Bugpoint
@bugpoint
1K subscribers
3.73K photos
3.73K links
Latest updates about disclosure bug bounty reports: tech details, impacts, bounties πŸ“£

RateπŸ‘‡
https://cutt.ly/bugpoint_rate
FeedbackπŸ‘‡
https://cutt.ly/bugpoint_feedback

#️⃣ bug bounty disclosed reports
#️⃣ bug bounty write-ups
#️⃣ bug bounty teleg
Download Telegram
About
Blog
Apps
Platform
Join
Bugpoint
1K subscribers
Bugpoint
Path traversal in filename in LINE Mac client

πŸ‘‰ https://hackerone.com/reports/727727

πŸ”Ή Severity: High | πŸ’° 2,785 USD
πŸ”Ή Reported To: LINE
πŸ”Ή Reported By: #hackerontwowheels
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: July 31, 2020, 9:32am (UTC)
49 views
Bugpoint
Reverse Tabnabbing in printing source document images

πŸ‘‰ https://hackerone.com/reports/911123

πŸ”Ή Severity: Low | πŸ’° 100 USD
πŸ”Ή Reported To: Visma Public
πŸ”Ή Reported By: #artebels
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: July 31, 2020, 12:40pm (UTC)
46 views
Bugpoint
[is-my-json-valid] ReDoS via 'style' format

πŸ‘‰ https://hackerone.com/reports/909757

πŸ”Ή Severity: High
πŸ”Ή Reported To: Node.js third-party modules
πŸ”Ή Reported By: #chalker
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: July 31, 2020, 5:13pm (UTC)
47 views
Bugpoint
Arbitrary code execution via untrusted schemas in is-my-json-valid

πŸ‘‰ https://hackerone.com/reports/894308

πŸ”Ή Severity: Medium
πŸ”Ή Reported To: Node.js third-party modules
πŸ”Ή Reported By: #chalker
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: July 31, 2020, 5:14pm (UTC)
48 views
Bugpoint
Awesome XSS in Google docs via postMessage()

🎬 https://www.youtube.com/watch?v=aCexqB9qi70

πŸ”Ή Severity: Medium | πŸ’° 4,133.70 USD
πŸ”Ή Reported To: Google
πŸ”Ή Reported By: #nikolay
πŸ”Ή State: 🟒 Resolved
58 viewsedited  
Bugpoint
XSS on Videos IA

πŸ‘‰ https://hackerone.com/reports/910427

πŸ”Ή Severity: Medium
πŸ”Ή Reported To: DuckDuckGo
πŸ”Ή Reported By: #capuzsec
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: July 31, 2020, 7:39pm (UTC)
54 views
Bugpoint
curl overwrites local file with -J option if file non-readable, but file writable.

πŸ‘‰ https://hackerone.com/reports/926638

πŸ”Ή Severity: Medium
πŸ”Ή Reported To: curl
πŸ”Ή Reported By: #brumbrum
πŸ”Ή State: βšͺ️ Informative
πŸ”Ή Disclosed: August 1, 2020, 4:46pm (UTC)
51 views
Bugpoint
Get-based SSRF limited to HTTP protocol on https://resizer.line-apps.com/form

πŸ‘‰ https://hackerone.com/reports/707014

πŸ”Ή Severity: Medium | πŸ’° 1,350 USD
πŸ”Ή Reported To: LINE
πŸ”Ή Reported By: #ledz1996
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: August 2, 2020, 7:10am (UTC)
54 views
Bugpoint
Facebook - Reputation Sync For #267890541047618

πŸ‘‰ https://hackerone.com/reports/896019

πŸ”Ή Severity: Low | πŸ’° 1,000 USD
πŸ”Ή Reported To: Facebook
πŸ”Ή Reported By: #yashrs
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: August 2, 2020, 9:30am (UTC)
54 views
Bugpoint
Anonymous file drop page ignores user profile visibility restrictions

πŸ‘‰ https://hackerone.com/reports/752353

πŸ”Ή Severity: No Rating
πŸ”Ή Reported To: Nextcloud
πŸ”Ή Reported By: #pshknst
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: August 3, 2020, 8:27am (UTC)
51 views
Bugpoint
relap.io IDOR

πŸ‘‰ https://hackerone.com/reports/749887

πŸ”Ή Severity: Low | πŸ’° 750 USD
πŸ”Ή Reported To: Mail.ru
πŸ”Ή Reported By: #shuraros
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: August 3, 2020, 9:39am (UTC)
44 views
Bugpoint
Account takeover through password reset in cups.mail.ru

πŸ‘‰ https://hackerone.com/reports/843160

πŸ”Ή Severity: High | πŸ’° 1,500 USD
πŸ”Ή Reported To: Mail.ru
πŸ”Ή Reported By: #weev3kyaw
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: August 3, 2020, 9:53am (UTC)
48 views
Bugpoint
Reflected XSS in "keywords" parameter at "https://sbermarket.ru/metro/search"

πŸ‘‰ https://hackerone.com/reports/898344

πŸ”Ή Severity: Medium
πŸ”Ή Reported To: Mail.ru
πŸ”Ή Reported By: #mehulpanchal007
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: August 3, 2020, 10:05am (UTC)
44 views
Bugpoint
xss on [storehouse5.ucs.ru]

πŸ‘‰ https://hackerone.com/reports/900573

πŸ”Ή Severity: Low
πŸ”Ή Reported To: Mail.ru
πŸ”Ή Reported By: #pisarenko
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: August 3, 2020, 10:09am (UTC)
45 views
Bugpoint
xss while uploading a file

πŸ‘‰ https://hackerone.com/reports/915346

πŸ”Ή Severity: No Rating
πŸ”Ή Reported To: Mail.ru
πŸ”Ή Reported By: #aslanemre
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: August 3, 2020, 10:10am (UTC)
42 views
Bugpoint
Open Redirect at "city-mobil.ru"

πŸ‘‰ https://hackerone.com/reports/919241

πŸ”Ή Severity: No Rating
πŸ”Ή Reported To: Mail.ru
πŸ”Ή Reported By: #kursadalsan
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: August 3, 2020, 10:12am (UTC)
41 views
Bugpoint
Insufficient access control on all BCRM instances leading to the ability to create admin accounts using the API

πŸ‘‰ https://hackerone.com/reports/836081

πŸ”Ή Severity: High | πŸ’° 4,750 USD
πŸ”Ή Reported To: LINE
πŸ”Ή Reported By: #j0eii
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: August 3, 2020, 10:48am (UTC)
42 views
Bugpoint
Unrestricted file upload leads to Stored XSS

πŸ‘‰ https://hackerone.com/reports/880099

πŸ”Ή Severity: Medium | πŸ’° 1,500 USD
πŸ”Ή Reported To: GitLab
πŸ”Ή Reported By: #semsem123
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: August 3, 2020, 12:26pm (UTC)
46 views
Bugpoint
Private list members disclosure via GraphQL

πŸ‘‰ https://hackerone.com/reports/885539

πŸ”Ή Severity: Low | πŸ’° 2,940 USD
πŸ”Ή Reported To: Twitter
πŸ”Ή Reported By: #ryotak
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: August 4, 2020, 1:25am (UTC)
47 views
Bugpoint
Spring Actuator endpoints publicly available, leading to account takeover

πŸ‘‰ https://hackerone.com/reports/862589

πŸ”Ή Severity: Critical | πŸ’° 5,000 USD
πŸ”Ή Reported To: LINE
πŸ”Ή Reported By: #kazan71p
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: August 4, 2020, 2:52am (UTC)
52 views
Bugpoint
Stored XSS in blob viewer

πŸ‘‰ https://hackerone.com/reports/806571

πŸ”Ή Severity: Medium | πŸ’° 2,000 USD
πŸ”Ή Reported To: GitLab
πŸ”Ή Reported By: #yvvdwf
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: August 4, 2020, 9:46am (UTC)
60 views