Bugpoint
@bugpoint
1.08K subscribers
3.73K photos
3.73K links
Latest updates about disclosure bug bounty reports: tech details, impacts, bounties πŸ“£

RateπŸ‘‡
https://cutt.ly/bugpoint_rate
FeedbackπŸ‘‡
https://cutt.ly/bugpoint_feedback

#️⃣ bug bounty disclosed reports
#️⃣ bug bounty write-ups
#️⃣ bug bounty teleg
Download Telegram
About
Blog
Apps
Platform
Join
Bugpoint
1.08K subscribers
Bugpoint
Improper input validation in projects leads to fully deny access to project resources

πŸ‘‰ https://hackerone.com/reports/1237700

πŸ”Ή Severity: Medium | πŸ’° 500 USD
πŸ”Ή Reported To: Semrush
πŸ”Ή Reported By: #a_d_a_m
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: September 1, 2021, 8:11pm (UTC)
284 views
Bugpoint
e-mail verification bypass through interception & modification of response status

πŸ‘‰ https://hackerone.com/reports/1181253

πŸ”Ή Severity: No Rating
πŸ”Ή Reported To: U.S. General Services Administration
πŸ”Ή Reported By: #rajeshpatil
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: September 2, 2021, 2:46pm (UTC)
266 views
Bugpoint
Java: Static initialization vector

πŸ‘‰ https://hackerone.com/reports/1329260

πŸ”Ή Severity: Medium
πŸ”Ή Reported To: GitHub Security Lab
πŸ”Ή Reported By: #not_specified
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: September 3, 2021, 12:15am (UTC)
260 views
Bugpoint
Improper Authentication - any user can login as other user with otp/logout & otp/login

πŸ‘‰ https://hackerone.com/reports/921780

πŸ”Ή Severity: Critical | πŸ’° 25,000 USD
πŸ”Ή Reported To: Snapchat
πŸ”Ή Reported By: #korniltsev
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: September 3, 2021, 9:12am (UTC)
283 views
Bugpoint
Protocol Smuggling over LDAP password field

πŸ‘‰ https://hackerone.com/reports/1054282

πŸ”Ή Severity: Low | πŸ’° 50 USD
πŸ”Ή Reported To: ownCloud
πŸ”Ή Reported By: #pabl00nicarres
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: September 3, 2021, 1:20pm (UTC)
263 views
Bugpoint
Payment method token being sent to 3rd party analytics service

πŸ‘‰ https://hackerone.com/reports/637267

πŸ”Ή Severity: High | πŸ’° 2,500 USD
πŸ”Ή Reported To: Upserve
πŸ”Ή Reported By: #ctulhu
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: September 3, 2021, 3:06pm (UTC)
257 views
Bugpoint
Possible to invite any team member without being logged in. [ Session Management Issue ]

πŸ‘‰ https://hackerone.com/reports/1319892

πŸ”Ή Severity: Medium
πŸ”Ή Reported To: Courier
πŸ”Ή Reported By: #bugera
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: September 3, 2021, 7:28pm (UTC)
260 views
Bugpoint
Google Maps API Key Leakage

πŸ‘‰ https://hackerone.com/reports/1321830

πŸ”Ή Severity: High
πŸ”Ή Reported To: Uber
πŸ”Ή Reported By: #batman9
πŸ”Ή State: βšͺ️ Informative
πŸ”Ή Disclosed: September 3, 2021, 8:39pm (UTC)
278 views
Bugpoint
No Limit on Email Subscription

πŸ‘‰ https://hackerone.com/reports/1085079

πŸ”Ή Severity: Low
πŸ”Ή Reported To: OpenMage
πŸ”Ή Reported By: #thecyberjerry
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: September 4, 2021, 7:05am (UTC)
279 views
Bugpoint
XSS Stored in Cacheable response

πŸ‘‰ https://hackerone.com/reports/1011093

πŸ”Ή Severity: Medium | πŸ’° 50 USD
πŸ”Ή Reported To: Acronis
πŸ”Ή Reported By: #dj4ng0d2
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: September 5, 2021, 1:47am (UTC)
274 views
Bugpoint
ПодмСна Ρ„ΠΎΡ‚ΠΎΠ³Ρ€Π°Ρ„ΠΈΠΉ автомобиля [city-mobil.ru/taxiserv/]

πŸ‘‰ https://hackerone.com/reports/1130528

πŸ”Ή Severity: Low | πŸ’° 100 USD
πŸ”Ή Reported To: Mail.ru
πŸ”Ή Reported By: #lobity
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: September 5, 2021, 10:51am (UTC)
270 views
Bugpoint
informations disclosure(Email,Numbers,Agreements, admin Sessions and more ...) through a PostgreSQL database belongs to (legium-back.corp.mail.ru)

πŸ‘‰ https://hackerone.com/reports/1241637

πŸ”Ή Severity: Medium | πŸ’° 150 USD
πŸ”Ή Reported To: Mail.ru
πŸ”Ή Reported By: #yukusawa18
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: September 5, 2021, 11:41am (UTC)
265 views
Bugpoint
Node Validation Admission does not observe all oldObject fields

πŸ‘‰ https://hackerone.com/reports/1095612

πŸ”Ή Severity: Medium | πŸ’° 1,000 USD
πŸ”Ή Reported To: Kubernetes
πŸ”Ή Reported By: #ariellima
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: September 5, 2021, 11:17pm (UTC)
259 views
Bugpoint
Holes in EndpointSlice Validation Enable Host Network Hijack

πŸ‘‰ https://hackerone.com/reports/1145044

πŸ”Ή Severity: Low | πŸ’° 200 USD
πŸ”Ή Reported To: Kubernetes
πŸ”Ή Reported By: #howardjohn
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: September 5, 2021, 11:29pm (UTC)
268 views
Bugpoint
XSS on ub.icq.net

πŸ‘‰ https://hackerone.com/reports/1064587

πŸ”Ή Severity: Low
πŸ”Ή Reported To: Mail.ru
πŸ”Ή Reported By: #nightmare_msf
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: September 6, 2021, 12:53pm (UTC)
261 views
Bugpoint
Social Oauth Disconnect CSRF at znakcup.ru

πŸ‘‰ https://hackerone.com/reports/1074869

πŸ”Ή Severity: Medium
πŸ”Ή Reported To: Mail.ru
πŸ”Ή Reported By: #nightmare_msf
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: September 6, 2021, 1:28pm (UTC)
276 views
Bugpoint
Bootstrap library is vulnerable

πŸ‘‰ https://hackerone.com/reports/1198203

πŸ”Ή Severity: Low
πŸ”Ή Reported To: Sifchain
πŸ”Ή Reported By: #sathish87
πŸ”Ή State: πŸ”΄ N/A
πŸ”Ή Disclosed: September 6, 2021, 4:40pm (UTC)
271 views
Bugpoint
subdomain takeover disney.samokat.ru

πŸ‘‰ https://hackerone.com/reports/1052819

πŸ”Ή Severity: Medium
πŸ”Ή Reported To: Mail.ru
πŸ”Ή Reported By: #nanwn
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: September 7, 2021, 9:29am (UTC)
252 views
Bugpoint
Path Traversal in dict-fs and no-check Escape Character in oauth2-jwt

πŸ‘‰ https://hackerone.com/reports/1132160

πŸ”Ή Severity: Medium | πŸ’° 982 USD
πŸ”Ή Reported To: Open-Xchange
πŸ”Ή Reported By: #northsea
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: September 7, 2021, 10:10am (UTC)
252 views
Bugpoint
HTML Injection @ /[restaurant]/order endpoint.

πŸ‘‰ https://hackerone.com/reports/738810

πŸ”Ή Severity: Low | πŸ’° 150 USD
πŸ”Ή Reported To: Zomato
πŸ”Ή Reported By: #mr_edwards
πŸ”Ή State: 🟒 Resolved
πŸ”Ή Disclosed: September 7, 2021, 11:28am (UTC)
254 views