Bugpoint – Telegram

Bugpoint

1.05K subscribers

3.73K photos

3.73K links

Latest updates about disclosure bug bounty reports: tech details, impacts, bounties 📣

Rate👇
https://cutt.ly/bugpoint_rate
Feedback👇
https://cutt.ly/bugpoint_feedback

#️⃣ bug bounty disclosed reports
#️⃣ bug bounty write-ups
#️⃣ bug bounty teleg

Download Telegram

About

Blog

Apps

Platform

1.05K subscribers

Account takeover on ███████ [HtUS]

👉 https://hackerone.com/reports/1627961

🔹 Severity: High | 💰 500 USD
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #nightm4re
🔹 State: 🟢 Resolved
🔹 Disclosed: October 14, 2022, 1:05pm (UTC)

180 views06:33

IDOR leaking PII data via VendorId parameter

👉 https://hackerone.com/reports/1690044

🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #0x1int
🔹 State: 🟢 Resolved
🔹 Disclosed: October 14, 2022, 1:24pm (UTC)

184 views06:33

Account Takeover and Information update due to cross site request forgery via POST █████████/registration/my-account.cfm

👉 https://hackerone.com/reports/1626356

🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #snifyak
🔹 State: 🟢 Resolved
🔹 Disclosed: October 14, 2022, 1:28pm (UTC)

207 views06:33

Blind SSRF via image upload URL downloader on https://██████/

👉 https://hackerone.com/reports/1691501

🔹 Severity: High
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #0x1int
🔹 State: 🟢 Resolved
🔹 Disclosed: October 14, 2022, 1:36pm (UTC)

212 views06:34

[HTA2] Receiving████ access request on @wearehackerone.com email address

👉 https://hackerone.com/reports/715740

🔹 Severity: Medium | 💰 750 USD
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #jr0ch17
🔹 State: 🟢 Resolved
🔹 Disclosed: October 14, 2022, 1:41pm (UTC)

215 views07:19

[hta3] Chain of ESI Injection & Reflected XSS leading to Account Takeover on [███]

👉 https://hackerone.com/reports/1073780

🔹 Severity: High | 💰 750 USD
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #jr0ch17
🔹 State: 🟢 Resolved
🔹 Disclosed: October 14, 2022, 1:44pm (UTC)

243 views07:19

Local file read at https://████/ [HtUS]

👉 https://hackerone.com/reports/1626210

🔹 Severity: Critical | 💰 1,000 USD
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #sudi
🔹 State: 🟢 Resolved
🔹 Disclosed: October 14, 2022, 1:51pm (UTC)

276 views07:19

Broken access discloses users and PII at https://███████ [HtUS]

👉 https://hackerone.com/reports/1624374

🔹 Severity: High
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #g4mb4
🔹 State: 🟢 Resolved
🔹 Disclosed: October 14, 2022, 1:53pm (UTC)

341 views07:19

Found Origin IP's Lead To Access ████

👉 https://hackerone.com/reports/1556808

🔹 Severity: Low
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #ibrahim0936356
🔹 State: 🟢 Resolved
🔹 Disclosed: October 14, 2022, 2:28pm (UTC)

365 views07:19

Subdomain Takeover at https://██.get8x8.com/

👉 https://hackerone.com/reports/1697402

🔹 Severity: Medium
🔹 Reported To: 8x8
🔹 Reported By: #testingforbugs
🔹 State: 🟢 Resolved
🔹 Disclosed: October 14, 2022, 3:05pm (UTC)

344 views20:27

SSRF to read AWS metaData at https://█████/ [HtUS]

👉 https://hackerone.com/reports/1624140

🔹 Severity: Critical | 💰 1,000 USD
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #720922
🔹 State: 🟢 Resolved
🔹 Disclosed: October 14, 2022, 3:12pm (UTC)

👍1

385 views20:27

Authentication bypass leads to Information Disclosure at U.S Air Force "https://███"

👉 https://hackerone.com/reports/1690548

🔹 Severity: High
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #ludv1k
🔹 State: 🟢 Resolved
🔹 Disclosed: October 14, 2022, 5:01pm (UTC)

243 views18:09

Unauthenticated PII leak on verified/requested to be verified profiles on ███████/app/org/{id}/profile/{id}/version/{id} [HtUS]

👉 https://hackerone.com/reports/1627962

🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #shreky
🔹 State: 🟢 Resolved
🔹 Disclosed: October 14, 2022, 5:04pm (UTC)

219 views18:10

.git folder exposed [HtUS]

👉 https://hackerone.com/reports/1624157

🔹 Severity: Critical
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #sudi
🔹 State: 🟤 Duplicate
🔹 Disclosed: October 14, 2022, 5:44pm (UTC)

150 views18:10

Unauthenticated SQL Injection at █████████ [HtUS]

👉 https://hackerone.com/reports/1626226

🔹 Severity: Critical | 💰 1,000 USD
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #0xd0ff9
🔹 State: 🟢 Resolved
🔹 Disclosed: October 14, 2022, 5:54pm (UTC)

154 views18:10

Host Header Injection on https://███/████████/Account/ForgotPassword

👉 https://hackerone.com/reports/1679969

🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #0x1int
🔹 State: 🟢 Resolved
🔹 Disclosed: October 14, 2022, 6:03pm (UTC)

146 views18:11

Otp bypass in verifying nin

👉 https://hackerone.com/reports/1314172

🔹 Severity: High
🔹 Reported To: MTN Group
🔹 Reported By: #mr_sparrow
🔹 State: 🟢 Resolved
🔹 Disclosed: October 17, 2022, 6:27am (UTC)

146 views18:11

XSS in www.shopify.com/markets?utm_source=

👉 https://hackerone.com/reports/1699762

🔹 Severity: No Rating | 💰 500 USD
🔹 Reported To: Shopify
🔹 Reported By: #noblesix
🔹 State: 🟢 Resolved
🔹 Disclosed: October 18, 2022, 7:14am (UTC)

136 views18:11

CVE-2017-5929: Hyperledger - Arbitrary Deserialization of Untrusted Data

👉 https://hackerone.com/reports/1739099

🔹 Severity: No Rating
🔹 Reported To: Hyperledger
🔹 Reported By: #mik-patient
🔹 State: 🟢 Resolved
🔹 Disclosed: October 18, 2022, 3:36pm (UTC)

134 views18:12

TikTok Account Creation Date Information Disclosure

👉 https://hackerone.com/reports/1562020

🔹 Severity: Low | 💰 100 USD
🔹 Reported To: TikTok
🔹 Reported By: #f15
🔹 State: 🟢 Resolved
🔹 Disclosed: October 18, 2022, 8:50pm (UTC)

127 views18:12

Access to private file's of helpdesk.

👉 https://hackerone.com/reports/804534

🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Lark Technologies
🔹 Reported By: #imran_nisar
🔹 State: 🟢 Resolved
🔹 Disclosed: October 18, 2022, 9:05pm (UTC)

123 views18:13