Bugpoint
@bugpoint
999 subscribers
3.73K photos
3.73K links
Latest updates about disclosure bug bounty reports: tech details, impacts, bounties πŸ“£

RateπŸ‘‡
https://cutt.ly/bugpoint_rate
FeedbackπŸ‘‡
https://cutt.ly/bugpoint_feedback

#️⃣ bug bounty disclosed reports
#️⃣ bug bounty write-ups
#️⃣ bug bounty teleg
Download Telegram
About
Blog
Apps
Platform
Join
Bugpoint
999 subscribers
Bugpoint
Email Confirmation Bypass in your-store.myshopify.com which leads to privilege escalation

πŸ‘‰ https://hackerone.com/reports/910300

πŸ”Ή Severity: Critical | πŸ’° 22,500 USD
πŸ”Ή Reported To: Shopify
πŸ”Ή Reported By: #say_ch33se
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: September 15, 2020, 6:47am (UTC)
33 views
Bugpoint
CircleCI token in github repo allows for access to sensitive build information

πŸ‘‰ https://hackerone.com/reports/858915

πŸ”Ή Severity: No Rating | πŸ’° 1,500 USD
πŸ”Ή Reported To: Shopify
πŸ”Ή Reported By: #dwimmerlaik
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: September 15, 2020, 9:30am (UTC)
35 views
Bugpoint
[icq.im] Reflected XSS via chat invite link

πŸ‘‰ https://hackerone.com/reports/796897

πŸ”Ή Severity: Low | πŸ’° 250 USD
πŸ”Ή Reported To: Mail.ru
πŸ”Ή Reported By: #romesful
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: September 15, 2020, 12:25pm (UTC)
36 views
Bugpoint
Private files exposed to other apps

πŸ‘‰ https://hackerone.com/reports/838587

πŸ”Ή Severity: High | πŸ’° 1,000 USD
πŸ”Ή Reported To: Mail.ru
πŸ”Ή Reported By: #kanytu
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: September 15, 2020, 1:14pm (UTC)
33 views
Bugpoint
Database read through provider misconfiguration

πŸ‘‰ https://hackerone.com/reports/882475

πŸ”Ή Severity: Medium | πŸ’° 1,000 USD
πŸ”Ή Reported To: Mail.ru
πŸ”Ή Reported By: #kanytu
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: September 15, 2020, 1:20pm (UTC)
32 views
Bugpoint
IDOR in tracking driver logs at city-mobil.ru

πŸ‘‰ https://hackerone.com/reports/847876

πŸ”Ή Severity: Low | πŸ’° 150 USD
πŸ”Ή Reported To: Mail.ru
πŸ”Ή Reported By: #r0hack
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: September 15, 2020, 1:59pm (UTC)
30 views
Bugpoint
Cache Poisoning via uppercase letters in invalid path

πŸ‘‰ https://hackerone.com/reports/960618

πŸ”Ή Severity: Medium | πŸ’° 550 USD
πŸ”Ή Reported To: InnoGames
πŸ”Ή Reported By: #mace
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: September 15, 2020, 2:48pm (UTC)
35 views
Bugpoint
xss triggered in "myshopify.com/admin/product"

πŸ‘‰ https://hackerone.com/reports/978125

πŸ”Ή Severity: High | πŸ’° 1,000 USD
πŸ”Ή Reported To: Shopify
πŸ”Ή Reported By: #jaka_tingkir
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: September 15, 2020, 8:30pm (UTC)
34 views
Bugpoint
[authmagic-timerange-stateless-core] Improper Authentication

πŸ‘‰ https://hackerone.com/reports/736522

πŸ”Ή Severity: High
πŸ”Ή Reported To: Node.js third-party modules
πŸ”Ή Reported By: #ermilov
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: September 16, 2020, 5:07am (UTC)
36 views
Bugpoint
Possible denial of service when entering a loooong password

πŸ‘‰ https://hackerone.com/reports/952349

πŸ”Ή Severity: Medium
πŸ”Ή Reported To: Nextcloud
πŸ”Ή Reported By: #guoxuxin
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: September 16, 2020, 9:28am (UTC)
35 views
Bugpoint
Clear text storage of proxy parameters and passwords

πŸ‘‰ https://hackerone.com/reports/685990

πŸ”Ή Severity: Low | πŸ’° 250 USD
πŸ”Ή Reported To: Nextcloud
πŸ”Ή Reported By: #rbcafe
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: September 16, 2020, 2:32pm (UTC)
37 views
Bugpoint
IDOR - User is able to download charts/dashboards from cross accounts

πŸ‘‰ https://hackerone.com/reports/975749

πŸ”Ή Severity: No Rating
πŸ”Ή Reported To: New Relic
πŸ”Ή Reported By: #k3ne
πŸ”Ή State: πŸ”΄ N/A
πŸ”Ή Disclosed: September 17, 2020, 11:24am (UTC)
38 views
Bugpoint
Self XSS

πŸ‘‰ https://hackerone.com/reports/982510

πŸ”Ή Severity: No Rating | πŸ’° 500 USD
πŸ”Ή Reported To: Shopify
πŸ”Ή Reported By: #wannacry0x01
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: September 17, 2020, 4:07pm (UTC)
43 views
Bugpoint
email spoofing

πŸ‘‰ https://hackerone.com/reports/981456

πŸ”Ή Severity: Medium
πŸ”Ή Reported To: Solana BBP
πŸ”Ή Reported By: #crazy_criminal_bj-4545
πŸ”Ή State: 🟀 Duplicate
πŸ”Ή Disclosed: September 17, 2020, 9:59pm (UTC)
43 views
Bugpoint
[@knutkirkhorn/free-space] - Command Injection through Lack of Sanitization

πŸ‘‰ https://hackerone.com/reports/950192

πŸ”Ή Severity: Medium
πŸ”Ή Reported To: Node.js third-party modules
πŸ”Ή Reported By: #ansuj
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: September 18, 2020, 12:35pm (UTC)
42 views
Bugpoint
Log files Leaked In mcsblog.ru

πŸ‘‰ https://hackerone.com/reports/909166

πŸ”Ή Severity: Medium | πŸ’° 150 USD
πŸ”Ή Reported To: Mail.ru
πŸ”Ή Reported By: #sniper302
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: September 18, 2020, 3:25pm (UTC)
42 views
Bugpoint
Broken twitter link hijacking at https://games.mail.ru/pc/search/

πŸ‘‰ https://hackerone.com/reports/975653

πŸ”Ή Severity: No Rating
πŸ”Ή Reported To: Mail.ru
πŸ”Ή Reported By: #nagli
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: September 18, 2020, 3:30pm (UTC)
40 views
Bugpoint
Java : add MongoDB injection sinks

πŸ‘‰ https://hackerone.com/reports/983867

πŸ”Ή Severity: Low | πŸ’° 1,000 USD
πŸ”Ή Reported To: GitHub Security Lab
πŸ”Ή Reported By: #porcupineyhairs
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: September 17, 2020, 7:30pm (UTC)
44 views
Bugpoint
Stored XSS in collabora via user name

πŸ‘‰ https://hackerone.com/reports/968232

πŸ”Ή Severity: Low
πŸ”Ή Reported To: Nextcloud
πŸ”Ή Reported By: #meliodas19
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: September 19, 2020, 2:00am (UTC)
38 views
Bugpoint
Buffer over read from `smtp_command_parse_parameters`

πŸ‘‰ https://hackerone.com/reports/900548

πŸ”Ή Severity: No Rating | πŸ’° 50 USD
πŸ”Ή Reported To: Open-Xchange
πŸ”Ή Reported By: #catenacyber
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: September 21, 2020, 9:15am (UTC)
35 views
Bugpoint
Sensitive information about a β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆ

πŸ‘‰ https://hackerone.com/reports/893970

πŸ”Ή Severity: High
πŸ”Ή Reported To: U.S. Dept Of Defense
πŸ”Ή Reported By: #0x9747
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: September 21, 2020, 2:49pm (UTC)
33 views