Bug Bounty Channel
@bug_bounty_channel
16.1K subscribers
2 photos
10.9K links
All bug bounties here.
Download Telegram
About
Blog
Apps
Platform
Join
Bug Bounty Channel
16.1K subscribers
Bug Bounty Channel
Hacktivity from geeknik 
 
SMTP user enumeration via mail.zendesk.com

https://hackerone.com/reports/193314
Disclosed at: 2019-10-25 20:04:13 UTC+0
Created at: 2016-12-22 08:40:44 UTC+0
HackerOne
Zendesk disclosed on HackerOne: SMTP user enumeration via...
Around three years ago, @geeknik found the `VRFY` method was enabled at `mail.zendesk.com` allowing for user enumeration.
1.1K views
Bug Bounty Channel
Hacktivity from fr0nk 
 
no captcha for register user and weak question attacker can spam email

https://hackerone.com/reports/236398
Disclosed at: 2019-10-26 07:37:59 UTC+0
Created at: 2017-06-04 10:01:49 UTC+0
HackerOne
Weblate disclosed on HackerOne: no captcha for register user and...
hi
in https://demo.weblate.org/accounts/register/ attacker can register with same email and if didnt click on confirm link attacker can make request with infinite loop

so attacker can spam another...
1.4K views
Bug Bounty Channel
Hacktivity from secator 
 
[XSS] postMessage в jsapi/button

https://hackerone.com/reports/503707
Disclosed at: 2019-10-28 10:42:03 UTC+0
Created at: 2019-03-01 10:38:53 UTC+0
HackerOne
Mail.ru disclosed on HackerOne: [XSS] postMessage в jsapi/button
XSS via postMessage handler in o2.mail.ru
1.2K views
Bug Bounty Channel
Hacktivity from nitrozeus 
 
Referer issue in Kartpay.com

https://hackerone.com/reports/683925
Disclosed at: 2019-10-28 11:58:41 UTC+0
Created at: 2019-08-28 16:48:14 UTC+0
HackerOne
Kartpay disclosed on HackerOne: Referer issue in Kartpay.com
on https://Kartpay.com. The Issue of Referer was Fixed earlier before reporting this issue again but on finding the root cause it was found that the Code is perfect but the Sequence of code /...
1.2K views
Bug Bounty Channel
Hacktivity from smalien 
 
Unauthenticated access to sensitive user information

https://hackerone.com/reports/702677
Disclosed at: 2019-10-29 04:02:50 UTC+0
Created at: 2019-09-27 01:14:51 UTC+0
882 views
Bug Bounty Channel
Hacktivity from badcode_ 
 
OS Command Injection in Nexus Repository Manager 2.x(bypass CVE-2019-5475)

https://hackerone.com/reports/688270
Disclosed at: 2019-10-29 11:03:48 UTC+0
Created at: 2019-09-05 03:25:50 UTC+0
HackerOne
Central Security Project disclosed on HackerOne: OS Command...
https://support.sonatype.com/hc/en-us/articles/360033490774-CVE-2019-5475-Nexus-Repository-Manager-2-OS-Command-Injection-2019-08-09
811 views
Bug Bounty Channel
Hacktivity from maxarr 
 
touch.mail.ru / e.mail.ru memory content disclosure

https://hackerone.com/reports/513236
Disclosed at: 2019-10-30 14:04:37 UTC+0
Created at: 2019-03-21 16:53:16 UTC+0
HackerOne
Mail.ru disclosed on HackerOne: touch.mail.ru / e.mail.ru memory...
An invalid handling of NUL byte in API request led to disclosure of HTTP server memory region.

The root cause of this bug is tracked to nginx+openresty. An advisory is below:

**Insecure...
608 views
Bug Bounty Channel
Hacktivity from hland 
 
Unrestricted File Upload Leading to Remote Code Execution

https://hackerone.com/reports/683965
Disclosed at: 2019-10-30 20:05:22 UTC+0
Created at: 2019-08-28 18:42:12 UTC+0
HackerOne
Central Security Project disclosed on HackerOne: Unrestricted File...
https://support.sonatype.com/hc/en-us/articles/360035055794-CVE-2019-15893-Nexus-Repository-Manager-2-Remote-Code-Execution-2019-09-03
501 views
Bug Bounty Channel
Hacktivity from z0idex 
 
Open Redirect in the Path of vendhq.com

https://hackerone.com/reports/692154
Disclosed at: 2019-10-31 00:23:42 UTC+0
Created at: 2019-09-11 05:17:31 UTC+0
HackerOne
Vend VDP disclosed on HackerOne: Open Redirect in the Path of...
**Summary:**
There is an open redirection vulnerability in the path of
```
https://www.vendhq.com/
```

**Description:**
An attacker can redirect anyone to malicious sites.

## Steps To...
490 views
Bug Bounty Channel
Hacktivity from orlserg 
 
Lack of CSRF header validation at https://g-mail.grammarly.com/profile

https://hackerone.com/reports/629892
Disclosed at: 2019-10-31 03:57:12 UTC+0
Created at: 2019-06-26 08:34:39 UTC+0
HackerOne
Grammarly disclosed on HackerOne: Lack of CSRF header validation at...
Hello!

## Description
I found that setting up a CORS in some places will check the protocol, but it allows using http scheme. In addition, any subdomain is considered trusted. If the origin is...
473 views
Bug Bounty Channel
Hacktivity from fms 
 
imagescale out-of-bounds read

https://hackerone.com/reports/141202
Disclosed at: 2019-10-31 06:15:50 UTC+0
Created at: 2016-05-26 14:35:56 UTC+0
HackerOne
PHP (IBB) disclosed on HackerOne: imagescale out-of-bounds read
https://bugs.php.net/bug.php?id=72227

Invalid memory access while applying bicubic scaling on images.

```
Reading symbols from /home/user/php-7.0/sapi/cli/php...done.
(gdb) b...
419 views
Bug Bounty Channel
Hacktivity from fms 
 
Illegal write/read access caused by gdImageAALine overflow

https://hackerone.com/reports/182420
Disclosed at: 2019-10-31 06:16:01 UTC+0
Created at: 2016-11-16 02:24:22 UTC+0
HackerOne
PHP (IBB) disclosed on HackerOne: Illegal write/read access caused...
Upstream Bug
---
https://bugs.php.net/bug.php?id=72482

Summary
---
Ilegal write/read access at gdImageSetAAPixelColor caused by gdImageAALine overflow.
gdImageAALine tries to clip the limit values...
394 views
Bug Bounty Channel
Hacktivity from fms 
 
imap_rfc822_parse_headers GS Violation

https://hackerone.com/reports/170260
Disclosed at: 2019-10-31 06:16:25 UTC+0
Created at: 2016-09-18 18:04:04 UTC+0
HackerOne
PHP (IBB) disclosed on HackerOne: imap_rfc822_parse_headers GS...
Upstream issue
----
https://bugs.php.net/bug.php?id=72968

Description
-----
Exception when processing a long header string causes GS violation on Windows platform.

```
0:000:x86> r;!exploitable...
375 views
Bug Bounty Channel
Hacktivity from fms 
 
select_colors write out-of-bounds

https://hackerone.com/reports/161189
Disclosed at: 2019-10-31 06:16:34 UTC+0
Created at: 2016-08-19 02:49:28 UTC+0
HackerOne
PHP (IBB) disclosed on HackerOne: select_colors write out-of-bounds
Upstream Bug
---
2016-07-28 06:38 UTC
https://bugs.php.net/bug.php?id=72697

Summary
--
Type mismatch parameters between ncolors and colorsWanted parameters at zif_imagetruecolortopalette and...
331 views
Bug Bounty Channel
Hacktivity from fms 
 
gdImageTrueColorToPaletteBody allows arbitrary write/read access

https://hackerone.com/reports/153776
Disclosed at: 2019-10-31 06:16:54 UTC+0
Created at: 2016-07-25 18:46:54 UTC+0
HackerOne
PHP (IBB) disclosed on HackerOne: gdImageTrueColorToPaletteBody...
Upstream bug report
================
2016-06-29 04:03 UTC
https://bugs.php.net/bug.php?id=72512


Patch
=====
2016-07-19 07:47...
321 views
Bug Bounty Channel
Hacktivity from fms 
 
pass2_no_dither out-of-bounds access

https://hackerone.com/reports/146940
Disclosed at: 2019-10-31 06:17:13 UTC+0
Created at: 2016-06-24 04:14:05 UTC+0
HackerOne
PHP (IBB) disclosed on HackerOne: pass2_no_dither out-of-bounds access
Bug:
https://bugs.php.net/bug.php?id=72298

Reported on 2016-05-31

Patch:
http://git.php.net/?p=php-src.git;a=commit;h=e9ac8954be9f7d988189df44578d759ffdea3512

Fixed for PHP 5.5.37 (security...
322 views
Bug Bounty Channel
Hacktivity from fms 
 
wddx_deserialize null dereference

https://hackerone.com/reports/161216
Disclosed at: 2019-10-31 06:17:34 UTC+0
Created at: 2016-08-19 03:57:00 UTC+0
HackerOne
PHP (IBB) disclosed on HackerOne: wddx_deserialize null dereference
Upstream Bug
---
https://bugs.php.net/bug.php?id=72750

Summary
--
When wddx deserialize tries to parse an invalid base64 binary value, php_base64_decode return NULL. The return value is not...
298 views
Bug Bounty Channel
Hacktivity from fms 
 
wddx_deserialize allows illegal memory access

https://hackerone.com/reports/161200
Disclosed at: 2019-10-31 06:21:13 UTC+0
Created at: 2016-08-19 03:13:05 UTC+0
HackerOne
PHP (IBB) disclosed on HackerOne: wddx_deserialize allows illegal...
Upstream Bug
---
2016-08-03 18:36 UTC
https://bugs.php.net/bug.php?id=72749

Summary
--
wddx_deserialize allows to unserialize a WDDX packet that usually comes from external input, while...
290 views
Bug Bounty Channel
Hacktivity from w2w 
 
Open redirect open.rocket.chat/file-upload/ID/filename.svg

https://hackerone.com/reports/368927
Disclosed at: 2019-10-31 15:20:30 UTC+0
Created at: 2018-06-19 17:04:38 UTC+0
HackerOne
Rocket.Chat disclosed on HackerOne: Open redirect...
**Summary:** Open redirect through svg file upload

**Description:** When you upload a file to a chat, the link to it will look like https://open.rocket.chat/file-upload/ID/filename.svg, but the...
289 views
Bug Bounty Channel
Hacktivity from slickrockweb 
 
Viral Direct Message Clickjacking via link truncation leading to capture of both Google credentials & installation of malicious 3rd party Twitter App

https://hackerone.com/reports/643274
Disclosed at: 2019-10-31 17:12:30 UTC+0
Created at: 2019-07-15 08:48:09 UTC+0
HackerOne
X (Formerly Twitter) disclosed on HackerOne: Viral Direct Message...
**Summary:** [Viral Direct Message Clickjacking via link truncation leading to capture of both Google credentials & installation of malicious 3rd party Twitter App]

**Description:** [Because very...
301 views