the unofficial HackerOne disclosure timeline.

X
b'Shopify' disclosed a bug submitted by b'zombiehelp54' 
b'Stored XSS in [shop].myshopify.com/admin/orders/[id]'
28 Mar 2017 timeline
b'Shopify' disclosed a bug submitted by b'skavans' 
b'Stored passive XSS at scheduled posts (kitcrm.com)'
28 Mar 2017 timeline
b'Shopify' disclosed a bug submitted by b'jamesclyde' 
b'Full access at an internal service of Shopify'
28 Mar 2017 timeline
b'YouPorn' disclosed a bug submitted by b'myst404' 
b'Reflected XSS in Meta Tag'
28 Mar 2017 timeline
b'Pornhub' disclosed a bug submitted by b'cyber-guard' 
b'IDOR - disclosure of private videos - /api_android_v3/getUserVideos'
27 Mar 2017 timeline
b'QIWI' disclosed a bug submitted by b'bobrov' 
b'[ibank.qiwi.ru] UI Redressing via Request-URI'
27 Mar 2017 timeline
b'Mail.Ru' disclosed a bug submitted by b'paresh_parmar' 
b'Potential SSRF in sales.mail.ru'
27 Mar 2017 timeline
b'Mail.Ru' disclosed a bug submitted by b'bigbear_' 
b'[gitmm.corp.mail.ru] Auth Bypass, Information Disclosure'
27 Mar 2017 timeline
b'Mail.Ru' disclosed a bug submitted by b'bigbear_' 
b'[allods.mail.ru] Reflected XSS'
27 Mar 2017 timeline
b'Mail.Ru' disclosed a bug submitted by b'bigbear_' 
b'[w1.dwar.ru] Core Dump'
27 Mar 2017 timeline
b'Mail.Ru' disclosed a bug submitted by b'bigbear_' 
b'[otus.p.mail.ru] Full Path Disclosure'
27 Mar 2017 timeline
b'QIWI' disclosed a bug submitted by b'bobrov' 
b'[qiwi.com] .bash_history'
27 Mar 2017 timeline
b'QIWI' disclosed a bug submitted by b'4lemon' 
b'Stored xss in agent.qiwi.com'
27 Mar 2017 timeline
b'HackerOne' disclosed a bug submitted by b'ak1t4' 
b'Subdomain takeover at info.hacker.one'
27 Mar 2017 timeline
b'HackerOne' disclosed a bug submitted by b'shailesh4594' 
b'Limited Open redirection using SSO-SAML'
26 Mar 2017 timeline
b'HackerOne' disclosed a bug submitted by b'aaron_costello' 
b'Google Analytics could be used as CSP bypass for data exfiltration on hackerone.com'
26 Mar 2017 timeline
b'Udemy' disclosed a bug submitted by b'caffeinewriter' 
b"Able to view others' gifts on /gift/share URL, giftId is predictable, and easy to manipulate"
26 Mar 2017 timeline
b'Twitter' disclosed a bug submitted by b'r3ligious' 
b'Attacker can get vine repost user all informations even Ip address and location .'
25 Mar 2017 timeline
b'CloudFlare' disclosed a bug submitted by b'bobrov' 
b'[http2.cloudflare.com] Open Redirect'
24 Mar 2017 timeline
b'Harvest' disclosed a bug submitted by b'zuh4n' 
b"Cookie Injection at 'harvestapp.com'"
24 Mar 2017 timeline
1 ... 598 599 600 601 602 ... 769
Follow @disclosedh1 on twitter to receive updates when a new bug is disclosed!
Twitter
BY DENIS WERNER - @NOBBD - IMPRESSUM