Bugpoint – Telegram

Bugpoint

1.05K subscribers

3.73K photos

3.73K links

Latest updates about disclosure bug bounty reports: tech details, impacts, bounties 📣

Rate👇
https://cutt.ly/bugpoint_rate
Feedback👇
https://cutt.ly/bugpoint_feedback

#️⃣ bug bounty disclosed reports
#️⃣ bug bounty write-ups
#️⃣ bug bounty teleg

Download Telegram

About

Blog

Apps

Platform

1.05K subscribers

Host Header Injection Attack - www.xnxx.com

👉 https://hackerone.com/reports/1630073

🔹 Severity: No Rating
🔹 Reported To: XVIDEOS
🔹 Reported By: #cyber_anon
🔹 State: ⚪️ Informative
🔹 Disclosed: November 8, 2022, 7:25pm (UTC)

127 views18:41

api keys leaked

👉 https://hackerone.com/reports/1762927

🔹 Severity: Medium
🔹 Reported To: Reddit
🔹 Reported By: #saibalajis6
🔹 State: ⚪️ Informative
🔹 Disclosed: November 10, 2022, 2:40pm (UTC)

128 views18:41

sensitive data exposure

👉 https://hackerone.com/reports/1716249

🔹 Severity: High
🔹 Reported To: Reddit
🔹 Reported By: #saibalajis6
🔹 State: 🔴 N/A
🔹 Disclosed: November 10, 2022, 2:41pm (UTC)

106 views18:41

Business Suite "Get Leads" Resulting in Revealing User Email & Phone

👉 https://hackerone.com/reports/1744194

🔹 Severity: High | 💰 5,500 USD
🔹 Reported To: TikTok
🔹 Reported By: #datph4m
🔹 State: 🟢 Resolved
🔹 Disclosed: November 10, 2022, 11:41pm (UTC)

99 views18:41

Subdomain Takeover on delivey.yelp.com

👉 https://hackerone.com/reports/1715538

🔹 Severity: Low
🔹 Reported To: Yelp
🔹 Reported By: #racersaravanaa05
🔹 State: 🔴 N/A
🔹 Disclosed: November 12, 2022, 3:49pm (UTC)

95 views18:41

Subdomain takeover at https://test.www.midigator.com

👉 https://hackerone.com/reports/1718371

🔹 Severity: High
🔹 Reported To: Equifax
🔹 Reported By: #valluvarsploit_h1
🔹 State: 🟢 Resolved
🔹 Disclosed: November 12, 2022, 4:05pm (UTC)

95 views18:41

Admin can create a hidden admin account which even the owner can not detect and remove and do administrative actions on the application.

👉 https://hackerone.com/reports/1596663

🔹 Severity: High | 💰 5,000 USD
🔹 Reported To: Reddit
🔹 Reported By: #41bin
🔹 State: 🟢 Resolved
🔹 Disclosed: November 14, 2022, 4:34am (UTC)

110 views18:41

Open redirect at mc-beta-cloud-acronis.com

👉 https://hackerone.com/reports/846389

🔹 Severity: No Rating
🔹 Reported To: Acronis
🔹 Reported By: #angeltsvetkov
🔹 State: 🟢 Resolved
🔹 Disclosed: November 15, 2022, 9:49am (UTC)

106 views18:41

New /add_contacts /remove_contacts quick commands susseptible to XSS from Customer Contact firstname/lastname fields

👉 https://hackerone.com/reports/1578400

🔹 Severity: High | 💰 13,950 USD
🔹 Reported To: GitLab
🔹 Reported By: #cryptopone
🔹 State: 🟢 Resolved
🔹 Disclosed: November 16, 2022, 1:07am (UTC)

100 views18:41

XSS: `v-safe-html` is not safe enough

👉 https://hackerone.com/reports/1579645

🔹 Severity: High | 💰 6,580 USD
🔹 Reported To: GitLab
🔹 Reported By: #yvvdwf
🔹 State: 🟢 Resolved
🔹 Disclosed: November 16, 2022, 1:08am (UTC)

99 views18:41

CSP-bypass XSS in project settings page

👉 https://hackerone.com/reports/1588732

🔹 Severity: High | 💰 10,270 USD
🔹 Reported To: GitLab
🔹 Reported By: #yvvdwf
🔹 State: 🟢 Resolved
🔹 Disclosed: November 16, 2022, 1:08am (UTC)

113 views18:41

RCE via github import

👉 https://hackerone.com/reports/1672388

🔹 Severity: Critical | 💰 33,510 USD
🔹 Reported To: GitLab
🔹 Reported By: #yvvdwf
🔹 State: 🟢 Resolved
🔹 Disclosed: November 16, 2022, 1:10am (UTC)

118 views18:42

Ability to bypass locked Cloudflare WARP on wifi networks.

👉 https://hackerone.com/reports/1635748

🔹 Severity: High | 💰 1,000 USD
🔹 Reported To: Cloudflare Public Bug Bounty
🔹 Reported By: #joshatmotion
🔹 State: 🟢 Resolved
🔹 Disclosed: November 16, 2022, 8:59am (UTC)

125 views18:42

[Git Gud] GitHub.com Svnbridge memcached deserialization vulnerability chain leading to Remote Code Execution

👉 https://hackerone.com/reports/1593913

🔹 Severity: Medium | 💰 17,500 USD
🔹 Reported To: GitHub
🔹 Reported By: #ajxchapman
🔹 State: 🟢 Resolved
🔹 Disclosed: November 16, 2022, 9:22pm (UTC)

137 views18:42

CSRF in AppSearch allows creation of "curations"

👉 https://hackerone.com/reports/1477050

🔹 Severity: Medium | 💰 833 USD
🔹 Reported To: Elastic
🔹 Reported By: #dee-see
🔹 State: 🟢 Resolved
🔹 Disclosed: November 17, 2022, 1:26pm (UTC)

125 views18:42

Directory Listing at https://█.█.█.█

👉 https://hackerone.com/reports/1771051

🔹 Severity: Low
🔹 Reported To: 8x8
🔹 Reported By: #shuvam321
🔹 State: 🟢 Resolved
🔹 Disclosed: November 18, 2022, 1:49am (UTC)

136 views18:42

Default password on 34.120.209.175

👉 https://hackerone.com/reports/1415241

🔹 Severity: Medium | 💰 245 USD
🔹 Reported To: Elastic
🔹 Reported By: #newspaper
🔹 State: 🟢 Resolved
🔹 Disclosed: November 18, 2022, 8:14am (UTC)

127 views18:42

LOGJ4 VUlnerability [HtUS]

👉 https://hackerone.com/reports/1624137

🔹 Severity: Critical | 💰 1,000 USD
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #fklet
🔹 State: 🟢 Resolved
🔹 Disclosed: November 18, 2022, 6:07pm (UTC)

123 views18:42

Reflected XSS | https://████████

👉 https://hackerone.com/reports/1736433

🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #x3ph_
🔹 State: 🟢 Resolved
🔹 Disclosed: November 18, 2022, 6:33pm (UTC)

140 views18:42

Reflected XSS | https://████

👉 https://hackerone.com/reports/1736432

🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #x3ph_
🔹 State: 🟢 Resolved
🔹 Disclosed: November 18, 2022, 6:34pm (UTC)

151 views18:42

IDOR on ███████ [HtUS]

👉 https://hackerone.com/reports/1627974

🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #nightm4re
🔹 State: 🟢 Resolved
🔹 Disclosed: November 18, 2022, 6:36pm (UTC)

164 views18:42