Cross-site scripting on api.collabs.shopify.com
π https://hackerone.com/reports/1672459
πΉ Severity: Medium | π° 1,600 USD
πΉ Reported To: Shopify
πΉ Reported By: #kun_19
πΉ State: π’ Resolved
πΉ Disclosed: October 13, 2022, 6:12pm (UTC)
π https://hackerone.com/reports/1672459
πΉ Severity: Medium | π° 1,600 USD
πΉ Reported To: Shopify
πΉ Reported By: #kun_19
πΉ State: π’ Resolved
πΉ Disclosed: October 13, 2022, 6:12pm (UTC)
XSS seems to work again after change to linkpop at https://linkpop.com/testnaglinagli
π https://hackerone.com/reports/1569940
πΉ Severity: Medium | π° 1,600 USD
πΉ Reported To: Shopify
πΉ Reported By: #nagli
πΉ State: π’ Resolved
πΉ Disclosed: October 13, 2022, 6:22pm (UTC)
π https://hackerone.com/reports/1569940
πΉ Severity: Medium | π° 1,600 USD
πΉ Reported To: Shopify
πΉ Reported By: #nagli
πΉ State: π’ Resolved
πΉ Disclosed: October 13, 2022, 6:22pm (UTC)
Staff can create workflows in Shopify Admin without apps permission
π https://hackerone.com/reports/1521336
πΉ Severity: Medium | π° 1,600 USD
πΉ Reported To: Shopify
πΉ Reported By: #jmp_35p
πΉ State: π’ Resolved
πΉ Disclosed: October 13, 2022, 6:53pm (UTC)
π https://hackerone.com/reports/1521336
πΉ Severity: Medium | π° 1,600 USD
πΉ Reported To: Shopify
πΉ Reported By: #jmp_35p
πΉ State: π’ Resolved
πΉ Disclosed: October 13, 2022, 6:53pm (UTC)
Self XSS in https://linkpop.com/dashboard/admin
π https://hackerone.com/reports/1591403
πΉ Severity: Low | π° 500 USD
πΉ Reported To: Shopify
πΉ Reported By: #hazemhussien99
πΉ State: π’ Resolved
πΉ Disclosed: October 13, 2022, 9:20pm (UTC)
π https://hackerone.com/reports/1591403
πΉ Severity: Low | π° 500 USD
πΉ Reported To: Shopify
πΉ Reported By: #hazemhussien99
πΉ State: π’ Resolved
πΉ Disclosed: October 13, 2022, 9:20pm (UTC)
Account takeover on βββββββ [HtUS]
π https://hackerone.com/reports/1627961
πΉ Severity: High | π° 500 USD
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #nightm4re
πΉ State: π’ Resolved
πΉ Disclosed: October 14, 2022, 1:05pm (UTC)
π https://hackerone.com/reports/1627961
πΉ Severity: High | π° 500 USD
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #nightm4re
πΉ State: π’ Resolved
πΉ Disclosed: October 14, 2022, 1:05pm (UTC)
IDOR leaking PII data via VendorId parameter
π https://hackerone.com/reports/1690044
πΉ Severity: Medium
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #0x1int
πΉ State: π’ Resolved
πΉ Disclosed: October 14, 2022, 1:24pm (UTC)
π https://hackerone.com/reports/1690044
πΉ Severity: Medium
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #0x1int
πΉ State: π’ Resolved
πΉ Disclosed: October 14, 2022, 1:24pm (UTC)
Account Takeover and Information update due to cross site request forgery via POST βββββββββ/registration/my-account.cfm
π https://hackerone.com/reports/1626356
πΉ Severity: Medium
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #snifyak
πΉ State: π’ Resolved
πΉ Disclosed: October 14, 2022, 1:28pm (UTC)
π https://hackerone.com/reports/1626356
πΉ Severity: Medium
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #snifyak
πΉ State: π’ Resolved
πΉ Disclosed: October 14, 2022, 1:28pm (UTC)
Blind SSRF via image upload URL downloader on https://ββββββ/
π https://hackerone.com/reports/1691501
πΉ Severity: High
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #0x1int
πΉ State: π’ Resolved
πΉ Disclosed: October 14, 2022, 1:36pm (UTC)
π https://hackerone.com/reports/1691501
πΉ Severity: High
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #0x1int
πΉ State: π’ Resolved
πΉ Disclosed: October 14, 2022, 1:36pm (UTC)
[HTA2] Receivingββββ access request on @wearehackerone.com email address
π https://hackerone.com/reports/715740
πΉ Severity: Medium | π° 750 USD
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #jr0ch17
πΉ State: π’ Resolved
πΉ Disclosed: October 14, 2022, 1:41pm (UTC)
π https://hackerone.com/reports/715740
πΉ Severity: Medium | π° 750 USD
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #jr0ch17
πΉ State: π’ Resolved
πΉ Disclosed: October 14, 2022, 1:41pm (UTC)
[hta3] Chain of ESI Injection & Reflected XSS leading to Account Takeover on [βββ]
π https://hackerone.com/reports/1073780
πΉ Severity: High | π° 750 USD
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #jr0ch17
πΉ State: π’ Resolved
πΉ Disclosed: October 14, 2022, 1:44pm (UTC)
π https://hackerone.com/reports/1073780
πΉ Severity: High | π° 750 USD
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #jr0ch17
πΉ State: π’ Resolved
πΉ Disclosed: October 14, 2022, 1:44pm (UTC)
Local file read at https://ββββ/ [HtUS]
π https://hackerone.com/reports/1626210
πΉ Severity: Critical | π° 1,000 USD
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #sudi
πΉ State: π’ Resolved
πΉ Disclosed: October 14, 2022, 1:51pm (UTC)
π https://hackerone.com/reports/1626210
πΉ Severity: Critical | π° 1,000 USD
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #sudi
πΉ State: π’ Resolved
πΉ Disclosed: October 14, 2022, 1:51pm (UTC)
Broken access discloses users and PII at https://βββββββ [HtUS]
π https://hackerone.com/reports/1624374
πΉ Severity: High
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #g4mb4
πΉ State: π’ Resolved
πΉ Disclosed: October 14, 2022, 1:53pm (UTC)
π https://hackerone.com/reports/1624374
πΉ Severity: High
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #g4mb4
πΉ State: π’ Resolved
πΉ Disclosed: October 14, 2022, 1:53pm (UTC)
Found Origin IP's Lead To Access ββββ
π https://hackerone.com/reports/1556808
πΉ Severity: Low
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #ibrahim0936356
πΉ State: π’ Resolved
πΉ Disclosed: October 14, 2022, 2:28pm (UTC)
π https://hackerone.com/reports/1556808
πΉ Severity: Low
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #ibrahim0936356
πΉ State: π’ Resolved
πΉ Disclosed: October 14, 2022, 2:28pm (UTC)
Subdomain Takeover at https://ββ.get8x8.com/
π https://hackerone.com/reports/1697402
πΉ Severity: Medium
πΉ Reported To: 8x8
πΉ Reported By: #testingforbugs
πΉ State: π’ Resolved
πΉ Disclosed: October 14, 2022, 3:05pm (UTC)
π https://hackerone.com/reports/1697402
πΉ Severity: Medium
πΉ Reported To: 8x8
πΉ Reported By: #testingforbugs
πΉ State: π’ Resolved
πΉ Disclosed: October 14, 2022, 3:05pm (UTC)
SSRF to read AWS metaData at https://βββββ/ [HtUS]
π https://hackerone.com/reports/1624140
πΉ Severity: Critical | π° 1,000 USD
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #720922
πΉ State: π’ Resolved
πΉ Disclosed: October 14, 2022, 3:12pm (UTC)
π https://hackerone.com/reports/1624140
πΉ Severity: Critical | π° 1,000 USD
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #720922
πΉ State: π’ Resolved
πΉ Disclosed: October 14, 2022, 3:12pm (UTC)
π1
Authentication bypass leads to Information Disclosure at U.S Air Force "https://βββ"
π https://hackerone.com/reports/1690548
πΉ Severity: High
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #ludv1k
πΉ State: π’ Resolved
πΉ Disclosed: October 14, 2022, 5:01pm (UTC)
π https://hackerone.com/reports/1690548
πΉ Severity: High
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #ludv1k
πΉ State: π’ Resolved
πΉ Disclosed: October 14, 2022, 5:01pm (UTC)
Unauthenticated PII leak on verified/requested to be verified profiles on βββββββ/app/org/{id}/profile/{id}/version/{id} [HtUS]
π https://hackerone.com/reports/1627962
πΉ Severity: Medium
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #shreky
πΉ State: π’ Resolved
πΉ Disclosed: October 14, 2022, 5:04pm (UTC)
π https://hackerone.com/reports/1627962
πΉ Severity: Medium
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #shreky
πΉ State: π’ Resolved
πΉ Disclosed: October 14, 2022, 5:04pm (UTC)
.git folder exposed [HtUS]
π https://hackerone.com/reports/1624157
πΉ Severity: Critical
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #sudi
πΉ State: π€ Duplicate
πΉ Disclosed: October 14, 2022, 5:44pm (UTC)
π https://hackerone.com/reports/1624157
πΉ Severity: Critical
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #sudi
πΉ State: π€ Duplicate
πΉ Disclosed: October 14, 2022, 5:44pm (UTC)
Unauthenticated SQL Injection at βββββββββ [HtUS]
π https://hackerone.com/reports/1626226
πΉ Severity: Critical | π° 1,000 USD
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #0xd0ff9
πΉ State: π’ Resolved
πΉ Disclosed: October 14, 2022, 5:54pm (UTC)
π https://hackerone.com/reports/1626226
πΉ Severity: Critical | π° 1,000 USD
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #0xd0ff9
πΉ State: π’ Resolved
πΉ Disclosed: October 14, 2022, 5:54pm (UTC)
Host Header Injection on https://βββ/ββββββββ/Account/ForgotPassword
π https://hackerone.com/reports/1679969
πΉ Severity: Medium
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #0x1int
πΉ State: π’ Resolved
πΉ Disclosed: October 14, 2022, 6:03pm (UTC)
π https://hackerone.com/reports/1679969
πΉ Severity: Medium
πΉ Reported To: U.S. Dept Of Defense
πΉ Reported By: #0x1int
πΉ State: π’ Resolved
πΉ Disclosed: October 14, 2022, 6:03pm (UTC)
Otp bypass in verifying nin
π https://hackerone.com/reports/1314172
πΉ Severity: High
πΉ Reported To: MTN Group
πΉ Reported By: #mr_sparrow
πΉ State: π’ Resolved
πΉ Disclosed: October 17, 2022, 6:27am (UTC)
π https://hackerone.com/reports/1314172
πΉ Severity: High
πΉ Reported To: MTN Group
πΉ Reported By: #mr_sparrow
πΉ State: π’ Resolved
πΉ Disclosed: October 17, 2022, 6:27am (UTC)