Bugpoint
@bugpoint
1.04K subscribers
3.73K photos
3.73K links
Latest updates about disclosure bug bounty reports: tech details, impacts, bounties πŸ“£

RateπŸ‘‡
https://cutt.ly/bugpoint_rate
FeedbackπŸ‘‡
https://cutt.ly/bugpoint_feedback

#️⃣ bug bounty disclosed reports
#️⃣ bug bounty write-ups
#️⃣ bug bounty teleg
Download Telegram
About
Blog
Apps
Platform
Join
Bugpoint
1.04K subscribers
Bugpoint
Steal private objects of other projects via project import

πŸ‘‰ https://hackerone.com/reports/743953

πŸ”Ή Severity: Critical | πŸ’° 20,000 USD
πŸ”Ή Reported To: GitLab
πŸ”Ή Reported By: #saltyyolk
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: June 7, 2022, 2:16pm (UTC)
πŸ”₯4
314 views
Bugpoint
Path traversal, to RCE

πŸ‘‰ https://hackerone.com/reports/733072

πŸ”Ή Severity: High | πŸ’° 12,000 USD
πŸ”Ή Reported To: GitLab
πŸ”Ή Reported By: #saltyyolk
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: June 7, 2022, 2:16pm (UTC)
πŸ”₯5
357 views
Bugpoint
Open redirect on https://www.glassdoor.com/profile/siwa.htm via state parameter

πŸ‘‰ https://hackerone.com/reports/1097208

πŸ”Ή Severity: Low | πŸ’° 100 USD
πŸ”Ή Reported To: Glassdoor
πŸ”Ή Reported By: #0x7
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: June 8, 2022, 11:44am (UTC)
301 views
Bugpoint
Reflected XSS on https://help.glassdoor.com/gd_requestsubmitpage

πŸ‘‰ https://hackerone.com/reports/1094224

πŸ”Ή Severity: Medium | πŸ’° 500 USD
πŸ”Ή Reported To: Glassdoor
πŸ”Ή Reported By: #0x7
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: June 8, 2022, 11:46am (UTC)
292 views
Bugpoint
Reflected XSS on https://www.glassdoor.com/parts/header.htm

πŸ‘‰ https://hackerone.com/reports/1073712

πŸ”Ή Severity: Medium | πŸ’° 600 USD
πŸ”Ή Reported To: Glassdoor
πŸ”Ή Reported By: #0x7
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: June 8, 2022, 12:00pm (UTC)
288 views
Bugpoint
Stored XSS on issue comments and other pages which contain notes

πŸ‘‰ https://hackerone.com/reports/1398305

πŸ”Ή Severity: High | πŸ’° 3,000 USD
πŸ”Ή Reported To: GitLab
πŸ”Ή Reported By: #jarij
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: June 8, 2022, 2:02pm (UTC)
298 views
Bugpoint
"External status checks" can be accepted by users below developer access if the user is either author or assignee of the target merge request

πŸ‘‰ https://hackerone.com/reports/1375393

πŸ”Ή Severity: Medium | πŸ’° 610 USD
πŸ”Ή Reported To: GitLab
πŸ”Ή Reported By: #joaxcar
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: June 8, 2022, 2:04pm (UTC)
297 views
Bugpoint
Gitlab Pages token theft using service workers

πŸ‘‰ https://hackerone.com/reports/1439552

πŸ”Ή Severity: Medium | πŸ’° 1,680 USD
πŸ”Ή Reported To: GitLab
πŸ”Ή Reported By: #ehhthing
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: June 8, 2022, 2:06pm (UTC)
305 views
Bugpoint
XSS by clicking Jira's link

πŸ‘‰ https://hackerone.com/reports/1194254

πŸ”Ή Severity: Medium | πŸ’° 1,130 USD
πŸ”Ή Reported To: GitLab
πŸ”Ή Reported By: #ooooooo_q
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: June 8, 2022, 2:07pm (UTC)
336 views
Bugpoint
Several Subdomains Takeover

πŸ‘‰ https://hackerone.com/reports/1591085

πŸ”Ή Severity: High
πŸ”Ή Reported To: Reddit
πŸ”Ή Reported By: #3amii
πŸ”Ή State: πŸ”΄ N/A
πŸ”Ή Disclosed: June 8, 2022, 8:36pm (UTC)
319 views
Bugpoint
match

πŸ‘‰ https://hackerone.com/reports/1555440

πŸ”Ή Severity: High
πŸ”Ή Reported To: curl
πŸ”Ή Reported By: #maslahhunter
πŸ”Ή State: πŸ”΄ N/A
πŸ”Ή Disclosed: June 9, 2022, 7:09am (UTC)
323 views
Bugpoint
Integer overflows in unescape_word()

πŸ‘‰ https://hackerone.com/reports/1564922

πŸ”Ή Severity: Low
πŸ”Ή Reported To: curl
πŸ”Ή Reported By: #ddme
πŸ”Ή State: πŸ”΄ N/A
πŸ”Ή Disclosed: June 9, 2022, 7:10am (UTC)
338 views
Bugpoint
Moderator can enable cam/mic remotely if cam/mic-permission was disabled while user has activated cam/mic

πŸ‘‰ https://hackerone.com/reports/1520685

πŸ”Ή Severity: Low | πŸ’° 100 USD
πŸ”Ή Reported To: Nextcloud
πŸ”Ή Reported By: #michag86
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: June 9, 2022, 12:42pm (UTC)
351 views
Bugpoint
RXSS on β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆ

πŸ‘‰ https://hackerone.com/reports/1555582

πŸ”Ή Severity: Medium
πŸ”Ή Reported To: U.S. Dept Of Defense
πŸ”Ή Reported By: #tmz900
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: June 10, 2022, 2:44pm (UTC)
331 views
Bugpoint
bd-j exploit chain

πŸ‘‰ https://hackerone.com/reports/1379975

πŸ”Ή Severity: High | πŸ’° 20,000 USD
πŸ”Ή Reported To: PlayStation
πŸ”Ή Reported By: #theflow0
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: June 10, 2022, 8:26pm (UTC)
πŸ‘3
316 views
Bugpoint
Email address disclosure via invite token validatiion

πŸ‘‰ https://hackerone.com/reports/1560072

πŸ”Ή Severity: Low | πŸ’° 250 USD
πŸ”Ή Reported To: TikTok
πŸ”Ή Reported By: #noob_but_cut3
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: June 11, 2022, 12:28am (UTC)
316 views
Bugpoint
disclosure the live_analytics information of any livestream.

πŸ‘‰ https://hackerone.com/reports/1561299

πŸ”Ή Severity: Medium | πŸ’° 1,000 USD
πŸ”Ή Reported To: TikTok
πŸ”Ή Reported By: #datph4m
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: June 11, 2022, 12:33am (UTC)
323 views
Bugpoint
CVE-2022-27779: cookie for trailing dot TLD

πŸ‘‰ https://hackerone.com/reports/1565615

πŸ”Ή Severity: Medium | πŸ’° 2,400 USD
πŸ”Ή Reported To: Internet Bug Bounty
πŸ”Ή Reported By: #haxatron1
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: June 11, 2022, 6:58pm (UTC)
πŸ‘1
318 views
Bugpoint
CVE-2022-27780: percent-encoded path separator in URL host

πŸ‘‰ https://hackerone.com/reports/1565619

πŸ”Ή Severity: Medium | πŸ’° 2,400 USD
πŸ”Ή Reported To: Internet Bug Bounty
πŸ”Ή Reported By: #haxatron1
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: June 11, 2022, 6:58pm (UTC)
347 views
Bugpoint
CVE-2022-30115: HSTS bypass via trailing dot

πŸ‘‰ https://hackerone.com/reports/1565622

πŸ”Ή Severity: Medium | πŸ’° 2,400 USD
πŸ”Ή Reported To: Internet Bug Bounty
πŸ”Ή Reported By: #haxatron1
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: June 11, 2022, 6:58pm (UTC)
357 views
Bugpoint
All user password hash can be seen from admin panel

πŸ‘‰ https://hackerone.com/reports/1489892

πŸ”Ή Severity: Medium
πŸ”Ή Reported To: UPchieve
πŸ”Ή Reported By: #dark_haxor
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: June 11, 2022, 11:31pm (UTC)
πŸ‘1
374 views