upvotes, $300 10 | 8. [Remote Code Execution on contactws.contact-sys.com via SQL injection in TAktifBankObject.GetOrder in parameter DOC_ID](https://hackerone.com/reports/1104120) to QIWI - 83 upvotes, $2500 11 | 9. [SSRF на https://qiwi.com с помощью "Prerender HAR Capturer"](https://hackerone.com/reports/1153862) to QIWI - 76 upvotes, $1500 12 | 10. [DOM XSS triggered in secure support desk](https://hackerone.com/reports/512065) to QIWI - 65 upvotes, $500 13 | 11. [Обход комиссии на переводы](https://hackerone.com/reports/604560) to QIWI - 56 upvotes, $1050 14 | 12. [account takeover through password reset in url https://reklama.tochka.com/](https://hackerone.com/reports/1379842) to QIWI - 55 upvotes, $500 15 | 13. [XXE on ██████████ by bypassing WAF ████](https://hackerone.com/reports/433996) to QIWI - 51 upvotes, $5000 16 | 14. [Remote Code Execution on contactws.contact-sys.com via SQL injection in TPrabhuObject.BeginOrder in parameter DOC_ID](https://hackerone.com/reports/1104111) to QIWI - 51 upvotes, $2500 17 | 15. [[contact-sys.com] SQL Injection████ limit param](https://hackerone.com/reports/164945) to QIWI - 50 upvotes, $250 18 | 16. [apache access.log leakage via long request on https://rapida.ru/](https://hackerone.com/reports/280912) to QIWI - 41 upvotes, $100 19 | 17. [account takeover https://teamplay.qiwi.com](https://hackerone.com/reports/439207) to QIWI - 40 upvotes, $500 20 | 18. [XML External Entity (XXE) in qiwi.com + waf bypass](https://hackerone.com/reports/99279) to QIWI - 39 upvotes, $3137 21 | 19. [PIN OK attack](https://hackerone.com/reports/890747) to QIWI - 39 upvotes, $2000 22 | 20. [[qiwi.me] Stored XSS](https://hackerone.com/reports/736236) to QIWI - 37 upvotes, $500 23 | 21. [account impersonate through broken link](https://hackerone.com/reports/1205604) to QIWI - 37 upvotes, $100 24 | 22. [[p2p.qiwi.com] nginx alias traversal](https://hackerone.com/reports/455858) to QIWI - 34 upvotes, $150 25 | 23. [Обход комиссии при оплате картой](https://hackerone.com/reports/654851) to QIWI - 32 upvotes, $1000 26 | 24. [[lk.contact-sys.com] SQL Injection reset_password FP_LK_USER_LOGIN](https://hackerone.com/reports/164684) to QIWI - 32 upvotes, $300 27 | 25. [XSS https://agent.postamat.tech/ в профиле + дисклоз секретной информации](https://hackerone.com/reports/365093) to QIWI - 31 upvotes, $200 28 | 26. [mysql.initial.sql file is accessable for everyone](https://hackerone.com/reports/1081817) to QIWI - 30 upvotes, $100 29 | 27. [gifts.flocktory.com/phpmyadmin is vulnerable csrf](https://hackerone.com/reports/1113212) to QIWI - 30 upvotes, $100 30 | 28. [Account takeover just through csrf in https://booking.qiwi.kz/profile](https://hackerone.com/reports/1066189) to QIWI - 29 upvotes, $100 31 | 29. [[qiwi.com] XSS on payment form](https://hackerone.com/reports/263684) to QIWI - 28 upvotes, $550 32 | 30. [HTTP Request Smuggling on api.flocktory.com Leads to XSS on Customer Sites](https://hackerone.com/reports/955170) to QIWI - 27 upvotes, $300 33 | 31. [[QIWI Wallet] Access to protected app components ](https://hackerone.com/reports/482998) to QIWI - 26 upvotes, $500 34 | 32. [Account Takeover through registration to the same email address](https://hackerone.com/reports/1224008) to QIWI - 26 upvotes, $100 35 | 33. [CVE-2020-3187 - unauthenticated arbitrary file deletion in Cisco](https://hackerone.com/reports/944665) to QIWI - 24 upvotes, $500 36 | 34. [Обход комиссии на переводы](https://hackerone.com/reports/691766) to QIWI - 21 upvotes, $1000 37 | 35. [[lk.contact-sys.com] LKlang Path Traversal](https://hackerone.com/reports/164933) to QIWI - 21 upvotes, $150 38 | 36. [[contact-sys.com] XSS /ajax/transfer/status trn param](https://hackerone.com/reports/164704) to QIWI - 21 upvotes, $100 39 | 37. [[*.rocketbank.ru] Web Cache Deception & XSS](https://hackerone.com/reports/415168) to QIWI - 19 upvotes, $200 40 | 38. [[id.rapida.ru] Full Path Disclosure](https://hackerone.com/reports/165219) to QIWI - 19 upvotes, $50 41 | 39. [IDOR редактирование любого вишлиста](https://hackerone.com/reports/736065) to QIWI - 18 upvotes, $500 42 | 40. [crlf injection на https://bug.qiwi.com](https://hackerone.com/reports/1081367) to QIWI - 18 upvotes, $100 43 | 41. [[send.qiwi.ru] Soap-based XXE vulnerability /soapserver/ ](https://hackerone.com/reports/36450) to QIWI - 17 upvotes, $1000 44 | 42. [[qiwi.com] Oauth захват аккаунта](https://hackerone.com/reports/159507) to QIWI - 17 upvotes, $950 45 | 43. [Возможность регистрации на сайте qiwi.com на любой номер телефона](https://hackerone.com/reports/420163) to QIWI - 17 upvotes, $200 46 | 44. [Небезопасная схема выдачи номера карты QVC (возможно, также QVV и QVP)](https://hackerone.com/reports/87586) to QIWI - 17 upvotes, $200 47 | 45. [Information disclosure on https://paycard.rapida.ru](https://hackerone.com/reports/299552) to QIWI - 17 upvotes, $100 48 | 46. [[wallet.rapida.ru] XSS Cookie flashcookie](https://hackerone.com/reports/164662) to QIWI - 17 upvotes, $100 49 | 47. [[ibank.qiwi.ru] XSS via Request-URI](https://hackerone.com/reports/164152) to QIWI - 15 upvotes, $150 50 | 48. [https://fundl.qiwi.com CSRF на подтверждении sms ](https://hackerone.com/reports/301718) to QIWI - 15 upvotes, $100 51 | 49. [[sms.qiwi.ru] XSS via Request-URI](https://hackerone.com/reports/38345) to QIWI - 15 upvotes, $100 52 | 50. [Слив какого-то access токена](https://hackerone.com/reports/735971) to QIWI - 14 upvotes, $200 53 | 51. [[contact-sys.com] XSS via Request-URI](https://hackerone.com/reports/164656) to QIWI - 14 upvotes, $100 54 | 52. [broken authentication (password reset link not expire after use in https://network.tochka.com/sign-up)](https://hackerone.com/reports/1401891) to QIWI - 14 upvotes, $100 55 | 53. [Каким-то образом получил чужой платеж к себе на копилку https://qiwi.me/undefined](https://hackerone.com/reports/487296) to QIWI - 14 upvotes, $50 56 | 54. [Imformation Disclosure on id.rapida.ru](https://hackerone.com/reports/318571) to QIWI - 13 upvotes, $100 57 | 55. [[qiwi.com] Information Disclosure](https://hackerone.com/reports/164168) to QIWI - 12 upvotes, $150 58 | 56. [[XSS/pay.qiwi.com] Pay SubDomain Hard-Use XSS](https://hackerone.com/reports/198251) to QIWI - 12 upvotes, $150 59 | 57. [Nickname disclosure through web-chat](https://hackerone.com/reports/569350) to QIWI - 12 upvotes, $150 60 | 58. [[vitrina.contact-sys.com] Full Path Disclosure](https://hackerone.com/reports/178284) to QIWI - 12 upvotes, $100 61 | 59. [[qiwi.me] No limits on image download requests](https://hackerone.com/reports/227806) to QIWI - 12 upvotes, $100 62 | 60. [Subdomain Takeover on 1c-start.tochka.com pointing to unbouncepages](https://hackerone.com/reports/1266659) to QIWI - 12 upvotes, $50 63 | 61. [hard-use account takeover qiwi.com](https://hackerone.com/reports/691698) to QIWI - 11 upvotes, $300 64 | 62. [[qiwi.com] .bash_history](https://hackerone.com/reports/190195) to QIWI - 11 upvotes, $100 65 | 63. [Раскрытие чувствительной информации composer.lock docker-compose.yml ](https://hackerone.com/reports/714186) to QIWI - 9 upvotes, $100 66 | 64. [Раскрытие баланса на //kopilka.qiwi.com](https://hackerone.com/reports/178049) to QIWI - 8 upvotes, $300 67 | 65. [[XSS/3dsecure.qiwi.com] 3DSecure XSS](https://hackerone.com/reports/198249) to QIWI - 8 upvotes, $250 68 | 66. [[rubm.qiwi.com] Yui charts.swf XSS](https://hackerone.com/reports/104488) to QIWI - 8 upvotes, $200 69 | 67. [Xss on billing](https://hackerone.com/reports/151034) to QIWI - 8 upvotes, $200 70 | 68. [какой-то исходный код в корне сайта](https://hackerone.com/reports/714024) to QIWI - 8 upvotes, $50 71 | 69. [disclosing clients' secret keys https://stage-uapi.tochka.com:2000/](https://hackerone.com/reports/1419205) to QIWI - 7 upvotes, $150 72 | 70. [Open Redirect in meeting.qiwi.com](https://hackerone.com/reports/100200) to QIWI - 7 upvotes, $100 73 | 71. [[ibank.qiwi.ru] UI Redressing via Request-URI](https://hackerone.com/reports/164153) to QIWI - 6 upvotes, $150 74 | 72. [Stored xss in agent.qiwi.com](https://hackerone.com/reports/38012) to QIWI - 6 upvotes, $100 75 | 73. [Content Spoofing in mango.qiwi.com](https://hackerone.com/reports/118066) to QIWI - 5 upvotes, $150 76 | 74. [[z.tochka.com] Unlimited file uploads lead to malware executed](https://hackerone.com/reports/950853) to QIWI - 5 upvotes, $0 77 | 75. [Открытый доступ к корпоративным данным.](https://hackerone.com/reports/79393) to QIWI - 4 upvotes, $500 78 | 76. [[qiwi.com] Open Redirect](https://hackerone.com/reports/38157) to QIWI - 4 upvotes, $150 79 | 77. [Keychain data persistence may lead to account takeover](https://hackerone.com/reports/761975) to QIWI - 4 upvotes, $100 80 | 78. [https://teamplay.qiwi.com/ накрутка баллов =\> финансовые убытки для компании](https://hackerone.com/reports/441204) to QIWI - 3 upvotes, $500 81 | 79. [[wallet.rapida.ru] Mass SMS flood](https://hackerone.com/reports/209368) to QIWI - 3 upvotes, $200 82 | 80. [Session Cookie without HttpOnly and secure flag set](https://hackerone.com/reports/75357) to QIWI - 3 upvotes, $100 83 | 81. [[ishop.qiwi.com] XSS + Misconfiguration](https://hackerone.com/reports/47536) to QIWI - 2 upvotes, $200 84 | 82. [CRLF Injection [ishop.qiwi.com]](https://hackerone.com/reports/36105) to QIWI - 1 upvotes, $250 85 | 83. [[static.qiwi.com] XSS proxy.html](https://hackerone.com/reports/35363) to QIWI - 1 upvotes, $200 86 | 84. [[qiwi.com] /oauth/confirm.action XSS](https://hackerone.com/reports/36319) to QIWI - 1 upvotes, $100 87 | 85. [Code for registration of qiwi account is not coming even after a long interval of time for Indian mobile number](https://hackerone.com/reports/35532) to QIWI - 1 upvotes, $0 88 | 86. [Metadata in hosted files is disclosing Usernames, Printers, paths, admin guides. emails](https://hackerone.com/reports/36586) to QIWI - 1 upvotes, $0 89 | 87. [SSL Certificate on qiwi.com will expire soon.](https://hackerone.com/reports/134145) to QIWI - 1 upvotes, $0 90 | 88. [[send.qiwi.ru] XSS at auth?login=](https://hackerone.com/reports/35413) to QIWI - 0 upvotes, $200 91 | 89. [XSS Reflected in test.qiwi.ru](https://hackerone.com/reports/98281) to QIWI - 0 upvotes, $200 92 | -------------------------------------------------------------------------------- /tops_by_program/TOPRAZER.md: -------------------------------------------------------------------------------- 1 | [Back](../README.md) 2 | 3 | Top reports from Razer program at HackerOne: 4 | 5 | 1. [🐞 OS Command Injection at https://sea-web.gold.razer.com/lab/ws-lookup via IP parameter](https://hackerone.com/reports/821962) to Razer - 676 upvotes, $2000 6 | 2. [🐞 OS Command Injection at https://sea-web.gold.razer.com/lab/ws-lookup via IP parameter](https://hackerone.com/reports/821962) to Razer - 676 upvotes, $2000 7 | 3. [SQL injection at https://sea-web.gold.razer.com/ajax-get-status.php via txid parameter](https://hackerone.com/reports/819738) to Razer - 580 upvotes, $2000 8 | 4. [SQL Injection in https://api-my.pay.razer.com/inviteFriend/getInviteHistoryLog](https://hackerone.com/reports/811111) to Razer - 528 upvotes, $2000 9 | 5. [OTP token bypass in accessing user settings](https://hackerone.com/reports/699082) to Razer - 339 upvotes, $1000 10 | 6. [[Razer Pay Mobile App] Broken access control allowing other user's bank account to be deleted](https://hackerone.com/reports/757095) to Razer - 311 upvotes, $1000 11 | 7. [[Razer Pay Mobile App] Broken access control allowing other user's bank account to be deleted](https://hackerone.com/reports/757095) to Razer - 311 upvotes, $1000 12 | 8. [Reflected XSS at https://pay.gold.razer.com escalated to account takeover](https://hackerone.com/reports/723060) to Razer - 287 upvotes, $750 13 | 9. [SQL Injection at https://sea-web.gold.razer.com/lab/cash-card-incomplete-translog-resend via period-hour Parameter](https://hackerone.com/reports/781205) to Razer - 240 upvotes, $2000 14 | 10. [[api.easy2pay.co] SQL Injection at fortumo via TransID parameter [Bypassing Signature Validation🔥]](https://hackerone.com/reports/894325) to Razer - 232 upvotes, $4000 15 | 11. [[api.easy2pay.co] SQL Injection at fortumo via TransID parameter [Bypassing Signature Validation🔥]](https://hackerone.com/reports/894325) to Razer - 232 upvotes, $4000 16 | 12. [Admin Management - Login Using Default Password - Leads to Image Upload Backdoor/Shell](https://hackerone.com/reports/699030) to Razer - 199 upvotes, $200 17 | 13. [Through blocking the redirect in /* the attacker able to bypass Authentication To see Sensitive Data sush as Game Keys , Emails ,..](https://hackerone.com/reports/736273) to Razer - 196 upvotes, $1000 18 | 14. [Through blocking the redirect in /* the attacker able to bypass Authentication To see Sensitive Data sush as Game Keys , Emails ,..](https://hackerone.com/reports/736273) to Razer - 196 upvotes, $1000 19 | 15. [Unauthenticated access to sensitive user information](https://hackerone.com/reports/702677) to Razer - 184 upvotes, $500 20 | 16. [SQLi at https://sea-web.gold.razer.com/demo-th/purchase-result.php via orderid Parameter](https://hackerone.com/reports/777693) to Razer - 183 upvotes, $2000 21 | 17. [[IDOR] API endpoint leaking sensitive user information](https://hackerone.com/reports/723118) to Razer - 172 upvotes, $375 22 | 18. [Misconfigured s3 Bucket exposure](https://hackerone.com/reports/700051) to Razer - 168 upvotes, $500 23 | 19. [Accessible Druid Monitor console on https://api.pay-staging.razer.com/](https://hackerone.com/reports/702784) to Razer - 126 upvotes, $1500 24 | 20. [SQL injection in Razer Gold List Admin at /lists/index.php via the `list[]` parameter. ](https://hackerone.com/reports/824307) to Razer - 122 upvotes, $2000 25 | 21. [SQL Injection at api.easy2pay.co/add-on/get-sig.php via partner_id Parameter](https://hackerone.com/reports/768195) to Razer - 119 upvotes, $2000 26 | 22. [HTML injection in support.razer.com [IE only]](https://hackerone.com/reports/826463) to Razer - 109 upvotes, $250 27 | 23. [DOM XSS at https://www.thx.com in IE/Edge browser](https://hackerone.com/reports/702981) to Razer - 102 upvotes, $250 28 | 24. [[Razer Pay Android App] Multiple vulnerabilities chained to allow "RedPacket" money to be stolen by a 3rd party](https://hackerone.com/reports/753280) to Razer - 84 upvotes, $1000 29 | 25. [[pay.gold.razer.com] Stored XSS - Order payment](https://hackerone.com/reports/706916) to Razer - 81 upvotes, $1500 30 | 26. [Blind SQL Injection at http://easytopup.in.th/es-services/mps.php via serial_no parameter](https://hackerone.com/reports/790914) to Razer - 80 upvotes, $1000 31 | 27. [2FA doesn't work in "https://insider.razer.com"](https://hackerone.com/reports/701901) to Razer - 72 upvotes, $200 32 | 28. [SQL injection at https://sea-web.gold.razer.com/demo-th/goto-e2p-web-api.php via Multiple Parameters](https://hackerone.com/reports/777698) to Razer - 71 upvotes, $2000 33 | 29. [Blind SQL Injection(Time Based Payload) in https://www.easytopup.in.th/store/game/digimon-master via CheckuserForm[user_id]](https://hackerone.com/reports/789259) to Razer - 68 upvotes, $1000 34 | 30. [[SSRF] Server-Side Request Forgery at https://sea-web.gold.razer.com/dev/simulator via notify_url Parameter](https://hackerone.com/reports/777664) to Razer - 60 upvotes, $2000 35 | 31. [Payment PIN Verification Bypass](https://hackerone.com/reports/702383) to Razer - 57 upvotes, $1000 36 | 32. [Reflected XSS at http://promotion.molthailand.com/index.php via promotion_id parameter](https://hackerone.com/reports/772116) to Razer - 55 upvotes, $250 37 | 33. [Insecure Logging - OWASP (2016-M2)](https://hackerone.com/reports/700624) to Razer - 45 upvotes, $400 38 | 34. [Improper access control on easytopup.in.th transaction page leads to user's information disclosure and may lead to account hijacking](https://hackerone.com/reports/776877) to Razer - 41 upvotes, $1000 39 | 35. [Improper access control on easytopup.in.th transaction page leads to user's information disclosure and may lead to account hijacking](https://hackerone.com/reports/776877) to Razer - 41 upvotes, $1000 40 | 36. [Improper Authorization at https://api-my.pay.razer.com/v1/trxDetail?trxId=[Id] allowing unauthorised access to other user's transaction details](https://hackerone.com/reports/754339) to Razer - 40 upvotes, $500 41 | 37. [dom based xss on [hello.merchant.razer.com]](https://hackerone.com/reports/767944) to Razer - 36 upvotes, $500 42 | 38. [Cookie based XSS on http://ftp1.thx.com](https://hackerone.com/reports/748217) to Razer - 31 upvotes, $375 43 | 39. [[razer-assets2] Listing of Amazon S3 Bucket accessible to any AWS cli ](https://hackerone.com/reports/710319) to Razer - 27 upvotes, $250 44 | 40. [DLL Hijacking in Synapse 2 CrashSender1402.exe via version.dll](https://hackerone.com/reports/702252) to Razer - 26 upvotes, $750 45 | 41. [Expired reCAPTCHA site key leads to Rate Limit Bypass and Email Enumeration](https://hackerone.com/reports/758280) to Razer - 26 upvotes, $200 46 | 42. [IDOR in eform.molpay.com leads to see other users application forms with private data](https://hackerone.com/reports/790829) to Razer - 21 upvotes, $500 47 | 43. [Insecure Processing of XML leads to Denial of Service through Billion Laughs Attack](https://hackerone.com/reports/754117) to Razer - 21 upvotes, $375 48 | 44. [Insecure Processing of XML leads to Denial of Service through Billion Laughs Attack](https://hackerone.com/reports/754117) to Razer - 21 upvotes, $375 49 | 45. [Insecure HostnameVerifier within WebView of Razer Pay Android (TLS Vulnerability)](https://hackerone.com/reports/795272) to Razer - 20 upvotes, $750 50 | 46. [Request Smuggling vulnerability due a vulnerable skipper reverse proxy running in the environment.](https://hackerone.com/reports/711679) to Razer - 18 upvotes, $375 51 | 47. [Subdomain takeover at iosota.razersynapse.com via Amazon S3](https://hackerone.com/reports/813313) to Razer - 18 upvotes, $200 52 | 48. [Reflected XSS on molpay.com with cloudflare bypass](https://hackerone.com/reports/800360) to Razer - 17 upvotes, $375 53 | 49. [Reflected XSS on https://www.easytopup.in.th/store/product/return on parameter mref_id](https://hackerone.com/reports/776883) to Razer - 17 upvotes, $250 54 | 50. [[press.razer.com] Origin IP found, Cloudflare bypassed](https://hackerone.com/reports/776933) to Razer - 17 upvotes, $200 55 | 51. [PHPInfo Page on www.razer.ru](https://hackerone.com/reports/744573) to Razer - 17 upvotes, $0 56 | 52. [Access to support tickets and payment history, impersonate razer support staff](https://hackerone.com/reports/776110) to Razer - 16 upvotes, $1500 57 | 53. [Reflected XSS at https://sea-web.gold.razer.com/cash-card/verify via channel parameter](https://hackerone.com/reports/769086) to Razer - 15 upvotes, $500 58 | 54. [Subdomain takeover at ftp.thx.com](https://hackerone.com/reports/703591) to Razer - 15 upvotes, $250 59 | 55. [AWS subdomain Takeover at estore.razersynapse.com](https://hackerone.com/reports/785179) to Razer - 15 upvotes, $250 60 | 56. [https://zest.co.th/zestlinepay/checkproduct API endpoint suffers from Boolean-based SQL injection](https://hackerone.com/reports/783147) to Razer - 15 upvotes, $0 61 | 57. [Leftover back-end system on www.zest.co.th allows an unauthorized attacker to generate Razer Gold Pin for free](https://hackerone.com/reports/782982) to Razer - 14 upvotes, $375 62 | 58. [Leftover back-end system on www.zest.co.th allows an unauthorized attacker to generate Razer Gold Pin for free](https://hackerone.com/reports/782982) to Razer - 14 upvotes, $375 63 | 59. [[api.easy2pay.co] SQL Injection in cashcard via card_no parameter ⭐️Bypassing IP whitelist⭐️](https://hackerone.com/reports/894329) to Razer - 14 upvotes, $0 64 | 60. [[Razer Pay Mobile App] IDOR within /v1_IM/friends/queryDrawRedLog allowed unauthorised access to read logs](https://hackerone.com/reports/754044) to Razer - 12 upvotes, $500 65 | 61. [Post Based Reflected XSS on [https://investor.razer.com/s/ir_contact.php]](https://hackerone.com/reports/801075) to Razer - 12 upvotes, $375 66 | 62. [Helpdesk takeover (subdomain takeover) in razerzone.com domain via unclaimed Zendesk instance](https://hackerone.com/reports/810807) to Razer - 12 upvotes, $250 67 | 63. [Source Code Disclosure](https://hackerone.com/reports/819735) to Razer - 12 upvotes, $200 68 | 64. [THX Tuneup Survey feedback disclosure via Google cached content for apps.thx.com](https://hackerone.com/reports/751729) to Razer - 12 upvotes, $200 69 | 65. [DOM-based XSS on https://zest.co.th/zestlinepay/](https://hackerone.com/reports/784112) to Razer - 10 upvotes, $200 70 | 66. [Reflected XSS in eform.molpay.com](https://hackerone.com/reports/789879) to Razer - 9 upvotes, $375 71 | 67. [Aws bucket writable mobile.razer.com](https://hackerone.com/reports/772957) to Razer - 9 upvotes, $250 72 | 68. [Misconfigured Bucket [razer-assets2] https://assets2.razerzone.com/](https://hackerone.com/reports/756703) to Razer - 9 upvotes, $250 73 | 69. [ Information disclosure at http://sea-s2s.molthailand.com/status.php](https://hackerone.com/reports/721761) to Razer - 8 upvotes, $375 74 | 70. [Race Condition in Oauth 2.0 flow can lead to malicious applications create multiple valid sessions](https://hackerone.com/reports/699112) to Razer - 8 upvotes, $250 75 | 71. [[Razer Pay] Broken Access Control at /v1/verifyPhone/ allows enumeration of usernames and ID information](https://hackerone.com/reports/752443) to Razer - 6 upvotes, $500 76 | 72. [Store Cross-Site Scripting - www.razer.ru](https://hackerone.com/reports/739854) to Razer - 5 upvotes, $200 77 | 73. [User Access Control Bypass Via Razer elevated service ( RzKLService.exe ) which loads exe in misconfigured way.](https://hackerone.com/reports/769684) to Razer - 3 upvotes, $750 78 | 74. [RXSS at https://api.easy2pay.co/inquiry.php via txid parameter.](https://hackerone.com/reports/791941) to Razer - 2 upvotes, $250 79 | 80 | 81 | [Back](../README.md) --------------------------------------------------------------------------------