HackerOne: View Titles of Private Reports with pending email invitation

A vulnerability was discovered where anonymous users could view the titles of private reports with pending email invitations for collaboration. This was possible by sending a GraphQL request or running JavaScript code while logged out. It only worked for anonymous users when the collaboration...

Internet Bug Bounty: ReDoS( Ruby, Time)

A ReDoS vulnerability was discovered in the Time gem 0.1.0 and 0.2.1 and Time library of Ruby 2.7.7, which mishandles invalid strings with specific characters, causing an increase in execution time for parsing strings to Time objects. The vulnerability was assigned the CVE identifier...

HackerOne: Open Redirect on http://events.hackerone.com/redirect?url=https://naglinagli.github.io

@nagli found an open redirect vulnerability in a 3rd party vendor that was used by HackerOne. This system did not contain any data related to reports submitted and stored on hackerone.com. HackerOne worked with the vendor to remediate the vulnerability. The report is partially disclosed to...

HackerOne: Unauthorized access to metadata of undisclosed reports that were retested

Summary: reportretests object in User node discloses some information about undisclosed report Description: An attacker can get some infomation such as "assetname" , "assettype" , "severityrating" , "weaknessname" of undisclosed report Steps To Reproduce 1. Invoke the below graphql call POST...

Project-Black - Pentest/BugBounty Progress Control With Scanning Modules

Scope control, scope scanner and progress tracker for easier working on a bug bounty or pentest project. What is this tool for? The tools encourages more methodical work on pentest/bugbounty, tracking the progress and general scans information. It can launch masscan nmap dirsearch amass patator...

HackerOne: Unicorn worker pool exhaustion by continuously updating payout preferences

please this time i hope you listen to me - please see the included video as POC - please this is not self DOS , not self DOS, not self DOS - i hope this time you find out that this is last report that i have , please see the video to the end again this is not a self DOS i have invulded one...

HackerOne: Google Analytics could be used as CSP bypass for data exfiltration on hackerone.com

Greetings, I believe I may have found a way to bypass CSP on hackerone.com The issue lies here: img-src 'self' data: www.google-analytics.com As you can imagine, how can image tags be used maliciously here to this safe site? Well, as you know, on google-analytics.com we have the ability to host...

HackerOne: Open-redirect on hackerone.com

Hello! I would like to report about open-redirect on hackerone.com Here is the PoC that redirects to example.com IP address: https://hackerone.com/%2F1572395042 There is one more strange behavior in URL. For example: https://hackerone.com//hackerone.com - works https://hackerone.com//hackerone1.c...

HackerOne: Anti-MIME-Sniffing header X-Content-Type-Options header has not been set.

Hi, The following host "profile-photos-user-content.hackerone.com" does not set the x-content-type-options header to nosniff. If a malicious user is able to upload an image with script content Possible within the comments metadata Internet Explorer up till IE8 might render the content as Javascri...

Internet Bug Bounty Pays $5,000 for Severe Bugs

A bounty program begun by a bevy of industry heavyweights, including Microsoft and Facebook, will pay good money to white hats, researchers and even aspiring young hackers who find bugs in any of a dozen technologies central to the vitality and trustworthiness of the Internet. Dubbed the Internet...