Bugpoint
@bugpoint
1.05K subscribers
3.73K photos
3.73K links
Latest updates about disclosure bug bounty reports: tech details, impacts, bounties πŸ“£

RateπŸ‘‡
https://cutt.ly/bugpoint_rate
FeedbackπŸ‘‡
https://cutt.ly/bugpoint_feedback

#️⃣ bug bounty disclosed reports
#️⃣ bug bounty write-ups
#️⃣ bug bounty teleg
Download Telegram
About
Blog
Apps
Platform
Join
Bugpoint
1.05K subscribers
Bugpoint
Unauthenticated SSRF in 3rd party module "cerdic/csstidy"

πŸ‘‰ https://hackerone.com/reports/1595006

πŸ”Ή Severity: Medium | πŸ’° 250 USD
πŸ”Ή Reported To: Nextcloud
πŸ”Ή Reported By: #eg42
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: September 3, 2022, 6:29am (UTC)
218 views
Bugpoint
path traversal vulnerability in Grafana 8.x allows " local file read "

πŸ‘‰ https://hackerone.com/reports/1427086

πŸ”Ή Severity: Critical
πŸ”Ή Reported To: MTN Group
πŸ”Ή Reported By: #a-heybati
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: September 3, 2022, 12:14pm (UTC)
211 views
Bugpoint
IDOR Leads To Account Takeover Without User Interaction

πŸ‘‰ https://hackerone.com/reports/1272478

πŸ”Ή Severity: Critical
πŸ”Ή Reported To: MTN Group
πŸ”Ή Reported By: #theranger
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: September 4, 2022, 1:23pm (UTC)
191 views
Bugpoint
API key (api.semrush.com) leak in JS-file

πŸ‘‰ https://hackerone.com/reports/1218754

πŸ”Ή Severity: Medium | πŸ’° 500 USD
πŸ”Ή Reported To: Semrush
πŸ”Ή Reported By: #a_d_a_m
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: September 5, 2022, 12:17pm (UTC)
167 views
Bugpoint
Information disclosure through django debug mode

πŸ‘‰ https://hackerone.com/reports/1434276

πŸ”Ή Severity: Medium
πŸ”Ή Reported To: MTN Group
πŸ”Ή Reported By: #aliyugombe
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: September 5, 2022, 10:56pm (UTC)
155 views
Bugpoint
Exposed gitlab repo at https://adammanco.mtn.com/api/v4/projects

πŸ‘‰ https://hackerone.com/reports/1351359

πŸ”Ή Severity: Low
πŸ”Ή Reported To: MTN Group
πŸ”Ή Reported By: #aliyugombe
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: September 5, 2022, 10:57pm (UTC)
156 views
Bugpoint
CVE-2021-38314 @ https://www.mtn.co.rw

πŸ‘‰ https://hackerone.com/reports/1351341

πŸ”Ή Severity: No Rating
πŸ”Ή Reported To: MTN Group
πŸ”Ή Reported By: #aliyugombe
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: September 5, 2022, 10:58pm (UTC)
150 views
Bugpoint
CVE-2021-38314 @ https://www.mtn.ci

πŸ‘‰ https://hackerone.com/reports/1351338

πŸ”Ή Severity: Medium
πŸ”Ή Reported To: MTN Group
πŸ”Ή Reported By: #aliyugombe
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: September 5, 2022, 10:58pm (UTC)
145 views
Bugpoint
firebase credentials leaks @ https://mpulse.mtnonline.com

πŸ‘‰ https://hackerone.com/reports/1351329

πŸ”Ή Severity: Medium
πŸ”Ή Reported To: MTN Group
πŸ”Ή Reported By: #aliyugombe
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: September 5, 2022, 10:59pm (UTC)
140 views
Bugpoint
firebase credentials leaks @ https://mtnhottseat.mtn.com.gh

πŸ‘‰ https://hackerone.com/reports/1351326

πŸ”Ή Severity: Medium
πŸ”Ή Reported To: MTN Group
πŸ”Ή Reported By: #aliyugombe
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: September 5, 2022, 10:59pm (UTC)
141 views
Bugpoint
No password length restriction in reset password endpoint at https://suppliers.mtn.cm

πŸ‘‰ https://hackerone.com/reports/1285694

πŸ”Ή Severity: Critical
πŸ”Ή Reported To: MTN Group
πŸ”Ή Reported By: #aliyugombe
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: September 5, 2022, 11:00pm (UTC)
148 views
Bugpoint
IDOR Payments Status

πŸ‘‰ https://hackerone.com/reports/1538669

πŸ”Ή Severity: Low | πŸ’° 100 USD
πŸ”Ή Reported To: Omise
πŸ”Ή Reported By: #codeslayer137
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: September 6, 2022, 8:58am (UTC)
137 views
Bugpoint
Modifying Sprunk vs eCola crew data

πŸ‘‰ https://hackerone.com/reports/1680818

πŸ”Ή Severity: Low | πŸ’° 250 USD
πŸ”Ή Reported To: Rockstar Games
πŸ”Ή Reported By: #bugstar
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: September 6, 2022, 6:24pm (UTC)
136 views
Bugpoint
Subdomain takeover of β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆ

πŸ‘‰ https://hackerone.com/reports/1457928

πŸ”Ή Severity: Critical
πŸ”Ή Reported To: U.S. Dept Of Defense
πŸ”Ή Reported By: #martinvw
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: September 6, 2022, 6:50pm (UTC)
138 views
Bugpoint
The dashboard is exposed in https://β–ˆβ–ˆβ–ˆ

πŸ‘‰ https://hackerone.com/reports/1566758

πŸ”Ή Severity: Critical
πŸ”Ή Reported To: U.S. Dept Of Defense
πŸ”Ή Reported By: #alitoni224
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: September 6, 2022, 6:53pm (UTC)
126 views
Bugpoint
XSS DUE TO CVE-2020-3580

πŸ‘‰ https://hackerone.com/reports/1606068

πŸ”Ή Severity: Medium
πŸ”Ή Reported To: U.S. Dept Of Defense
πŸ”Ή Reported By: #cruxn3t
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: September 6, 2022, 6:55pm (UTC)
125 views
Bugpoint
Access to admininstrative resources/account via path traversal

πŸ‘‰ https://hackerone.com/reports/1326352

πŸ”Ή Severity: Critical
πŸ”Ή Reported To: U.S. Dept Of Defense
πŸ”Ή Reported By: #j4k3d
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: September 6, 2022, 6:59pm (UTC)
131 views
Bugpoint
RXSS on β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆ

πŸ‘‰ https://hackerone.com/reports/1626962

πŸ”Ή Severity: Medium
πŸ”Ή Reported To: U.S. Dept Of Defense
πŸ”Ή Reported By: #tmz900
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: September 6, 2022, 7:01pm (UTC)
134 views
Bugpoint
Stored XSS at https://β–ˆβ–ˆβ–ˆβ–ˆβ–ˆ

πŸ‘‰ https://hackerone.com/reports/1620247

πŸ”Ή Severity: High
πŸ”Ή Reported To: U.S. Dept Of Defense
πŸ”Ή Reported By: #shanekag
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: September 6, 2022, 7:04pm (UTC)
135 views
Bugpoint
β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆ_log4j - https://β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆ

πŸ‘‰ https://hackerone.com/reports/1631364

πŸ”Ή Severity: Critical
πŸ”Ή Reported To: U.S. Dept Of Defense
πŸ”Ή Reported By: #hachimanxienim
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: September 6, 2022, 7:07pm (UTC)
142 views
Bugpoint
solr_log4j - https://β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆ

πŸ‘‰ https://hackerone.com/reports/1631370

πŸ”Ή Severity: Critical
πŸ”Ή Reported To: U.S. Dept Of Defense
πŸ”Ή Reported By: #hachimanxienim
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: September 6, 2022, 7:10pm (UTC)
143 views