HackerOne: Lack of Validation in Reward Redemption Allows Unlimited Burp Suite License Abuse

A vulnerability was discovered in the reward redemption process of a points and rewards system. The vulnerability allowed an attacker to obtain multiple valid Burp Suite Pro licenses by using different email addresses, without any validation or verification tied to the user's account. The email...

Replace PGP With an HTTPS Form

I asked my Twitter followers what I should talk about in this issue, and those trolls picked PGP and security vulnerability reporting, so here goes nothing. As you probably know, the school of modern cryptography thinking I subscribe to says that tools and protocols should be small, simple, and...

WordPress wpgform plugin injection vulnerability

WordPress is the WordPress Foundation's set of blogging platform developed using the PHP language. The platform supports PHP and MySQL servers to set up a personal blog site. wpgform is used in one of the Google form to add plug-ins . WordPress wpgform plugin has an injection vulnerability, no...

Uber: Requested and received edit access to Google form

Per the policies laid out in www.hackerone.com/uber social engineering attempts are explicitly out of scope: Social engineering attempts this includes phishing attacks against Uber employees Failure to follow these policies will result in forfeiture of any bounty and a potential ban from the...