REPORTS
PROGRAMS
PUBLISHERS
Top10 publishers:
b'bobrov'
117
b'sp1d3rs'
86
b'geeknik'
83
b'linkks'
75
b'jobert'
70
b'nyymi'
62
b'someonenobbd'
62
b'ooooooo_q'
54
b'guido'
50
b'haxta4ok00'
49
Now on Twitter
the unofficial
HackerOne
disclosure timeline.
X
b'Mail.ru'
disclosed a bug submitted by
b'iframe'
b'[api.33slona.ru] ?????? ? API ?? ?? ???????????? ???????????? ??????? 302 ???????.'
02 Sep 2020
b'Mail.ru'
disclosed a bug submitted by
b'iframe'
b'looch.tv CORS crossite user information and stream_key access'
02 Sep 2020
b'Mail.ru'
disclosed a bug submitted by
b'avolume'
b'Public access to Sidekiq dashboard at shopper.sbermarket.ru'
02 Sep 2020
b'Shopify'
disclosed a bug submitted by
b'francisbeaudoin'
b"Takeover an account that doesn't have a Shopify ID and more"
02 Sep 2020
b'Imgur'
disclosed a bug submitted by
b'zerox4'
b'Stored XSS in Post title (PoC)'
02 Sep 2020
b'Ruby on Rails'
disclosed a bug submitted by
b'ooooooo_q'
b'XSS by file (Active Storage `Proxying`)'
01 Sep 2020
b'Starbucks'
disclosed a bug submitted by
b'x3n0nn3p'
b'CRLF injection on www.starbucks.com'
01 Sep 2020
b'Yelp'
disclosed a bug submitted by
b'alaayousef'
b'Clickjacking lead to remove review'
01 Sep 2020
b'Mail.ru'
disclosed a bug submitted by
b'iframe'
b'[garnier-olia.lady.mail.ru] Reflected XSS /exp/ bypass "/"'
01 Sep 2020
b'Mail.ru'
disclosed a bug submitted by
b'iframe'
b'warofdragons.my.games: configuration files with database account are accessible'
01 Sep 2020
b'Mail.ru'
disclosed a bug submitted by
b'iframe'
b'IDOR ????????? ???????? ?????????? ? ????????????.'
01 Sep 2020
b'Mail.ru'
disclosed a bug submitted by
b'organdonor'
b'Access to information about any video and its owner via GraphQL endpoint [dictor.mail.ru]'
01 Sep 2020
b'Mail.ru'
disclosed a bug submitted by
b'pisarenko'
b' [self?] XSS ? ?????? ???????????? [sbermarket.ru]'
31 Aug 2020
b'Mail.ru'
disclosed a bug submitted by
b'jianjun'
b'An implementation flaw in Mail.ru can be exploited for DKIM signature spoofing and email spoofing'
31 Aug 2020
b'QIWI'
disclosed a bug submitted by
b'honoki'
b'DOM XSS triggered in secure support desk'
31 Aug 2020
b'Node.js third-party modules'
disclosed a bug submitted by
b'bp0lr'
b'[hangersteak] Web Server Directory Traversal via Crafted GET Request'
30 Aug 2020
b'Node.js third-party modules'
disclosed a bug submitted by
b'bp0lr'
b'[sirloin] Web Server Directory Traversal via Crafted GET Request'
30 Aug 2020
b'Shopify'
disclosed a bug submitted by
b'zerox4'
b'XSS Stored via Upload avatar PNG [HTML] File in accounts.shopify.com'
30 Aug 2020
b'WakaTime'
disclosed a bug submitted by
b'hy76t56f565'
b'Private leaderboard owner email disclosure when sending invites'
28 Aug 2020
b'Slack'
disclosed a bug submitted by
b'oskarsv'
b'Remote Code Execution in Slack desktop apps + bonus'
28 Aug 2020
1
...
268
269
270
271
272
...
738
BY DENIS WERNER - @NOBBD -
IMPRESSUM