Telegram Web
Found Origin IP's Lead To Access ████

👉 https://hackerone.com/reports/1556808

🔹 Severity: Low
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #ibrahim0936356
🔹 State: 🟢 Resolved
🔹 Disclosed: October 14, 2022, 2:28pm (UTC)
Subdomain Takeover at http://██.get8x8.com/

👉 https://hackerone.com/reports/1697402

🔹 Severity: Medium
🔹 Reported To: 8x8
🔹 Reported By: #testingforbugs
🔹 State: 🟢 Resolved
🔹 Disclosed: October 14, 2022, 3:05pm (UTC)
SSRF to read AWS metaData at https://█████/ [HtUS]

👉 https://hackerone.com/reports/1624140

🔹 Severity: Critical | 💰 1,000 USD
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #720922
🔹 State: 🟢 Resolved
🔹 Disclosed: October 14, 2022, 3:12pm (UTC)
👍1
Authentication bypass leads to Information Disclosure at U.S Air Force "https://███"

👉 https://hackerone.com/reports/1690548

🔹 Severity: High
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #ludv1k
🔹 State: 🟢 Resolved
🔹 Disclosed: October 14, 2022, 5:01pm (UTC)
Unauthenticated PII leak on verified/requested to be verified profiles on ███████/app/org/{id}/profile/{id}/version/{id} [HtUS]

👉 https://hackerone.com/reports/1627962

🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #shreky
🔹 State: 🟢 Resolved
🔹 Disclosed: October 14, 2022, 5:04pm (UTC)
.git folder exposed [HtUS]

👉 https://hackerone.com/reports/1624157

🔹 Severity: Critical
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #sudi
🔹 State: 🟤 Duplicate
🔹 Disclosed: October 14, 2022, 5:44pm (UTC)
Unauthenticated SQL Injection at █████████ [HtUS]

👉 https://hackerone.com/reports/1626226

🔹 Severity: Critical | 💰 1,000 USD
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #0xd0ff9
🔹 State: 🟢 Resolved
🔹 Disclosed: October 14, 2022, 5:54pm (UTC)
Host Header Injection on https://███/████████/Account/ForgotPassword

👉 https://hackerone.com/reports/1679969

🔹 Severity: Medium
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #0x1int
🔹 State: 🟢 Resolved
🔹 Disclosed: October 14, 2022, 6:03pm (UTC)
Otp bypass in verifying nin

👉 https://hackerone.com/reports/1314172

🔹 Severity: High
🔹 Reported To: MTN Group
🔹 Reported By: #mr_sparrow
🔹 State: 🟢 Resolved
🔹 Disclosed: October 17, 2022, 6:27am (UTC)
XSS in www.shopify.com/markets?utm_source=

👉 https://hackerone.com/reports/1699762

🔹 Severity: No Rating | 💰 500 USD
🔹 Reported To: Shopify
🔹 Reported By: #noblesix
🔹 State: 🟢 Resolved
🔹 Disclosed: October 18, 2022, 7:14am (UTC)
CVE-2017-5929: Hyperledger - Arbitrary Deserialization of Untrusted Data

👉 https://hackerone.com/reports/1739099

🔹 Severity: No Rating
🔹 Reported To: Hyperledger
🔹 Reported By: #mik-patient
🔹 State: 🟢 Resolved
🔹 Disclosed: October 18, 2022, 3:36pm (UTC)
TikTok Account Creation Date Information Disclosure

👉 https://hackerone.com/reports/1562020

🔹 Severity: Low | 💰 100 USD
🔹 Reported To: TikTok
🔹 Reported By: #f15
🔹 State: 🟢 Resolved
🔹 Disclosed: October 18, 2022, 8:50pm (UTC)
Access to private file's of helpdesk.

👉 https://hackerone.com/reports/804534

🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Lark Technologies
🔹 Reported By: #imran_nisar
🔹 State: 🟢 Resolved
🔹 Disclosed: October 18, 2022, 9:05pm (UTC)
Sub-Dept User Can Add User's To Main Department.

👉 https://hackerone.com/reports/890209

🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Lark Technologies
🔹 Reported By: #imran_nisar
🔹 State: 🟢 Resolved
🔹 Disclosed: October 18, 2022, 9:08pm (UTC)
Users Without Permission Can Download Restricted Files

👉 https://hackerone.com/reports/794904

🔹 Severity: Medium | 💰 500 USD
🔹 Reported To: Lark Technologies
🔹 Reported By: #imran_nisar
🔹 State: 🟢 Resolved
🔹 Disclosed: October 18, 2022, 9:10pm (UTC)
DOM XSS at `https://adobedocs.github.io/OAE_PartnerAPI/?configUrl={site}` due to outdated Swagger UI

👉 https://hackerone.com/reports/1736378

🔹 Severity: Medium
🔹 Reported To: Adobe
🔹 Reported By: #dreamer_eh
🔹 State: 🟢 Resolved
🔹 Disclosed: October 19, 2022, 12:07pm (UTC)
IDOR able to buy a plan with lesser fee

👉 https://hackerone.com/reports/1679276

🔹 Severity: Medium
🔹 Reported To: Automattic
🔹 Reported By: #ug0x01
🔹 State: ⚪️ Informative
🔹 Disclosed: October 19, 2022, 4:20pm (UTC)
Fully TaxJar account control and ability to disclose and modify business account settings Due to Broken Access Control in /current_user_data

👉 https://hackerone.com/reports/1677541

🔹 Severity: Medium | 💰 1,000 USD
🔹 Reported To: Stripe
🔹 Reported By: #mr_asg
🔹 State: 🟢 Resolved
🔹 Disclosed: October 19, 2022, 6:36pm (UTC)
Tomcat Servlet Examples accessible at https://44.240.33.83:38443 and https://52.36.56.155:38443

👉 https://hackerone.com/reports/1560149

🔹 Severity: Medium | 💰 1,500 USD
🔹 Reported To: Stripe
🔹 Reported By: #mustafa_farrag
🔹 State: 🟢 Resolved
🔹 Disclosed: October 19, 2022, 6:45pm (UTC)
Bypassing domain deny_list rule in Smokescreen via double brackets [[]] which leads to SSRF

👉 https://hackerone.com/reports/1580495

🔹 Severity: Low | 💰 500 USD
🔹 Reported To: Stripe
🔹 Reported By: #sim4n6
🔹 State: 🟢 Resolved
🔹 Disclosed: October 19, 2022, 6:47pm (UTC)
2025/07/14 11:25:20
Back to Top
HTML Embed Code: