Bugpoint – Telegram

Bugpoint

1.05K subscribers

3.73K photos

3.73K links

Latest updates about disclosure bug bounty reports: tech details, impacts, bounties 📣

Rate👇
https://cutt.ly/bugpoint_rate
Feedback👇
https://cutt.ly/bugpoint_feedback

#️⃣ bug bounty disclosed reports
#️⃣ bug bounty write-ups
#️⃣ bug bounty teleg

Download Telegram

About

Blog

Apps

Platform

1.05K subscribers

Enable 2Fa verification without verifying email leads account takeover

👉 https://hackerone.com/reports/1618021

🔹 Severity: Medium | 💰 350 USD
🔹 Reported To: Cloudflare Public Bug Bounty
🔹 Reported By: #motu-vai
🔹 State: 🟢 Resolved
🔹 Disclosed: August 31, 2022, 3:43pm (UTC)

319 views16:02

Password reset tokens sent to CSP reporting endpoints

👉 https://hackerone.com/reports/1626281

🔹 Severity: Low | 💰 250 USD
🔹 Reported To: Snapchat
🔹 Reported By: #mahfujwhh
🔹 State: 🟢 Resolved
🔹 Disclosed: August 31, 2022, 11:53pm (UTC)

320 views00:09

Any expired reset password link can still be used to reset the password

👉 https://hackerone.com/reports/1615790

🔹 Severity: Low | 💰 100 USD
🔹 Reported To: Acronis
🔹 Reported By: #mrccrqr
🔹 State: 🟢 Resolved
🔹 Disclosed: September 1, 2022, 9:31am (UTC)

309 views09:33

Remote denial of service in HyperLedger Fabric

👉 https://hackerone.com/reports/1635854

🔹 Severity: High | 💰 1,500 USD
🔹 Reported To: Hyperledger
🔹 Reported By: #fatal0
🔹 State: 🟢 Resolved
🔹 Disclosed: September 1, 2022, 2:05pm (UTC)

292 views14:33

API Key reported in #1465145 not rotated and thus is still valid and can be used by anyone

👉 https://hackerone.com/reports/1591770

🔹 Severity: Low
🔹 Reported To: Adobe
🔹 Reported By: #aneeeketh
🔹 State: ⚪️ Informative
🔹 Disclosed: September 1, 2022, 4:05pm (UTC)

296 views16:08

Remote code execution due to unvalidated file upload

👉 https://hackerone.com/reports/1164452

🔹 Severity: Critical
🔹 Reported To: MTN Group
🔹 Reported By: #aliyugombe
🔹 State: 🟢 Resolved
🔹 Disclosed: September 1, 2022, 5:29pm (UTC)

305 views17:41

Password reset token leak on third party website via Referer header [cloudivr.mtnbusiness.com.ng]

👉 https://hackerone.com/reports/1320242

🔹 Severity: Medium
🔹 Reported To: MTN Group
🔹 Reported By: #ibrahimatix0x01
🔹 State: 🟢 Resolved
🔹 Disclosed: September 1, 2022, 8:21pm (UTC)

323 views20:27

Default Admin Username and Password on remedysso.mtncameroon.net

👉 https://hackerone.com/reports/1397786

🔹 Severity: High
🔹 Reported To: MTN Group
🔹 Reported By: #dh0pe
🔹 State: 🟢 Resolved
🔹 Disclosed: September 1, 2022, 8:50pm (UTC)

381 views21:03

Sensitive Information Disclosure Through Config File

👉 https://hackerone.com/reports/1397788

🔹 Severity: High
🔹 Reported To: MTN Group
🔹 Reported By: #dh0pe
🔹 State: 🟢 Resolved
🔹 Disclosed: September 1, 2022, 8:50pm (UTC)

454 views21:03

IDOR on TikTok Ads Endpoint

👉 https://hackerone.com/reports/1527906

🔹 Severity: Medium | 💰 2,500 USD
🔹 Reported To: TikTok
🔹 Reported By: #sinayeganeh
🔹 State: 🟢 Resolved
🔹 Disclosed: September 1, 2022, 9:23pm (UTC)

🔥2

510 views21:39

Wordpress users disclosure from json and xml file

👉 https://hackerone.com/reports/1408589

🔹 Severity: Low
🔹 Reported To: MTN Group
🔹 Reported By: #drak3hft7
🔹 State: 🟢 Resolved
🔹 Disclosed: September 2, 2022, 9:25am (UTC)

317 views04:17

Weak/Auto Fill Password

👉 https://hackerone.com/reports/817331

🔹 Severity: Critical
🔹 Reported To: MTN Group
🔹 Reported By: #harrisoft
🔹 State: 🟢 Resolved
🔹 Disclosed: September 3, 2022, 12:23am (UTC)

297 views04:18

Federated share accepting/declining is not logged in audit log

👉 https://hackerone.com/reports/1200815

🔹 Severity: Low
🔹 Reported To: Nextcloud
🔹 Reported By: #rtod
🔹 State: 🟢 Resolved
🔹 Disclosed: September 3, 2022, 6:12am (UTC)

230 views04:18

Password disclosure in initial setup of Mail App

👉 https://hackerone.com/reports/1561471

🔹 Severity: Low
🔹 Reported To: Nextcloud
🔹 Reported By: #anna_larch
🔹 State: 🟢 Resolved
🔹 Disclosed: September 3, 2022, 6:23am (UTC)

228 views04:19

Brute force protections don't work

👉 https://hackerone.com/reports/1596918

🔹 Severity: Low
🔹 Reported To: Nextcloud
🔹 Reported By: #nickvergessen
🔹 State: 🟢 Resolved
🔹 Disclosed: September 3, 2022, 6:25am (UTC)

228 views04:19

Unauthenticated SSRF in 3rd party module "cerdic/csstidy"

👉 https://hackerone.com/reports/1595006

🔹 Severity: Medium | 💰 250 USD
🔹 Reported To: Nextcloud
🔹 Reported By: #eg42
🔹 State: 🟢 Resolved
🔹 Disclosed: September 3, 2022, 6:29am (UTC)

218 views08:10

path traversal vulnerability in Grafana 8.x allows " local file read "

👉 https://hackerone.com/reports/1427086

🔹 Severity: Critical
🔹 Reported To: MTN Group
🔹 Reported By: #a-heybati
🔹 State: 🟢 Resolved
🔹 Disclosed: September 3, 2022, 12:14pm (UTC)

211 views10:05

IDOR Leads To Account Takeover Without User Interaction

👉 https://hackerone.com/reports/1272478

🔹 Severity: Critical
🔹 Reported To: MTN Group
🔹 Reported By: #theranger
🔹 State: 🟢 Resolved
🔹 Disclosed: September 4, 2022, 1:23pm (UTC)

191 views10:05

API key (api.semrush.com) leak in JS-file

👉 https://hackerone.com/reports/1218754

🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Semrush
🔹 Reported By: #a_d_a_m
🔹 State: 🟢 Resolved
🔹 Disclosed: September 5, 2022, 12:17pm (UTC)

167 views10:05

Information disclosure through django debug mode

👉 https://hackerone.com/reports/1434276

🔹 Severity: Medium
🔹 Reported To: MTN Group
🔹 Reported By: #aliyugombe
🔹 State: 🟢 Resolved
🔹 Disclosed: September 5, 2022, 10:56pm (UTC)

155 views10:05

Exposed gitlab repo at https://adammanco.mtn.com/api/v4/projects

👉 https://hackerone.com/reports/1351359

🔹 Severity: Low
🔹 Reported To: MTN Group
🔹 Reported By: #aliyugombe
🔹 State: 🟢 Resolved
🔹 Disclosed: September 5, 2022, 10:57pm (UTC)

156 views10:05