Bugpoint
@bugpoint
999 subscribers
3.73K photos
3.73K links
Latest updates about disclosure bug bounty reports: tech details, impacts, bounties πŸ“£

RateπŸ‘‡
https://cutt.ly/bugpoint_rate
FeedbackπŸ‘‡
https://cutt.ly/bugpoint_feedback

#️⃣ bug bounty disclosed reports
#️⃣ bug bounty write-ups
#️⃣ bug bounty teleg
Download Telegram
About
Blog
Apps
Platform
Join
Bugpoint
999 subscribers
Bugpoint
damage to the timeline so that comment fields cannot be displayed or not available to all members in the store

πŸ‘‰ https://hackerone.com/reports/971599

πŸ”Ή Severity: No Rating
πŸ”Ή Reported To: Shopify
πŸ”Ή Reported By: #jaka_tingkir
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: September 9, 2020, 4:45pm (UTC)
37 views
Bugpoint
Add apps to packages 0, 61, 62 with /store/ajaxpackagemerge

πŸ‘‰ https://hackerone.com/reports/972243

πŸ”Ή Severity: High | πŸ’° 2,500 USD
πŸ”Ή Reported To: Valve
πŸ”Ή Reported By: #njbooher
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: September 9, 2020, 8:07pm (UTC)
38 views
Bugpoint
Unauthorized updates to extended_info properties in /store/ajaxpackagesave

πŸ‘‰ https://hackerone.com/reports/815547

πŸ”Ή Severity: High | πŸ’° 2,500 USD
πŸ”Ή Reported To: Valve
πŸ”Ή Reported By: #njbooher
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: September 9, 2020, 8:27pm (UTC)
37 views
Bugpoint
Stored XSS on PyPi simple API endpoint

πŸ‘‰ https://hackerone.com/reports/856836

πŸ”Ή Severity: Medium | πŸ’° 3,000 USD
πŸ”Ή Reported To: GitLab
πŸ”Ή Reported By: #vakzz
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: September 9, 2020, 9:57pm (UTC)
38 views
Bugpoint
Stored XSS in markdown when redacting references

πŸ‘‰ https://hackerone.com/reports/836649

πŸ”Ή Severity: High | πŸ’° 5,000 USD
πŸ”Ή Reported To: GitLab
πŸ”Ή Reported By: #vakzz
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: September 9, 2020, 9:58pm (UTC)
40 views
Bugpoint
Smartsheet employees email disclosure through enpoint after login.

πŸ‘‰ https://hackerone.com/reports/880089

πŸ”Ή Severity: Low | πŸ’° 100 USD
πŸ”Ή Reported To: Smartsheet
πŸ”Ή Reported By: #soareswallace
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: September 9, 2020, 10:15pm (UTC)
41 views
Bugpoint
SSRF at https://cognitive.topcoder.com leads to AWS instance metadata due to vulnerable email subscription feature

πŸ‘‰ https://hackerone.com/reports/876424

πŸ”Ή Severity: Critical
πŸ”Ή Reported To: Topcoder
πŸ”Ή Reported By: #mase289
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: September 10, 2020, 12:42pm (UTC)
40 views
Bugpoint
THX Tuneup Survey feedback disclosure via Google cached content for apps.thx.com

πŸ‘‰ https://hackerone.com/reports/751729

πŸ”Ή Severity: Low | πŸ’° 200 USD
πŸ”Ή Reported To: Razer
πŸ”Ή Reported By: #jackb898
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: September 10, 2020, 4:04pm (UTC)
41 views
Bugpoint
bypass the [OKTA] login redirect can lead to disclosing limited-information about the sub-domain at [ shiptsec.com ]

πŸ‘‰ https://hackerone.com/reports/968699

πŸ”Ή Severity: Low | πŸ’° 200 USD
πŸ”Ή Reported To: Shipt
πŸ”Ή Reported By: #tester1231233
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: September 10, 2020, 4:23pm (UTC)
44 views
Bugpoint
Safe Redirect Bypass

πŸ‘‰ https://hackerone.com/reports/945990

πŸ”Ή Severity: Low | πŸ’° 560 USD
πŸ”Ή Reported To: Twitter
πŸ”Ή Reported By: #cyanpiny
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: September 10, 2020, 4:57pm (UTC)
46 views
Bugpoint
Team object in GraphQL disclosed private_comment

πŸ‘‰ https://hackerone.com/reports/978143

πŸ”Ή Severity: Medium | πŸ’° 2,500 USD
πŸ”Ή Reported To: HackerOne
πŸ”Ή Reported By: #haxta4ok00
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: September 10, 2020, 7:05pm (UTC)
50 views
Bugpoint
Unsafe deserialization in Nexus Repository helm plugin

πŸ‘‰ https://hackerone.com/reports/917843

πŸ”Ή Severity: Critical
πŸ”Ή Reported To: Central Security Project
πŸ”Ή Reported By: #c0d3p1ut0s
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: September 10, 2020, 10:07pm (UTC)
45 views
Bugpoint
http request smuggling in pscp.tv and periscope.tv

πŸ‘‰ https://hackerone.com/reports/713285

πŸ”Ή Severity: High | πŸ’° 560 USD
πŸ”Ή Reported To: Twitter
πŸ”Ή Reported By: #protostar0
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: September 10, 2020, 10:52pm (UTC)
49 views
Bugpoint
Blind HTTP GET SSRF via website icon fetch (bypass of pull#812)

πŸ‘‰ https://hackerone.com/reports/925527

πŸ”Ή Severity: Low
πŸ”Ή Reported To: Bitwarden
πŸ”Ή Reported By: #shielder
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: September 11, 2020, 1:24pm (UTC)
40 views
Bugpoint
Cache poisoning via X-Forwarded-Host in www.shopify.com/partners/blog

πŸ‘‰ https://hackerone.com/reports/977851

πŸ”Ή Severity: Low | πŸ’° 1,000 USD
πŸ”Ή Reported To: Shopify
πŸ”Ή Reported By: #dakitu
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: September 11, 2020, 5:03pm (UTC)
35 views
Bugpoint
[keyd] Prototype pollution

πŸ‘‰ https://hackerone.com/reports/877515

πŸ”Ή Severity: High
πŸ”Ή Reported To: Node.js third-party modules
πŸ”Ή Reported By: #d3lla
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: September 14, 2020, 10:51am (UTC)
31 views
Bugpoint
[objtools] Prototype pollution

πŸ‘‰ https://hackerone.com/reports/878394

πŸ”Ή Severity: High
πŸ”Ή Reported To: Node.js third-party modules
πŸ”Ή Reported By: #d3lla
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: September 14, 2020, 10:51am (UTC)
32 views
Bugpoint
[flsaba] Stored XSS in the file and directory name when directories listing

πŸ‘‰ https://hackerone.com/reports/856588

πŸ”Ή Severity: Low
πŸ”Ή Reported To: Node.js third-party modules
πŸ”Ή Reported By: #d3lla
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: September 14, 2020, 10:52am (UTC)
27 views
Bugpoint
Password protection can be removed for newly created development store

πŸ‘‰ https://hackerone.com/reports/965510

πŸ”Ή Severity: No Rating | πŸ’° 500 USD
πŸ”Ή Reported To: Shopify
πŸ”Ή Reported By: #francisbeaudoin
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: September 14, 2020, 6:59pm (UTC)
29 views
Bugpoint
Admin web sessions remain active after logout of Shopify ID

πŸ‘‰ https://hackerone.com/reports/952035

πŸ”Ή Severity: No Rating | πŸ’° 1,000 USD
πŸ”Ή Reported To: Shopify
πŸ”Ή Reported By: #jaka_tingkir
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: September 14, 2020, 6:59pm (UTC)
29 views
Bugpoint
XSS / SELF XSS

πŸ‘‰ https://hackerone.com/reports/906201

πŸ”Ή Severity: Low | πŸ’° 500 USD
πŸ”Ή Reported To: Shopify
πŸ”Ή Reported By: #whoami991
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: September 14, 2020, 7:25pm (UTC)
28 views