August is coming to an end and this month has been very resourceful in terms of wonderful articles, reports and tips.
Here's my top 3 favourite reports disclosed in August.
๐งต๐
#bugbounty #hackerone
Here's my top 3 favourite reports disclosed in August.
๐งต๐
#bugbounty #hackerone
1. One-click account hijack for anyone using Apple sign-in with Reddit, due to response-type switch + leaking href to XSS on redditmedia.com
Read here: hackerone.com
Obviously, this report should be at the top.
What an amazing find.
Read here: hackerone.com
Obviously, this report should be at the top.
What an amazing find.
2. Getting access of mod logs from any public or restricted subreddit with IDOR vulnerability
Read here: hackerone.com
A nice catch and well written report.
Read here: hackerone.com
A nice catch and well written report.
3. Privilege Escalation - "Analyst" Role Can View Email Domains of a Company - [GET /voyager/api/voyagerOrganizationDashEmailDomainMappings]
Read here: hackerone.com
Not sure if I'd have thought this way wrt escalation. Nice find again.
Read here: hackerone.com
Not sure if I'd have thought this way wrt escalation. Nice find again.
That's a wrap!
If you enjoyed this thread:
1. Follow me @thebinarybot for more of these
2. RT the tweet below to share this thread with your audience
If you enjoyed this thread:
1. Follow me @thebinarybot for more of these
2. RT the tweet below to share this thread with your audience
Loading suggestions...