firebase credentials leaks @ https://mpulse.mtnonline.com
π https://hackerone.com/reports/1351329
πΉ Severity: Medium
πΉ Reported To: MTN Group
πΉ Reported By: #aliyugombe
πΉ State: π’ Resolved
πΉ Disclosed: September 5, 2022, 10:59pm (UTC)
π https://hackerone.com/reports/1351329
πΉ Severity: Medium
πΉ Reported To: MTN Group
πΉ Reported By: #aliyugombe
πΉ State: π’ Resolved
πΉ Disclosed: September 5, 2022, 10:59pm (UTC)
firebase credentials leaks @ https://mtnhottseat.mtn.com.gh
π https://hackerone.com/reports/1351326
πΉ Severity: Medium
πΉ Reported To: MTN Group
πΉ Reported By: #aliyugombe
πΉ State: π’ Resolved
πΉ Disclosed: September 5, 2022, 10:59pm (UTC)
π https://hackerone.com/reports/1351326
πΉ Severity: Medium
πΉ Reported To: MTN Group
πΉ Reported By: #aliyugombe
πΉ State: π’ Resolved
πΉ Disclosed: September 5, 2022, 10:59pm (UTC)
No password length restriction in reset password endpoint at https://suppliers.mtn.cm
π https://hackerone.com/reports/1285694
πΉ Severity: Critical
πΉ Reported To: MTN Group
πΉ Reported By: #aliyugombe
πΉ State: π’ Resolved
πΉ Disclosed: September 5, 2022, 11:00pm (UTC)
π https://hackerone.com/reports/1285694
πΉ Severity: Critical
πΉ Reported To: MTN Group
πΉ Reported By: #aliyugombe
πΉ State: π’ Resolved
πΉ Disclosed: September 5, 2022, 11:00pm (UTC)
IDOR Payments Status
π https://hackerone.com/reports/1538669
πΉ Severity: Low | π° 100 USD
πΉ Reported To: Omise
πΉ Reported By: #codeslayer137
πΉ State: π’ Resolved
πΉ Disclosed: September 6, 2022, 8:58am (UTC)
π https://hackerone.com/reports/1538669
πΉ Severity: Low | π° 100 USD
πΉ Reported To: Omise
πΉ Reported By: #codeslayer137
πΉ State: π’ Resolved
πΉ Disclosed: September 6, 2022, 8:58am (UTC)
Modifying Sprunk vs eCola crew data
π https://hackerone.com/reports/1680818
πΉ Severity: Low | π° 250 USD
πΉ Reported To: Rockstar Games
πΉ Reported By: #bugstar
πΉ State: π’ Resolved
πΉ Disclosed: September 6, 2022, 6:24pm (UTC)
π https://hackerone.com/reports/1680818
πΉ Severity: Low | π° 250 USD
πΉ Reported To: Rockstar Games
πΉ Reported By: #bugstar
πΉ State: π’ Resolved
πΉ Disclosed: September 6, 2022, 6:24pm (UTC)
Subdomain takeover of βββββββββ
π https://hackerone.com/reports/1457928
πΉ Severity: Critical
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #martinvw
πΉ State: π’ Resolved
πΉ Disclosed: September 6, 2022, 6:50pm (UTC)
π https://hackerone.com/reports/1457928
πΉ Severity: Critical
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #martinvw
πΉ State: π’ Resolved
πΉ Disclosed: September 6, 2022, 6:50pm (UTC)
The dashboard is exposed in https://βββ
π https://hackerone.com/reports/1566758
πΉ Severity: Critical
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #alitoni224
πΉ State: π’ Resolved
πΉ Disclosed: September 6, 2022, 6:53pm (UTC)
π https://hackerone.com/reports/1566758
πΉ Severity: Critical
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #alitoni224
πΉ State: π’ Resolved
πΉ Disclosed: September 6, 2022, 6:53pm (UTC)
XSS DUE TO CVE-2020-3580
π https://hackerone.com/reports/1606068
πΉ Severity: Medium
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #cruxn3t
πΉ State: π’ Resolved
πΉ Disclosed: September 6, 2022, 6:55pm (UTC)
π https://hackerone.com/reports/1606068
πΉ Severity: Medium
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #cruxn3t
πΉ State: π’ Resolved
πΉ Disclosed: September 6, 2022, 6:55pm (UTC)
Access to admininstrative resources/account via path traversal
π https://hackerone.com/reports/1326352
πΉ Severity: Critical
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #j4k3d
πΉ State: π’ Resolved
πΉ Disclosed: September 6, 2022, 6:59pm (UTC)
π https://hackerone.com/reports/1326352
πΉ Severity: Critical
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #j4k3d
πΉ State: π’ Resolved
πΉ Disclosed: September 6, 2022, 6:59pm (UTC)
RXSS on βββββββ
π https://hackerone.com/reports/1626962
πΉ Severity: Medium
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #tmz900
πΉ State: π’ Resolved
πΉ Disclosed: September 6, 2022, 7:01pm (UTC)
π https://hackerone.com/reports/1626962
πΉ Severity: Medium
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #tmz900
πΉ State: π’ Resolved
πΉ Disclosed: September 6, 2022, 7:01pm (UTC)
Stored XSS at https://βββββ
π https://hackerone.com/reports/1620247
πΉ Severity: High
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #shanekag
πΉ State: π’ Resolved
πΉ Disclosed: September 6, 2022, 7:04pm (UTC)
π https://hackerone.com/reports/1620247
πΉ Severity: High
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #shanekag
πΉ State: π’ Resolved
πΉ Disclosed: September 6, 2022, 7:04pm (UTC)
ββββββ_log4j - https://ββββββ
π https://hackerone.com/reports/1631364
πΉ Severity: Critical
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #hachimanxienim
πΉ State: π’ Resolved
πΉ Disclosed: September 6, 2022, 7:07pm (UTC)
π https://hackerone.com/reports/1631364
πΉ Severity: Critical
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #hachimanxienim
πΉ State: π’ Resolved
πΉ Disclosed: September 6, 2022, 7:07pm (UTC)
solr_log4j - https://ββββββββββ
π https://hackerone.com/reports/1631370
πΉ Severity: Critical
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #hachimanxienim
πΉ State: π’ Resolved
πΉ Disclosed: September 6, 2022, 7:10pm (UTC)
π https://hackerone.com/reports/1631370
πΉ Severity: Critical
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #hachimanxienim
πΉ State: π’ Resolved
πΉ Disclosed: September 6, 2022, 7:10pm (UTC)
RXSS on βββββββββ
π https://hackerone.com/reports/1627616
πΉ Severity: Medium
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #tmz900
πΉ State: π’ Resolved
πΉ Disclosed: September 6, 2022, 7:12pm (UTC)
π https://hackerone.com/reports/1627616
πΉ Severity: Medium
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #tmz900
πΉ State: π’ Resolved
πΉ Disclosed: September 6, 2022, 7:12pm (UTC)
Reflected cross site scripting in https://βββββββ
π https://hackerone.com/reports/1636345
πΉ Severity: Medium
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #maskedpersian
πΉ State: π’ Resolved
πΉ Disclosed: September 6, 2022, 7:30pm (UTC)
π https://hackerone.com/reports/1636345
πΉ Severity: Medium
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #maskedpersian
πΉ State: π’ Resolved
πΉ Disclosed: September 6, 2022, 7:30pm (UTC)
Reflected Xss in [ββββββ]
π https://hackerone.com/reports/1033253
πΉ Severity: Medium
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #s1m0x1
πΉ State: π’ Resolved
πΉ Disclosed: September 6, 2022, 7:32pm (UTC)
π https://hackerone.com/reports/1033253
πΉ Severity: Medium
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #s1m0x1
πΉ State: π’ Resolved
πΉ Disclosed: September 6, 2022, 7:32pm (UTC)
String length restriction byepass at https://callerfeel.mtnonline.com/profile/feedback.html
π https://hackerone.com/reports/1638347
πΉ Severity: High
πΉ Reported To: MTN Group
πΉ Reported By: #aliyugombe
πΉ State: π’ Resolved
πΉ Disclosed: September 7, 2022, 8:48am (UTC)
π https://hackerone.com/reports/1638347
πΉ Severity: High
πΉ Reported To: MTN Group
πΉ Reported By: #aliyugombe
πΉ State: π’ Resolved
πΉ Disclosed: September 7, 2022, 8:48am (UTC)
π1
Cleartext storage of sensitive information at https://staging.status.ai-apps-comms.ibm.com/env can lead to account takeover of several IBM employees
π https://hackerone.com/reports/1670586
πΉ Severity: Critical
πΉ Reported To: IBM
πΉ Reported By: #zere
πΉ State: π’ Resolved
πΉ Disclosed: September 9, 2022, 3:14pm (UTC)
π https://hackerone.com/reports/1670586
πΉ Severity: Critical
πΉ Reported To: IBM
πΉ Reported By: #zere
πΉ State: π’ Resolved
πΉ Disclosed: September 9, 2022, 3:14pm (UTC)
CVE-2022-21831: Possible code injection vulnerability in Rails / Active Storage
π https://hackerone.com/reports/1652042
πΉ Severity: High | π° 2,000 USD
πΉ Reported To: Internet Bug Bounty
πΉ Reported By: #gquadros_
πΉ State: π’ Resolved
πΉ Disclosed: September 10, 2022, 7:12pm (UTC)
π https://hackerone.com/reports/1652042
πΉ Severity: High | π° 2,000 USD
πΉ Reported To: Internet Bug Bounty
πΉ Reported By: #gquadros_
πΉ State: π’ Resolved
πΉ Disclosed: September 10, 2022, 7:12pm (UTC)
Access to arbitrary file of the Nextcloud Android app from within the Nextcloud Android app
π https://hackerone.com/reports/1408692
πΉ Severity: Low | π° 250 USD
πΉ Reported To: Nextcloud
πΉ Reported By: #luchua
πΉ State: π’ Resolved
πΉ Disclosed: September 11, 2022, 11:41am (UTC)
π https://hackerone.com/reports/1408692
πΉ Severity: Low | π° 250 USD
πΉ Reported To: Nextcloud
πΉ Reported By: #luchua
πΉ State: π’ Resolved
πΉ Disclosed: September 11, 2022, 11:41am (UTC)
Signup with any Email and Enable 2-FA without verifying Email
π https://hackerone.com/reports/1543259
πΉ Severity: Medium | π° 350 USD
πΉ Reported To: Cloudflare Public Bug Bounty
πΉ Reported By: #imtheking
πΉ State: π’ Resolved
πΉ Disclosed: September 12, 2022, 2:15pm (UTC)
π https://hackerone.com/reports/1543259
πΉ Severity: Medium | π° 350 USD
πΉ Reported To: Cloudflare Public Bug Bounty
πΉ Reported By: #imtheking
πΉ State: π’ Resolved
πΉ Disclosed: September 12, 2022, 2:15pm (UTC)