Bugpoint
@bugpoint
1.03K subscribers
3.73K photos
3.73K links
Latest updates about disclosure bug bounty reports: tech details, impacts, bounties πŸ“£

RateπŸ‘‡
https://cutt.ly/bugpoint_rate
FeedbackπŸ‘‡
https://cutt.ly/bugpoint_feedback

#️⃣ bug bounty disclosed reports
#️⃣ bug bounty write-ups
#️⃣ bug bounty teleg
Download Telegram
About
Blog
Apps
Platform
Join
Bugpoint
1.03K subscribers
Bugpoint
Public Postman Api Collection Leaks Internal access to https://assets-paris-dev.codefi.network/

πŸ‘‰ https://hackerone.com/reports/1523651

πŸ”Ή Severity: Medium | πŸ’° 500 USD
πŸ”Ή Reported To: Consensys
πŸ”Ή Reported By: #polem4rch
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: May 14, 2022, 1:44pm (UTC)
305 views
Bugpoint
Disclose customer orders details by shopify chat application.

πŸ‘‰ https://hackerone.com/reports/968165

πŸ”Ή Severity: Medium | πŸ’° 2,500 USD
πŸ”Ή Reported To: Shopify
πŸ”Ή Reported By: #zambo
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: May 14, 2022, 2:33pm (UTC)
312 views
Bugpoint
Disclose STUFF member name and make actions.

πŸ‘‰ https://hackerone.com/reports/968174

πŸ”Ή Severity: No Rating | πŸ’° 500 USD
πŸ”Ή Reported To: Shopify
πŸ”Ή Reported By: #zambo
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: May 14, 2022, 2:34pm (UTC)
332 views
Bugpoint
Credential leak on redirect

πŸ‘‰ https://hackerone.com/reports/1568175

πŸ”Ή Severity: Medium
πŸ”Ή Reported To: curl
πŸ”Ή Reported By: #iylz
πŸ”Ή State: πŸ”΄ N/A
πŸ”Ή Disclosed: May 14, 2022, 4:06pm (UTC)
340 views
Bugpoint
Origin IP found, WAF Cloudflare Bypass

πŸ‘‰ https://hackerone.com/reports/1536299

πŸ”Ή Severity: Low | πŸ’° 100 USD
πŸ”Ή Reported To: SMTP2GO BBP
πŸ”Ή Reported By: #mrrobot2050
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: May 15, 2022, 10:20am (UTC)
352 views
Bugpoint
HTTP Request Smuggling in Transform Rules using hexadecimal escape sequences in the concat() function

πŸ‘‰ https://hackerone.com/reports/1478633

πŸ”Ή Severity: Critical | πŸ’° 6,000 USD
πŸ”Ή Reported To: Cloudflare Public Bug Bounty
πŸ”Ή Reported By: #albertspedersen
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: May 16, 2022, 8:57am (UTC)
328 views
Bugpoint
CVE-2022-27781: CERTINFO never-ending busy-loop

πŸ‘‰ https://hackerone.com/reports/1555441

πŸ”Ή Severity: Low
πŸ”Ή Reported To: curl
πŸ”Ή Reported By: #sybr
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: May 16, 2022, 9:01am (UTC)
322 views
Bugpoint
Security misconfiguration

πŸ‘‰ https://hackerone.com/reports/1486327

πŸ”Ή Severity: High
πŸ”Ή Reported To: lemlist
πŸ”Ή Reported By: #mr23r0
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: May 16, 2022, 9:41am (UTC)
322 views
Bugpoint
Site information's Display Name section vulnerable for XSS attacks and HTML Injections.

πŸ‘‰ https://hackerone.com/reports/1554888

πŸ”Ή Severity: Low | πŸ’° 150 USD
πŸ”Ή Reported To: Automattic
πŸ”Ή Reported By: #sawrav-chowdhury
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: May 16, 2022, 1:59pm (UTC)
333 views
Bugpoint
Privilege Escalation on TikTok for Business

πŸ‘‰ https://hackerone.com/reports/1505567

πŸ”Ή Severity: Medium | πŸ’° 2,500 USD
πŸ”Ή Reported To: TikTok
πŸ”Ή Reported By: #naaash
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: May 16, 2022, 8:06pm (UTC)
πŸ‘1
342 views
Bugpoint
[app.lemlist.com] Improper handling of payment lead to bypass payment

πŸ‘‰ https://hackerone.com/reports/1420697

πŸ”Ή Severity: High
πŸ”Ή Reported To: lemlist
πŸ”Ή Reported By: #omarelfarsaoui
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: May 17, 2022, 8:54am (UTC)
330 views
Bugpoint
Integer overflow vulnerability

πŸ‘‰ https://hackerone.com/reports/1562515

πŸ”Ή Severity: Critical
πŸ”Ή Reported To: Glovo
πŸ”Ή Reported By: #0f1c3r
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: May 17, 2022, 1:46pm (UTC)
340 views
Bugpoint
Conduit feed.publish API allows you to spoof other users or make it look like you have access to a restricted object

πŸ‘‰ https://hackerone.com/reports/1566325

πŸ”Ή Severity: No Rating | πŸ’° 300 USD
πŸ”Ή Reported To: Phabricator
πŸ”Ή Reported By: #dyls
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: May 18, 2022, 12:14pm (UTC)
334 views
Bugpoint
Bypass global deny-lists by wrapping domains using "[]" in https://github.com/stripe/smokescreen

πŸ‘‰ https://hackerone.com/reports/1528242

πŸ”Ή Severity: Low | πŸ’° 500 USD
πŸ”Ή Reported To: Stripe
πŸ”Ή Reported By: #haxatron1
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: May 18, 2022, 6:59pm (UTC)
341 views
Bugpoint
XSS and iframe injection on tiktok ads portal using redirect params

πŸ‘‰ https://hackerone.com/reports/1514554

πŸ”Ή Severity: Medium | πŸ’° 1,000 USD
πŸ”Ή Reported To: TikTok
πŸ”Ή Reported By: #cancerz
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: May 19, 2022, 2:49am (UTC)
352 views
Bugpoint
Email html Injection

πŸ‘‰ https://hackerone.com/reports/1461194

πŸ”Ή Severity: Low | πŸ’° 250 USD
πŸ”Ή Reported To: Slack
πŸ”Ή Reported By: #smitgharat0001
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: May 19, 2022, 1:03pm (UTC)
πŸ‘2
361 views
Bugpoint
Stored XSS in repository file viewer

πŸ‘‰ https://hackerone.com/reports/1072868

πŸ”Ή Severity: Medium | πŸ’° 2,000 USD
πŸ”Ή Reported To: GitLab
πŸ”Ή Reported By: #kannthu
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: May 19, 2022, 3:19pm (UTC)
344 views
Bugpoint
8x8pilot.com: Reflected XSS in Apache Tomcat /jsp-examples example directory

πŸ‘‰ https://hackerone.com/reports/1400357

πŸ”Ή Severity: Medium
πŸ”Ή Reported To: 8x8
πŸ”Ή Reported By: #huntinex
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: May 19, 2022, 5:01pm (UTC)
334 views
Bugpoint
Sensitive files/ data exists post deletion of user account

πŸ‘‰ https://hackerone.com/reports/1222873

πŸ”Ή Severity: Low | πŸ’° 150 USD
πŸ”Ή Reported To: Nextcloud
πŸ”Ή Reported By: #geekysherlock
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: May 20, 2022, 9:25am (UTC)
πŸ‘2
319 views
Bugpoint
Nextcloud Deck : Possibility for anyone to add a stack with existing tasks on anyone's board

πŸ‘‰ https://hackerone.com/reports/1450117

πŸ”Ή Severity: Medium | πŸ’° 250 USD
πŸ”Ή Reported To: Nextcloud
πŸ”Ή Reported By: #supr4s
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: May 20, 2022, 10:37am (UTC)
330 views