Skip to content

Latest commit

 

History

History
107 lines (103 loc) · 13.8 KB

TOP100UPVOTED.md

File metadata and controls

107 lines (103 loc) · 13.8 KB
Raw

Back

Top 100 upvoted reports from HackerOne:

  1. Bypass for #488147 enables stored XSS on https://paypal.com/signin again to PayPal - 2460 upvotes, $20000
  2. Account takeover via leaked session cookie to HackerOne - 1415 upvotes, $20000
  3. Arbitrary file read via the UploadsRewriter when moving and issue to GitLab - 1367 upvotes, $20000
  4. Token leak in security challenge flow allows retrieving victim's PayPal email and plain text password to PayPal - 1283 upvotes, $15300
  5. RCE on Steam Client via buffer overflow in Server Info to Valve - 1233 upvotes, $18000
  6. Potential pre-auth RCE on Twitter VPN to Twitter - 1124 upvotes, $20160
  7. Confidential data of users and limited metadata of programs and reports accessible via GraphQL to HackerOne - 936 upvotes, $20000
  8. [Part II] Email Confirmation Bypass in myshop.myshopify.com that Leads to Full Privilege Escalation to Shopify - 829 upvotes, $15000
  9. Mass account takeovers using HTTP Request Smuggling on https://slackb.com/ to steal session cookies to Slack - 792 upvotes, $6500
  10. WannaCrypt “Killswitch” to HackerOne - 785 upvotes, $10000
  11. DoS on PayPal via web cache poisoning to PayPal - 781 upvotes, $9700
  12. Takeover an account that doesn't have a Shopify ID and more to Shopify - 770 upvotes, $22500
  13. Remote Code Execution on www.semrush.com/my_reports on Logo upload to Semrush - 759 upvotes, $10000
  14. Git flag injection - local file overwrite to remote code execution to GitLab - 740 upvotes, $12000
  15. H1514 Remote Code Execution on kitcrm using bulk customer update of Priority Products to Shopify - 736 upvotes, $15000
  16. Exfiltrate and mutate repository and project data through injected templated service to GitLab - 726 upvotes, $11000
  17. SQL Injection Extracts Starbucks Enterprise Accounting, Financial, Payroll Database to Starbucks - 706 upvotes, $4000
  18. Email Confirmation Bypass in myshop.myshopify.com that Leads to Full Privilege Escalation to Any Shop Owner by Taking Advantage of the Shopify SSO to Shopify - 700 upvotes, $15000
  19. JumpCloud API Key leaked via Open Github Repository. to Starbucks - 699 upvotes, $4000
  20. 🐞 OS Command Injection at https://sea-web.gold.razer.com/lab/ws-lookup via IP parameter to Razer - 668 upvotes, $2000
  21. 🐞 OS Command Injection at https://sea-web.gold.razer.com/lab/ws-lookup via IP parameter to Razer - 668 upvotes, $2000
  22. Use-After-Free In IPV6_2292PKTOPTIONS leading To Arbitrary Kernel R/W Primitives to PlayStation - 660 upvotes, $10000
  23. IDOR to add secondary users in www.paypal.com/businessmanage/users/api/v1/users to PayPal - 656 upvotes, $10500
  24. Webshell via File Upload on ecjobs.starbucks.com.cn to Starbucks - 655 upvotes, $4000
  25. SQL injection in https://labs.data.gov/dashboard/datagov/csv_to_json via User-agent to TTS Bug Bounty - 647 upvotes, $2000
  26. Subdomain Takeover to Authentication bypass to Roblox - 637 upvotes, $2500
  27. Stored XSS on https://paypal.com/signin via cache poisoning to PayPal - 630 upvotes, $18900
  28. Sensitive user information disclosure at bonjour.uber.com/marketplace/_rpc via the 'userUuid' parameter to Uber - 610 upvotes, $6500
  29. Reflected XSS on https://www.glassdoor.com/employers/sem-dual-lp/ to Glassdoor - 610 upvotes, $1000
  30. Email address of any user can be queried on Report Invitation GraphQL type when username is known to HackerOne - 603 upvotes, $8500
  31. Time-Based SQL injection at city-mobil.ru to Mail.ru - 603 upvotes, $15000
  32. [phpobject in cookie] Remote shell/command execution to Pornhub - 594 upvotes, $20000
  33. Ability to reset password for account to Upserve - 594 upvotes, $3500
  34. Getting all the CD keys of any game to Valve - 593 upvotes, $20000
  35. Stored XSS in Wiki pages to GitLab - 589 upvotes, $4500
  36. Stored XSS on imgur profile to Imgur - 585 upvotes, $650
  37. SQL injection at https://sea-web.gold.razer.com/ajax-get-status.php via txid parameter to Razer - 574 upvotes, $2000
  38. Bypassing Digits origin validation which leads to account takeover to Twitter - 567 upvotes, $5040
  39. Customer private program can disclose email any users through invited via username to HackerOne - 552 upvotes, $7500
  40. Request smuggling on admin-official.line.me could lead to account takeover to LINE - 547 upvotes, $9000
  41. Github Token Leaked publicly for https://github.sc-corp.net to Snapchat - 546 upvotes, $15000
  42. Local files could be overwritten in GitLab, leading to remote command execution to GitLab - 531 upvotes, $12000
  43. Privilege Escalation From user to SYSTEM via unauthenticated command execution to Ubiquiti Inc. - 531 upvotes, $16109
  44. SQL Injection in https://api-my.pay.razer.com/inviteFriend/getInviteHistoryLog to Razer - 526 upvotes, $2000
  45. My Expense Report resulted in a Server-Side Request Forgery (SSRF) on Lyft to Lyft - 520 upvotes, $0
  46. Stealing Zomato X-Access-Token: in Bulk using HTTP Request Smuggling on api.zomato.com to Zomato - 514 upvotes, $5000
  47. Email Confirmation Bypass in your-store.myshopify.com which leads to privilege escalation to Shopify - 512 upvotes, $22500
  48. The return of the < to Rockstar Games - 511 upvotes, $1000
  49. RCE and Complete Server Takeover of http://www.█████.starbucks.com.sg/ to Starbucks - 509 upvotes, $4000
  50. Shopify Stocky App OAuth Misconfiguration to Shopify - 504 upvotes, $5000
  51. [Grab Android/iOS] Insecure deeplink leads to sensitive information disclosure to Grab - 493 upvotes, $7500
  52. SSRF in Exchange leads to ROOT access in all instances to Shopify - 481 upvotes, $25000
  53. Password theft login.newrelic.com via Request Smuggling to New Relic - 469 upvotes, $3000
  54. Able to Become Admin for Any LINE Official Account to LINE - 467 upvotes, $4750
  55. BAD Code ! to Paragon Initiative Enterprises - 460 upvotes, $0
  56. Steal ALL collateral during liquidation by exploiting lack of validation in flip.kick to Maker Ecosystem Growth Holdings, Inc - 458 upvotes, $50000
  57. Remote Code Execution in Slack desktop apps + bonus to Slack - 458 upvotes, $1750
  58. Reflected XSS in OAUTH2 login flow to LINE - 456 upvotes, $1989
  59. profile-picture name parameter with large value lead to DoS for other users and programs on the platform to HackerOne - 450 upvotes, $2500
  60. XSS in steam react chat client to Valve - 442 upvotes, $7500
  61. SQL injection on contactws.contact-sys.com in TScenObject action ScenObjects leads to remote code execution to QIWI - 440 upvotes, $5500
  62. How the Bug stole hacking to HackerOne - 433 upvotes, $0
  63. XSS vulnerable parameter in a location hash to Slack - 432 upvotes, $1100
  64. Project Template functionality can be used to copy private project data, such as repository, confidential issues, snippets, and merge requests to GitLab - 429 upvotes, $12000
  65. Blind SQL Injection to InnoGames - 417 upvotes, $2000
  66. Open prod Jenkins instance to Snapchat - 416 upvotes, $15000
  67. touch.mail.ru / e.mail.ru memory content disclosure to Mail.ru - 402 upvotes, $10000
  68. Panorama UI XSS leads to Remote Code Execution via Kick/Disconnect Message to Valve - 400 upvotes, $9000
  69. CRLF injection to Twitter - 400 upvotes, $2940
  70. Unrestricted file upload on [ambassador.mail.ru] to Mail.ru - 400 upvotes, $3000
  71. Employee's GitHub Token Found In Travis CI Build Logs to Grammarly - 388 upvotes, $5000
  72. Account Takeover worki.ru to Mail.ru - 385 upvotes, $1700
  73. gitlab-workhorse bypass in Gitlab::Middleware::Multipart allowing files in allowed_paths to be read to GitLab - 385 upvotes, $10000
  74. H1514 Server Side Template Injection in Return Magic email templates? to Shopify - 382 upvotes, $10000
  75. Denial of service to WP-JSON API by cache poisoning the CORS allow origin header to Automattic - 381 upvotes, $550
  76. Stored XSS Vulnerability to WordPress - 376 upvotes, $500
  77. Access to multiple production Grafana dashboards to Snapchat - 370 upvotes, $10000
  78. Websites Can Run Arbitrary Code on Machines Running the 'PlayStation Now' Application to PlayStation - 365 upvotes, $15000
  79. Chained Bugs to Leak Victim's Uber's FB Oauth Token to Uber - 363 upvotes, $7500
  80. Cross-Site-Scripting on www.tiktok.com and m.tiktok.com leading to Data Exfiltration to TikTok - 363 upvotes, $3860
  81. Account TakeOver at my.33slona.ru to Mail.ru - 358 upvotes, $1700
  82. Account TakeOver at my.33slona.ru to Mail.ru - 358 upvotes, $1700
  83. RCE on shared.mail.ru due to "widget" plugin to Mail.ru - 356 upvotes, $10000
  84. Reflected XSS and sensitive data exposure, including payment details, on lioncityrentals.com.sg to Uber - 356 upvotes, $4000
  85. Cross-organization data access in city-mobil.ru to Mail.ru - 355 upvotes, $8000
  86. H1514 Ability to MiTM Shopify PoS Session to Takeover Communications to Shopify - 350 upvotes, $13337
  87. URL link spoofing to Slack - 347 upvotes, $250
  88. SQL injection at fleet.city-mobil.ru to Mail.ru - 347 upvotes, $10000
  89. JSON serialization of any Project model results in all Runner tokens being exposed through Quick Actions to GitLab - 346 upvotes, $12000
  90. Bypass of GitLab CI runner slash fix in YAML validation to GitLab - 344 upvotes, $12000
  91. Stored XSS in wordpress.com to Automattic - 344 upvotes, $650
  92. SSRF & LFR via on city-mobil.ru to Mail.ru - 337 upvotes, $6000
  93. SQL Injection in report_xml.php through countryFilter[] parameter to Valve - 336 upvotes, $25000
  94. Github information leaked to Semrush - 336 upvotes, $3000
  95. Attacker is able to access commit title and team member comments which are supposed to be private to GitLab - 335 upvotes, $7000
  96. [ RCE ] Through stopping the redirect in /admin/* the attacker able to bypass Authentication And Upload Malicious File to Mail.ru - 335 upvotes, $4000
  97. OTP token bypass in accessing user settings to Razer - 335 upvotes, $1000
  98. Web cache poisoning attack leads to user information and more to Postmates - 334 upvotes, $500
  99. CRLF Injection in urllib to Python (IBB) - 333 upvotes, $1000
  100. SSRF on project import via the remote_attachment_url on a Note to GitLab - 332 upvotes, $10000

Back