Public HackerOne bug reports.

Team Bounty Title
HackerOne - IDOR on HackerOne Feedback Review
HackerOne $1,500 Reading redacted data via hackbot's answers
HackerOne - Invitation tokens leak to Google Analytics
HackerOne $10,000 WannaCrypt “Killswitch”
HackerOne $500 HackerOne reports escalation to JIRA is CSRF vulnerable
HackerOne $1,000 Changing Victim's JIRA Integration Settings Through Multiple Bugs
HackerOne - www.hackerone.com website CSP "script-src" includes "unsafe-inline"
HackerOne - Insecure SHA1withRSA in b5s.hackerone-ext-content.com and a4l.hackerone-ext-content.com
HackerOne $750 Race condition leads to duplicate payouts
HackerOne $500 Subdomain takeover #4 at info.hacker.one
HackerOne - Example HackerOne [email protected] forward domain is not registered
HackerOne $1,000 Subdomain takeover #3 at info.hacker.one
HackerOne - CRLF injection in info.hacker.one
HackerOne $2,000 A HackerOne employee's GitHub personal access token exposed in Travis CI build logs
HackerOne $500 Report invitation links not restricted to any existing user
HackerOne $750 IE 11 Self-XSS on Jira Integration Preview Base Link
HackerOne $500 Transitioning a Private Program to Public Does Not Clear Previously Private Updates to Hackers
HackerOne $100 javascript: and mailto: links are allowed in JIRA integration settings
HackerOne $1,000 Subdomain takeover #2 at info.hacker.one
HackerOne - Able to create basic user account via Google login on HackerOne Drupal CMS
HackerOne $750 Information leakage via CSV when content is valid JavaScript
HackerOne $1,500 Stealing contact form data on www.hackerone.com using Marketo Forms XSS with postMessage frame-jumping and jQuery-JSONP
HackerOne $1,000 Subdomain takeover at info.hacker.one
HackerOne $500 Google Analytics could be used as CSP bypass for data exfiltration on hackerone.com
HackerOne $2,000 Disclose any user's private email through API
HackerOne - Report redaction doesn't apply to report title update activities
HackerOne $500 Websites opened from reports can change url of report page
HackerOne $10,000 Information Disclosure in /skills call
HackerOne $12,500 Internal attachments can be exported via "Export as .zip" feature
HackerOne $10,000 Partial disclosure of report activity through new "Export as .zip" feature
HackerOne - Limited Open redirection using SSO-SAML
HackerOne - Information disclosure via policy update notifications after removal from program
HackerOne - Possible CSRF during external programs
HackerOne - Researcher gets email updates on a private program after he/she quits that program.
HackerOne - Obtain the username & the uid of the one doing the S3 sync on Hackerone
HackerOne - (HackerOne SSO-SAML) Login CSRF, Open Redirect, and Self-XSS Possible Exploitation
HackerOne $500 Bypass rate limiting on /users/password (possibly site-wide rate limit bypass?)
HackerOne - Ability to enumerate private programs using SAML
HackerOne - Users contents on AWS is cacheable
HackerOne - Ability to monitor reports' submission in real time
HackerOne $500 Information leakage of private program
HackerOne $500 Requesting Mediation possible on reports that are too old for mediation
HackerOne $1,000 Hacker.One Subdomain Takeover
HackerOne $500 Non-secure requests are not automatically upgraded to HTTPS
HackerOne $500 Disclosure of external users invited to a specific report
HackerOne - Reward Money Leakage
HackerOne - Possible CSRF during joining report as participant
HackerOne $500 Know undisclosed Bounty Amount when Bounty Statistics are enabled.
HackerOne $500 Race Conditions in Popular reports feature.
HackerOne $500 All information is not removed from published reports
HackerOne $500 Able to remove the admin access of my program
HackerOne - Denial of service in report view.
HackerOne - Inadequate access controls in "Vote" functionality???
HackerOne $2,500 RCE in profile picture upload
HackerOne - Manipulate report timeline activity by using null byte.
HackerOne - Reputation Manipulation (Theoretical)
HackerOne - Missing Certificate Authority Authorization rule
HackerOne $2,500 AWS S3 bucket writeable for authenticated aws users
HackerOne - Deleted name still present via mouseover functionality for user accounts
HackerOne $1,500 Web Authentication Endpoint Credentials Brute-Force Vulnerability
HackerOne - DOS Report FILE html inside <code> in markdown
HackerOne $500 New hacktivity view discloses report IDs of non-public reports
HackerOne $500 New hacktivity view discloses report IDs of non-public reports
HackerOne - HackerOne Important Emails Notification are sent in clear-text
HackerOne $1,500 External programs revealing info
HackerOne $500 Websites opened from reports can change url of report page
HackerOne - External links should use rel="noopener" or use the redirect service
HackerOne $500 Disclosure of private programs that have an "external" page on HackerOne
HackerOne $500 CSV Injection via the CSV export feature
HackerOne - Sending emails (via HackerOne) impersonating other users
HackerOne $500 SECURITY: Referencing previous Reports attachment_IDs on new Reports via Draft_Sync DELETES Attachments
HackerOne - Unauthorized Team members viewing
HackerOne $500 Mediation link can be accepted by other users
HackerOne - Possible XSS
HackerOne - Email Address Leak
HackerOne $1,000 Edit Auto Response Messages
HackerOne - Race Conditions Exist When Accepting Invitations
HackerOne $500 User with Read-Only permissions can edit the Internal comment Activities on Bug Reports After Revoke the team access permissions
HackerOne $500 Distinguish EP+Private vs Private programs in HackerOne
HackerOne - User with Read-Only permissions can edit the SwagAwarded Activities on Bug Reports
HackerOne $500 User with Read-Only permissions can manually public disclosure the report
HackerOne - Abusing HOF rankings in limited circumstances
HackerOne - Denial of Service any Report
HackerOne $500 CSV Injection at the CSV export feature
HackerOne $500 Increase number of bugs by sending duplicate of your own valid report
HackerOne $500 Private Program Disclosure in /:handle/settings/allow_report_submission.json endpoint
HackerOne - Null byte injection
HackerOne $500 Private Program Disclosure in /:handle/reports/draft.json endpoint
HackerOne $5,000 Private program activity timeline information disclosure
HackerOne $500 Putting link inside link in markdown
HackerOne $500 Multiple issues with Markdown and URL parsing
HackerOne $500 Unintended HTML inclusion as a result of https://hackerone.com/reports/110578
HackerOne $500 Interstitial redirect bypass / open redirect in https://hackerone.com/zendesk_session
HackerOne - Report title and issue information prepopulated
HackerOne - attack in not an authorized user
HackerOne $500 CSV Injection via the CSV export feature
HackerOne $500 HTML injection can lead to data theft
HackerOne $500 User with Read-Only permissions can request/approve public disclosure
HackerOne - Requesting unknown file type returns Ruby object w/ address
HackerOne - Signals get affected once reports closed as self
HackerOne - HackerOne is still prone to Internet Explorer UXSS
HackerOne $500 Team Member(s) associated with a Group have Read-only permission (Post internal comments) can post comment to all the participants
HackerOne $500 Improve signals in reputation
HackerOne $500 Team Member(s) associated with a Custom Group Created with 'Program Managment' only permissions can Comments on Bug Reports
HackerOne $500 Parameter pollution in social sharing buttons
HackerOne $500 Know whether private program for company exist or not
HackerOne $2,500 CSRF possible when SOP Bypass/UXSS is available
HackerOne $1,000 Pre-generation of 2FA secret/backup codes seems like an unnecessary risk
HackerOne $500 Limited CSRF bypass.
HackerOne - profile cover can also load external URL's
HackerOne $2,500 Cross-domain AJAX request
HackerOne - Hackerone impersonation
HackerOne $1,000 HTTP header injection in info.hackerone.com allows setting cookies for hackerone.com
HackerOne $2,500 Send AJAX request to external domain
HackerOne - Minimum bounty of a private program is visible for users that were removed from the program
HackerOne - HackerOne Private Programs users disclosure and de-anonymous-ize
HackerOne - Content spoofing on invitations page
HackerOne - Minor Bug: Public un-compiled CSS with original sass, versioning, source map, comments, etc.
HackerOne - Weak HSTS age in support hackerone site
HackerOne $500 Internal bounty and swag details disclosed as part of JSON response
HackerOne $500 Private Program and bounty details disclosed as part of JSON search response
HackerOne $500 Number of invited researchers disclosed as part of JSON search response
HackerOne $500 Accessing title of the report of which you are marked as duplicate
HackerOne $500 CSV Injection with the CVS export feature
HackerOne - Redirection Page throwing error instead of redirecting to site
HackerOne $500 mailto: link injection on https://hackerone.com/directory
HackerOne $500 Invitation is not properly cancelled while inviting to bug reports.
HackerOne $100 Potential denial of service in hackerone.com/<program>/reward_settings
HackerOne $500 Logic error with notifications: user that has left team continues to receive notifications and can not 'clean' this area on account
HackerOne $500 External URL page bypass
HackerOne - Email Notification should be get while changing Paypal Email
HackerOne - Logical Issue (Boosting Reputation points)
HackerOne $500 Content Spoofing - External Link Warning Page
HackerOne $500 Reopen Disable Accounts/ Hidden Access After Disable
HackerOne $500 Fake URL + Additional vectors for homograph attack
HackerOne $500 Homograph attack
HackerOne - Homograph Attack
HackerOne $500 Making any Report Failed to load
HackerOne $500 Homograph attack
HackerOne - Missing spf flags for hackerone.com
HackerOne $500 Open-redirect on hackerone.com
HackerOne $1,000 SPF whitelist of mandrill leads to email forgery
HackerOne - Reflected Filename Download
HackerOne - "learn more here", reward email - domain expired.
HackerOne $500 Open redirect in "Language change".
HackerOne - Reflected File Download attack allows attacker to 'upload' executables to hackerone.com domain
HackerOne $5,000 Improperly validated fields allows injection of arbitrary HTML via spoofed React objects
HackerOne - Auto Approval of Invitation to join Team as a Team member
HackerOne - Substantially weakened authenticity verification when using 'Remember me for a week'
HackerOne $500 Team member invitations to sandboxed teams are not invalidated consistently (v2)
HackerOne - Restrict any user from logging into his account.
HackerOne $2,000 CSP Bypass: Click handler for links with data-method="post" can cause authenticity_token to be sent off domain
HackerOne - Markdown code block sequence makes report unreadable
HackerOne $5,000 Markdown parsing issue enables insertion of malicious tags and event handlers
HackerOne $500 Team member invitations to sandboxed teams are not invalidated consistently
HackerOne $500 Insecure Direct Object Reference vulnerability
HackerOne - In markdown, parsing things like @danlec and #46072 after links is unsafe
HackerOne $5,000 Vulnerability with the way \ escaped characters in <http://danlec.com> style links are rendered
HackerOne $500 Improper way of validating a program
HackerOne - Add text to the title of the page "Thanks"
HackerOne - HTTPS is not enforced for objects stored by HackerOne on Amazon S3
HackerOne - Reflected File Download
HackerOne - URL Crashing browser. {Tested on firefox, Chrome and Safari}
HackerOne $500 Issue with password change
HackerOne $500 Breaking Bugs as team member
HackerOne $500 Logic Issue with Reputation: Boost Reputation Points
HackerOne $500 Gain reputation by creating a duplicate of an existing report
HackerOne $500 File Name Enumeration
HackerOne - Enumeration/Guess of Private (Invited) Programs
HackerOne - Content Spoofing via reports
HackerOne $1,000 Ability to see common response titles of other teams (limited)
HackerOne $500 homograph attack. IDNs displayed in unicode in bug reports and on external link warning page
HackerOne $500 No email verification on username change
HackerOne - "early preview" programs disclosure
HackerOne $500 Redirect FILTER bypass in report/comment
HackerOne $500 Window Opener Property Bug
HackerOne - Notification of previous signed out user leakage.
HackerOne $100 Change Any username and profile link in hackerone
HackerOne $500 Redirect while opening links in new tabs
HackerOne - Account Hijacking (Only rare case scenario)
HackerOne - No option to logout concurrent sessions
HackerOne - Session Hijacking attack (Different Scenario)
HackerOne - Email changing
HackerOne $100 Denial of Service
HackerOne - Account takeover
HackerOne $100 Category- Broken Authentication and Session Management (leads to account compromise if some conditions are met)
HackerOne - Cache leads to Privacy leaks
HackerOne $100 Session not invalidated after password reset
HackerOne $100 Potential denial of service in hackerone.com/teams/new
HackerOne - Improper filtering of classes used in codeblocks in Markdown
HackerOne - Spamming any user from Reset Password Function
HackerOne - Flooding mailbox of user
HackerOne $100 All Active user sessions should be deleted when user change his password!
HackerOne $100 Anti-MIME-Sniffing header X-Content-Type-Options header has not been set.
HackerOne $100 Password Reset Bug
HackerOne $150 Issue with remember_user_token
HackerOne - Arbitrary file uploads to Amazon WS.
HackerOne - (lack of) smtp transport layer security
HackerOne $150 creating titleless and non-closable bugs
HackerOne $100 Marking notifications as read CSRF bug
HackerOne - javascript: and mailto: links are allowed on users' profiles
HackerOne - Accepting Invalid characters on email address
HackerOne $100 Securing sensitive pages from SearchBots
HackerOne - Adding an user email address to the list before confirming.
HackerOne - Criptographic Issue: Strisct Transport Security with not good max age..(TOO SHORT!)
HackerOne $100 Control Characters Not Stripped From Username on Signup
HackerOne $500 Weird Bug - Ability to see partial of other user's notification
HackerOne - Hackerone Email Addresses Enumeration
HackerOne $100 CSS leaks SCSS debug info
HackerOne - harvesting attack on user registration
HackerOne $100 DNS Misconfiguration
HackerOne - LinkedIN URL should be HTTPS
HackerOne $100 Autocomplete enabled in Paypal preferences
HackerOne - Enumeration of users
HackerOne $100 A password reset page does not properly validate the authenticity token at the server side.
HackerOne $100 Information disclosure (reset password token) and changing the user's password
HackerOne $100 Improper session management
HackerOne $150 Switching the user to the attacker's account
HackerOne $500 Upload profile photo from URL
HackerOne $250 Email spoofing
HackerOne $100 CSRF login
HackerOne $150 Logical issues with account settings
HackerOne $100 DNS Cache Poisoning
HackerOne $100 Flawed account creation process allows registration of usernames corresponding to existing file names
HackerOne $500 PNG compression DoS
HackerOne $250 GIF flooding
HackerOne $500 Pixel flood attack
HackerOne $100 Session not expired on logout
HackerOne - Privilege escalation..., or not?!
HackerOne $250 CSP not consistently applied
HackerOne $500 RTL override symbol not stripped from file names
HackerOne $100 Session Management
HackerOne $100 Broken Authentication and session management OWASP A2
HackerOne $100 Real impersonation
HackerOne - Flawed account creation process allows registration of usernames corresponding to existing file names
HackerOne - Report title autocompletion
HackerOne $500 Missing SPF for hackerone.com
HackerOne - Login page password-guessing attack