IDOR Leads To Account Takeover Without User Interaction
👉 https://hackerone.com/reports/1272478
🔹 Severity: Critical
🔹 Reported To: MTN Group
🔹 Reported By: #theranger
🔹 State: 🟢 Resolved
🔹 Disclosed: September 4, 2022, 1:23pm (UTC)
Full read SSRF at █████████ [HtUS]
👉 https://hackerone.com/reports/1628102
🔹 Severity: High | 💰 500 USD
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #sudi
🔹 State: 🟢 Resolved
🔹 Disclosed: September 14, 2022, 8:52pm (UTC)
SSRF in Functional Administrative Support Tool pdf generator (████) [HtUS]
👉 https://hackerone.com/reports/1628209
🔹 Severity: Critical | 💰 4,000 USD
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #codeprivate
🔹 State: 🟢 Resolved
🔹 Disclosed: September 14, 2022, 9:00pm (UTC)
time based SQL injection at [https://███] [HtUS]
👉 https://hackerone.com/reports/1627970
🔹 Severity: Critical | 💰 1,000 USD
🔹 Reported To: U.S. Dept Of Defense
🔹 Reported By: #malcolmx
🔹 State: 🟢 Resolved
🔹 Disclosed: September 14, 2022, 9:10pm (UTC)
原文始发于微信公众号(安全圈的翻译官):hackerone reports 2022.9
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论