H1 Disclosed - Public Disclosures @h1Disclosed profile

H1 Disclosed - Public Disclosures

@h1Disclosed

Followers

7,820

Following

1

Media

1,588

Statuses

1,823

User friendly unofficial HackerOne public disclosures, keeps you updated about the recently disclosed bugs. Made With ♥ By Hackers For Hackers. - @rohsec

https://t.co/gmZ2pZHY4O

127.0.0.1

Joined September 2022

Don't wanna be here? Send us removal request.

Explore tweets Explore followers Explore following

Explore trending content on Musk Viewer

自民党総裁 • 309482 Tweets

高市さん • 304033 Tweets

石破さん • 266004 Tweets

石破総理 • 183138 Tweets

自民党議員 • 146285 Tweets

決選投票 • 133125 Tweets

石破新総裁 • 125476 Tweets

総理大臣 • 107428 Tweets

日本終了 • 100868 Tweets

SCOUPS FOR LOEWE PFW • 83979 Tweets

石破ショック • 76368 Tweets

BRIGHT SKIN LIVE WITH CL • 57934 Tweets

石破政権 • 53941 Tweets

Hayırlı Cumalar • 50550 Tweets

岸田さん • 43824 Tweets

#プロセカ4周年直前生放送 • 42224 Tweets

次の選挙 • 37180 Tweets

さユりさん • 34391 Tweets

#原神予告番組 • 33517 Tweets

#初星ハロウィン • 33433 Tweets

日本保守党 • 30514 Tweets

日経先物 • 30115 Tweets

解散総選挙 • 29076 Tweets

#それスノ • 26513 Tweets

金融所得課税 • 19227 Tweets

KAO X YOUTHTOPIA • 12651 Tweets

消費税15 • 12402 Tweets

RIDDLE • 11257 Tweets

シロネン

ボーボボ

代打小野寺

ウエンツ

陣内さん

レスレリ

ダイレクトキャッチ

モンテス

アナザー

慶長熊本

ちよこ大作戦

ハジケリスト

孫六さん

レフトゴロ

アチゲータ

FAKE TYPE

マイセカイ

Aku Sih Pasti Lazada

石破天驚拳

新刀剣男士

かぼちゃ大作戦

#السعوديه_تنتصر_لفلسطين

Last Seen Profiles

@turk_ifsa2019

@aberthaut25

@wenzeljakob

@_vante92

@Jamesnft13

@yamamoto_hakuto

@fanfanfoufou

@NanaFromHell

@DAliceCraig

@Junioro68699062

@turk_ifsa2019

@ByteReview

@shaamilax

@sombre_slahc

@weerachai191340

@asakazingmei

@meredit46917406

@artistsofcolour

@PizzabagelJosh

@S3lwynC

H1 Disclosed - Public Disclosures

@h1Disclosed

8 months

⚡ SSRF in 👨🏻‍💻 cypher-28 ➟ inDrive 🟥 High 💰 $2,000 🔗 #bugbounty #bugbountytips #cybersecurity #infosec

5

35

168

H1 Disclosed - Public Disclosures

@h1Disclosed

10 months

⚡ Blind SQL injection on 👨🏻‍💻 kristoferent ➟ inDrive 🆘 Critical 💰 $4,134 🔗 #bugbounty #bugbountytips #cybersecurity #infosec

0

19

147

H1 Disclosed - Public Disclosures

@h1Disclosed

2 years

⚡ Delete anyone's content spotlight remotely. 👨💻 @https ://twitter.com/Sahil ➟ Snapchat 🟥 High 💰 $15000.0 #bugbounty #bugbountytips #cybersecurity

4

20

132

H1 Disclosed - Public Disclosures

@h1Disclosed

8 months

⚡ IDOR on GraphQL queries BillingDocumentDownload and BillDetails 👨🏻‍💻 blaklis ➟ Shopify 🟧 Medium 💰 $5,000 🔗 #bugbounty #bugbountytips #cybersecurity #infosec

4

19

140

H1 Disclosed - Public Disclosures

@h1Disclosed

8 months

⚡ Account creation with invalid email addresses / email is accepting % and %0d%0a line termination ... 👨🏻‍💻 @sagarbhavar ➟ HackerOne 🟨 Low 💰 $3,750 🔗 #bugbounty #bugbountytips #cybersecurity #infosec

1

33

138

H1 Disclosed - Public Disclosures

@h1Disclosed

8 months

⚡ CVE-2024-21733 Apache Tomcat HTTP Request Smuggling (Client- Side Desync) (CWE: 444) 👨🏻‍💻 @xer0dayz ➟ Internet Bug Bounty 🟥 High 💰 $4,660 🔗 #bugbounty #bugbountytips #cybersecurity #infosec

1

26

125

H1 Disclosed - Public Disclosures

@h1Disclosed

7 months

⚡ CSP bypass on using Google script resources 👨🏻‍💻 @joaxcar ➟ PortSwigger Web Security 🟧 Medium 💰 $1,500 🔗 #bugbounty #bugbountytips #cybersecurity #infosec

1

19

123

H1 Disclosed - Public Disclosures

@h1Disclosed

3 months

⚡ Account Takeover via Authentication Bypass in TikTok Account Recovery 👨🏻‍💻 xtt0k ➟ TikTok 🆘 Critical 💰 $12,000 🔗 #bugbounty #bugbountytips #cybersecurity #infosec

1

14

112

H1 Disclosed - Public Disclosures

@h1Disclosed

9 months

⚡ access list owner can escalate his role to the highest roles 👨🏻‍💻 moaz219 ➟ Teleport 🆘 Critical 💰 $21,000 🔗 #bugbounty #bugbountytips #cybersecurity #infosec

2

21

103

H1 Disclosed - Public Disclosures

@h1Disclosed

1 year

⚡ SSRF in graphQL query () 👨💻 @redshark1802 ➟ EXNESS 🟥 High 💰 $3,000 #bugbounty #bugbountytips #cybersecurity

2

23

95

H1 Disclosed - Public Disclosures

@h1Disclosed

1 year

⚡ [] Redirect parameter allows for XSS 👨💻 dvorakxl ➟ Reddit 🟥 High 💰 $5,000 #bugbounty #bugbountytips #cybersecurity

0

17

99

H1 Disclosed - Public Disclosures

@h1Disclosed

11 months

====================== ⚡ Blind SSRF on allows for internal network enumeration 👨🏻‍💻 null_hypothesis ➟ EXNESS 🟧 Medium 💰 $2,000 🔗 ====================== #bugbounty #bugbountytips #cybersecurity #infosec

2

12

95

H1 Disclosed - Public Disclosures

@h1Disclosed

3 months

⚡ Email OTP/2FA Bypass 👨🏻‍💻 akhan8041 ➟ 🆘 Critical 💰 None 🔗 #bugbounty #bugbountytips #cybersecurity #infosec

7

13

92

H1 Disclosed - Public Disclosures

@h1Disclosed

1 year

⚡ adding h1_analyst_* to username for normal users 👨💻 refaat01 ➟ HackerOne 🟨 Low 💰 $500.0 #bugbounty #bugbountytips #cybersecurity

12

9

90

H1 Disclosed - Public Disclosures

@h1Disclosed

8 months

⚡ Request Smuggling in Apache Tomcat (Important, CVE-2023-45648) 👨🏻‍💻 mukeran ➟ Internet Bug Bounty 🟥 High 💰 $4,660 🔗 #bugbounty #bugbountytips #cybersecurity #infosec

0

8

86

H1 Disclosed - Public Disclosures

@h1Disclosed

8 months

⚡ Port 587 SMPT Open: Can send any mail remotely from the internal mail users to company mail id's. 👨🏻‍💻 @HarshNiture ➟ SideFX ⬜ None 💰 $300 🔗 #bugbounty #bugbountytips #cybersecurity #infosec

1

16

82

H1 Disclosed - Public Disclosures

@h1Disclosed

1 year

⚡ RCE via npm misconfig -- installing internal libraries from the public registry 👨💻 @x1337loser ➟ SHEIN 🆘 Critical 💰 $2,000 #bugbounty #bugbountytips #cybersecurity

1

12

82

H1 Disclosed - Public Disclosures

@h1Disclosed

2 years

⚡️ Wordpress users Disclosure [ /wp-json/wp/v2/users/ ] 👨‍💻 @shubham_srt ➟ MTN Group 🆘 Critical 💰 N/A #bugbounty #bugbountytips #cybersecurity

12

25

78

H1 Disclosed - Public Disclosures

@h1Disclosed

10 months

⚡ Server Side Request Forgery (SSRF) via Analytics Reports 👨🏻‍💻 @mega7_h1 ➟ HackerOne 🆘 Critical 💰 $25,000 🔗 #bugbounty #bugbountytips #cybersecurity #infosec

0

12

81

H1 Disclosed - Public Disclosures

@h1Disclosed

6 months

⚡ Libuv: Improper Domain Lookup that potentially leads to SSRF attacks 👨🏻‍💻 hunt1 ➟ Internet Bug Bounty 🟥 High 💰 $4,860 🔗 #bugbounty #bugbountytips #cybersecurity #infosec

2

8

78

H1 Disclosed - Public Disclosures

@h1Disclosed

2 years

⚡ Open Redirect in Logout & Login 👨💻 @qualwin ➟ Expedia Group Bug Bounty 🟧 Medium 💰 $1000.0 #bugbounty #bugbountytips #cybersecurity

5

16

74

H1 Disclosed - Public Disclosures

@h1Disclosed

5 months

⚡ LLM01: Invisible Prompt Injection 👨🏻‍💻 @H4cktus ➟ HackerOne 🟧 Medium 💰 $2,500 🔗 #bugbounty #bugbountytips #cybersecurity #infosec

0

6

77

H1 Disclosed - Public Disclosures

@h1Disclosed

1 year

⚡ Reflected Cross-site Scripting (XSS) at 👨💻 mrhavit ➟ TikTok 🟥 High 💰 $5,000 #bugbounty #bugbountytips #cybersecurity

2

10

69

H1 Disclosed - Public Disclosures

@h1Disclosed

1 year

====================== ⚡ RCE of Burp Scanner / Crawler via Clickjacking 👨🏻‍💻 mattaustin ➟ PortSwigger Web Security 🟥 High 💰 $3,000 🔗 ====================== #bugbounty #bugbountytips #cybersecurity #infosec

0

12

72

H1 Disclosed - Public Disclosures

@h1Disclosed

2 months

⚡ XSS via /api/v1/chat.postMessage 👨🏻‍💻 gronke ➟ 🆘 Critical 💰 None 🔗 #bugbounty #bugbountytips #cybersecurity #infosec

0

1

72

H1 Disclosed - Public Disclosures

@h1Disclosed

9 months

⚡ View Titles of Private Reports with pending email invitation 👨🏻‍💻 @ahacker1_h1 ➟ HackerOne 🟥 High 💰 $7,500 🔗 #bugbounty #bugbountytips #cybersecurity #infosec

2

9

72

H1 Disclosed - Public Disclosures

@h1Disclosed

4 months

⚡ SSRF in region parameter that leads to AWS Teleport role AWS account takeover 👨🏻‍💻 el1g0ld8m1th ➟ Teleport 🟥 High 💰 $10,000 🔗 #bugbounty #bugbountytips #cybersecurity #infosec

3

8

70

H1 Disclosed - Public Disclosures

@h1Disclosed

1 year

⚡ blind Server-Side Request Forgery (SSRF) allows scanning internal ports 👨💻 @lu3ky13 ➟ Elastic 🟧 Medium 💰 $1,420.01 #bugbounty #bugbountytips #cybersecurity

0

19

69

H1 Disclosed - Public Disclosures

@h1Disclosed

2 years

⚡️ is vulnerable to zero day vulnerability CVE-2022-41040 👨‍💻 aplis ➟ Acronis 🆘 Critical 💰 $1000.0 #bugbounty #bugbountytips #cybersecurity

0

13

69

H1 Disclosed - Public Disclosures

@h1Disclosed

1 month

⚡ FULL ACCOUNT TAKEOVER 👨🏻‍💻 impozzible ➟ MTN Group 🆘 Critical 💰 None 🔗 #bugbounty #bugbountytips #cybersecurity #infosec

1

8

66

H1 Disclosed - Public Disclosures

@h1Disclosed

8 months

⚡ Reflected XSS on 👨🏻‍💻 ssilvass ➟ Shopify 🟨 Low 💰 $500 🔗 #bugbounty #bugbountytips #cybersecurity #infosec

1

7

66

H1 Disclosed - Public Disclosures

@h1Disclosed

8 months

⚡ PII Disclosure At `` 👨🏻‍💻 @alp0x01 ➟ A.S. Watson Group 🆘 Critical 💰 $5,111 🔗 #bugbounty #bugbountytips #cybersecurity #infosec

1

10

66

H1 Disclosed - Public Disclosures

@h1Disclosed

7 months

⚡ Session Doesn't expire after 2fa and also other session can change passsword 👨🏻‍💻 @0xchoudhary ➟ SideFX 🟨 Low 💰 $300 🔗 #bugbounty #bugbountytips #cybersecurity #infosec

1

10

67

H1 Disclosed - Public Disclosures

@h1Disclosed

2 years

⚡ Bypass: Stored-XSS with CSP-bypass via scoped labels' color 👨💻 @yvvdwf ➟ GitLab 🟥 High 💰 $13950.0 #bugbounty #bugbountytips #cybersecurity

1

12

63

H1 Disclosed - Public Disclosures

@h1Disclosed

8 months

⚡ Host Header Injection - 👨🏻‍💻 @Sid_x95 ➟ inDrive 🟨 Low 💰 None 🔗 #bugbounty #bugbountytips #cybersecurity #infosec

3

10

63

H1 Disclosed - Public Disclosures

@h1Disclosed

1 year

⚡ RXSS at via the `url` parameter 👨💻 @Codecancare ➟ HackerOne 🟨 Low 💰 $500.01 #bugbounty #bugbountytips #cybersecurity

1

6

60

H1 Disclosed - Public Disclosures

@h1Disclosed

1 year

⚡ HTTP Request Smuggling Due to Incorrect Parsing of Header Fields 👨💻 vwx7 ➟ Internet Bug Bounty 🟧 Medium 💰 $1800.0 #bugbounty #bugbountytips #cybersecurity

0

8

57

H1 Disclosed - Public Disclosures

@h1Disclosed

8 months

⚡ Path traversal through path stored in Uint8Array in Node.js 20 👨🏻‍💻 @tniessen_ ➟ Internet Bug Bounty 🟥 High 💰 $3,495 🔗 #bugbounty #bugbountytips #cybersecurity #infosec

2

9

59

H1 Disclosed - Public Disclosures

@h1Disclosed

11 months

====================== ⚡ Security bug - CRLF Header injection via "redirect_uri" parameter 👨🏻‍💻 oja ➟ Mozilla Critical Services 🟨 Low 💰 $200 🔗 ====================== #bugbounty #bugbountytips #cybersecurity #infosec

0

4

58

H1 Disclosed - Public Disclosures

@h1Disclosed

8 months

⚡ SQL Injection on via invite_code parameter - Mozilla ... 👨🏻‍💻 @LdrTom ➟ Mozilla Critical Services 🆘 Critical 💰 None 🔗 #bugbounty #bugbountytips #cybersecurity #infosec

1

3

58

H1 Disclosed - Public Disclosures

@h1Disclosed

1 year

⚡ robots.txt file 👨💻 notme404 ➟ Teleport ⬜ None 💰 None #bugbounty #bugbountytips #cybersecurity

8

5

56

H1 Disclosed - Public Disclosures

@h1Disclosed

4 months

⚡ any user could upload attachments to pentest scoping form they don't have access to 👨🏻‍💻 hillybot__ ➟ HackerOne 🟥 High 💰 $12,500 🔗 #bugbounty #bugbountytips #cybersecurity #infosec

4

8

57

H1 Disclosed - Public Disclosures

@h1Disclosed

7 months

⚡ # Drivers can access the customers phone number, current location without getting their offer acc... 👨🏻‍💻 @SirBagoza ➟ inDrive 🟧 Medium 💰 None 🔗 #bugbounty #bugbountytips #cybersecurity #infosec

1

7

57

H1 Disclosed - Public Disclosures

@h1Disclosed

1 year

⚡ Insecure Direct Object Reference (IDOR) - Delete Campaigns 👨💻 @datph4m ➟ HackerOne 🟥 High 💰 $12,500 #bugbounty #bugbountytips #cybersecurity

1

7

56

H1 Disclosed - Public Disclosures

@h1Disclosed

5 months

⚡ Remote vulnerabilities in spp 👨🏻‍💻 theflow0 ➟ PlayStation 🟥 High 💰 $12,500 🔗 #bugbounty #bugbountytips #cybersecurity #infosec

1

7

57

H1 Disclosed - Public Disclosures

@h1Disclosed

1 year

⚡ Reset password link sent over unsecured http protocol 👨💻 @uchihaluckycs ➟ Mattermost 🟥 High 💰 $750 #bugbounty #bugbountytips #cybersecurity

0

7

54

H1 Disclosed - Public Disclosures

@h1Disclosed

5 months

⚡ No Session Expiry after log-out, attacker can reuse the old cookies 👨🏻‍💻 @niraj1mahajan ➟ Shopify 🟨 Low 💰 $500 🔗 #bugbounty #bugbountytips #cybersecurity #infosec

0

13

56

H1 Disclosed - Public Disclosures

@h1Disclosed

9 months

⚡ 1 Click to 'Close Account and Refund' via POSTMESSAGE 👨🏻‍💻 @Sin4Yeganeh ➟ TikTok 🟧 Medium 💰 $4,500 🔗 #bugbounty #bugbountytips #cybersecurity #infosec

1

5

55

H1 Disclosed - Public Disclosures

@h1Disclosed

2 years

⚡️ Apache Flink RCE via GET jar/plan API Endpoint 👨‍💻 @JJaaskela ➟ Aiven Ltd 🆘 Critical 💰 $6000.0 #bugbounty #bugbountytips #cybersecurity

0

9

52

H1 Disclosed - Public Disclosures

@h1Disclosed

1 year

⚡ Stored XSS via Kroki diagram 👨💻 @wcbowling ➟ GitLab 🟥 High 💰 $13,950 #bugbounty #bugbountytips #cybersecurity

0

6

51

H1 Disclosed - Public Disclosures

@h1Disclosed

7 months

⚡ DOM XSS on multiple Automattic domains through postMessages 👨🏻‍💻 @renniepak ➟ Automattic 🟥 High 💰 None 🔗 #bugbounty #bugbountytips #cybersecurity #infosec

0

10

52

H1 Disclosed - Public Disclosures

@h1Disclosed

9 months

⚡ Possibility of Request smuggling attack 👨🏻‍💻 aimotonorihito ➟ Internet Bug Bounty 🟥 High 💰 $4,660 🔗 #bugbounty #bugbountytips #cybersecurity #infosec

0

11

51

H1 Disclosed - Public Disclosures

@h1Disclosed

4 months

⚡ IDOR to view order information of users and personal information 👨🏻‍💻 @hasn0x ➟ WakaTime ⬜ None 💰 None 🔗 #bugbounty #bugbountytips #cybersecurity #infosec

3

52

H1 Disclosed - Public Disclosures

@h1Disclosed

2 years

⚡️ Open Redirect ⚡️ 👨‍💻 stevejubs 👉 Flickr 👨‍💻 🟨 Low 🟨 💰 $258.0 💰 #bugbounty #bugbountytips #cybersecurity

1

8

49

H1 Disclosed - Public Disclosures

@h1Disclosed

2 years

⚡️ Admin can create a hidden admin account which even the owner can not detect and remove and do administrative actions on the application. 👨‍💻 41bin ➟ Reddit 🟥 High 💰 $5000.0 #bugbounty #bugbountytips #cybersecurity

0

11

51

H1 Disclosed - Public Disclosures

@h1Disclosed

2 years

⚡ information disclosure of another company bug on video. 👨💻 mundre_07 ➟ HackerOne 🟨 Low 💰 $500.0 #bugbounty #bugbountytips #cybersecurity

3

4

49

H1 Disclosed - Public Disclosures

@h1Disclosed

14 days

⚡ Management Console Editor Privilege Escalation to Root SSH Access in GitHub Enterprise Server via... 👨🏻‍💻 @inspector_amb ➟ GitHub 🟥 High 💰 $10,000 🔗 #bugbounty #bugbountytips #cybersecurity #infosec

0

8

51

H1 Disclosed - Public Disclosures

@h1Disclosed

1 year

⚡ Ruby's CGI library has HTTP response splitting (HTTP header injection), leaking confidential information 👨💻 ht0k ➟ Internet Bug Bounty 🟥 High 💰 $4000.0 #bugbounty #bugbountytips #cybersecurity

0

10

49

H1 Disclosed - Public Disclosures

@h1Disclosed

11 months

====================== ⚡ RCE on ingress-nginx-controller via Ingress spec.rules.http.paths.path field 👨🏻‍💻 ginoah ➟ Kubernetes 🟥 High 💰 $2,500 🔗 ====================== #bugbounty #bugbountytips #cybersecurity #infosec

0

11

50

H1 Disclosed - Public Disclosures

@h1Disclosed

4 months

⚡ Stored-XSS injected in Wiki page via Banzai pipeline 👨🏻‍💻 @yvvdwf ➟ GitLab 🟥 High 💰 None 🔗 #bugbounty #bugbountytips #cybersecurity #infosec

3

4

47

H1 Disclosed - Public Disclosures

@h1Disclosed

5 months

⚡ Docker Secret Disclosure via GitHub Actions Cache Poisoning 👨🏻‍💻 @Adnanthekhan ➟ Hyperledger 🟥 High 💰 $2,000 🔗 #bugbounty #bugbountytips #cybersecurity #infosec

0

6

48

H1 Disclosed - Public Disclosures

@h1Disclosed

5 months

⚡ Cross-Domain Leakage of X Username / UserID due to Dynamically Generated JS File 👨🏻‍💻 @Th0h0 ➟ X (Formerly Twitter) 🟧 Medium 💰 $1,500 🔗 #bugbounty #bugbountytips #cybersecurity #infosec

2

6

49

H1 Disclosed - Public Disclosures

@h1Disclosed

4 months

⚡ [ Spot Check ] Team members can edit a user's write-up 👨🏻‍💻 @iustinbb ➟ HackerOne 🟨 Low 💰 $716 🔗 #bugbounty #bugbountytips #cybersecurity #infosec

1

5

49

H1 Disclosed - Public Disclosures

@h1Disclosed

2 months

⚡ Leaking usernames through endpoints Wordpress 👨🏻‍💻 @AliToni224 ➟ MTN Group 🟥 High 💰 None 🔗 #bugbounty #bugbountytips #cybersecurity #infosec

6

5

48

H1 Disclosed - Public Disclosures

@h1Disclosed

5 months

⚡ Cleartext Transmission of password via Email 👨🏻‍💻 tuannq_gg ➟ Sheer 🟨 Low 💰 $200 🔗 #bugbounty #bugbountytips #cybersecurity #infosec

0

12

48

H1 Disclosed - Public Disclosures

@h1Disclosed

5 months

⚡ IDOR - Leaking of team data (name, email, ID, member ID) via POST /api/v1/graphql `FetchMembersh... 👨🏻‍💻 @aghayeoji ➟ Tools for Humanity 🟧 Medium 💰 $500 🔗 #bugbounty #bugbountytips #cybersecurity #infosec

0

2

47

H1 Disclosed - Public Disclosures

@h1Disclosed

1 year

⚡ Cache Poisoning Allows Stored XSS Via hav Cookie Parameter (To Account Takeover) 👨💻 @bxmbn ➟ Expedia Group Bug Bounty 🟥 High 💰 $750.0 #bugbounty #bugbountytips #cybersecurity

1

6

47

H1 Disclosed - Public Disclosures

@h1Disclosed

1 year

⚡ Blind Sql Injection https:/████████ 👨💻 codeslayer137 ➟ U.S. Dept Of Defense 🟧 Medium 💰 None #bugbounty #bugbountytips #cybersecurity

0

10

47

H1 Disclosed - Public Disclosures

@h1Disclosed

1 year

====================== ⚡ Information Disclosure - Pvt Gitlab Issue Disclosing Through GitLab Unfiltered YouTube channel. 👨🏻‍💻 @MrRajputHacker ➟ GitLab 🟨 Low 💰 $100 🔗 ====================== #bugbounty #bugbountytips #cybersecurity #infosec

2

9

47

H1 Disclosed - Public Disclosures

@h1Disclosed

5 months

⚡ Possible PII Disclosure via Advanced Vetting Process - ██████ 👨🏻‍💻 @tirtha_mandal ➟ HackerOne 🟧 Medium 💰 $2,500 🔗 #bugbounty #bugbountytips #cybersecurity #infosec

7

4

45

H1 Disclosed - Public Disclosures

@h1Disclosed

7 months

⚡ HTML Injection on TikTok Ads 👨🏻‍💻 @a77w3 ➟ TikTok 🟨 Low 💰 $250 🔗 #bugbounty #bugbountytips #cybersecurity #infosec

1

3

47

H1 Disclosed - Public Disclosures

@h1Disclosed

2 years

⚡ CVE-2022-40127: RCE in Apache Airflow <2.4.0 bash example 👨💻 leixiao ➟ Internet Bug Bounty 🟥 High 💰 $4000.0 #bugbounty #bugbountytips #cybersecurity

0

10

45

H1 Disclosed - Public Disclosures

@h1Disclosed

11 months

====================== ⚡ Unreleased Hackerone Copilot is vulnerable to IDOR 👨🏻‍💻 @bebiksior ➟ HackerOne 🟧 Medium 💰 $2,500 🔗 ====================== #bugbounty #bugbountytips #cybersecurity #infosec

1

6

45

H1 Disclosed - Public Disclosures

@h1Disclosed

6 months

⚡ Race Condition Enables Bypassing Verification Check 👨🏻‍💻 toormund ➟ Tools for Humanity 🟥 High 💰 $3,000 🔗 #bugbounty #bugbountytips #cybersecurity #infosec

0

7

45

H1 Disclosed - Public Disclosures

@h1Disclosed

1 year

⚡ Endpoint disclosing user password 👨💻 @tsk_sangam ➟ Newegg 🟨 Low 💰 $250 #bugbounty #bugbountytips #cybersecurity

1

7

44

H1 Disclosed - Public Disclosures

@h1Disclosed

3 months

⚡ Arbitrary File Reading leads to RCE in the Pulse Secure SSL VPN on the https://██████ (███) 👨🏻‍💻 @h1_sp1d3r ➟ U.S. Dept Of Defense 🟥 High 💰 $2,000 🔗 #bugbounty #bugbountytips #cybersecurity #infosec

0

2

46

H1 Disclosed - Public Disclosures

@h1Disclosed

1 year

⚡ Cache Poisoning allows redirection on JS files 👨💻 @iustinbb ➟ Glassdoor 🟥 High 💰 None #bugbounty #bugbountytips #cybersecurity

1

7

45

H1 Disclosed - Public Disclosures

@h1Disclosed

1 year

⚡ Bypass of #2035332 RXSS at via the `url` parameter 👨💻 @sudhanshur705 ➟ HackerOne 🟨 Low 💰 None #bugbounty #bugbountytips #cybersecurity

1

8

46

H1 Disclosed - Public Disclosures

@h1Disclosed

5 months

⚡ Improper Access Control + Financial fraud allows attacker to disclose + add arbitrary products to... 👨🏻‍💻 @DoomerOutrun ➟ Shipt 🟥 High 💰 $3,900 🔗 #bugbounty #bugbountytips #cybersecurity #infosec

0

7

46

H1 Disclosed - Public Disclosures

@h1Disclosed

9 months

⚡ An attacker can submit a Pentest Opportunity and change the status of the opportunity from submit... 👨🏻‍💻 @maniacmarvel_ ➟ HackerOne 🟧 Medium 💰 $2,500 🔗 #bugbounty #bugbountytips #cybersecurity #infosec

0

10

45

H1 Disclosed - Public Disclosures

@h1Disclosed

8 months

⚡ IDOR to account takeover on POST to █████████ by changing member_id parameter 👨🏻‍💻 @8Xand97953 ➟ Mars 🆘 Critical 💰 None 🔗 #bugbounty #bugbountytips #cybersecurity #infosec

0

6

41

H1 Disclosed - Public Disclosures

@h1Disclosed

13 days

⚡ Authentication Bypass Leads To Complete Account TakeveOver on ██████████ 👨🏻‍💻 reachaxis ➟ MTN Group 🆘 Critical 💰 None 🔗 #bugbounty #bugbountytips #cybersecurity #infosec

0

5

44

H1 Disclosed - Public Disclosures

@h1Disclosed

10 months

⚡ CSRF to Information disclosure on password reset 👨🏻‍💻 @hackeriron1 ➟ Mozilla Critical Services 🟨 Low 💰 None 🔗 #bugbounty #bugbountytips #cybersecurity #infosec

0

6

42

H1 Disclosed - Public Disclosures

@h1Disclosed

6 months

⚡ [] Path Traversal al /cms/audioitems 👨🏻‍💻 @0xd0m7 ➟ PortSwigger Web Security 🟥 High 💰 None 🔗 #bugbounty #bugbountytips #cybersecurity #infosec

1

5

44

H1 Disclosed - Public Disclosures

@h1Disclosed

2 years

⚡️ API tokens and Emails leaked lead to sensitive information Disclosure 👨‍💻 devdevirl ➟ ZeroBounce ⬜️ None 💰 N/A #bugbounty #bugbountytips #cybersecurity

1

18

44

H1 Disclosed - Public Disclosures

@h1Disclosed

1 year

⚡ Entire database of emails exposed through URN injection 👨💻 ultrapowa ➟ LinkedIn 🟧 Medium 💰 $1,250 #bugbounty #bugbountytips #cybersecurity

0

7

44

H1 Disclosed - Public Disclosures

@h1Disclosed

1 year

⚡ Blind SSRF to internal services in matrix preview_link API 👨💻 revolte ➟ Reddit 🟥 High 💰 $6,000 #bugbounty #bugbountytips #cybersecurity

1

9

42

H1 Disclosed - Public Disclosures

@h1Disclosed

9 months

⚡ Internal Blind Server-Side Request Forgery (SSRF) allows scanning internal ports 👨🏻‍💻 @HarshDRanjan1 ➟ Mozilla Core Services ⬜ None 💰 None 🔗 #bugbounty #bugbountytips #cybersecurity #infosec

0

18

43

H1 Disclosed - Public Disclosures

@h1Disclosed

5 months

⚡ Attachment disclosure via summary report 👨🏻‍💻 xklepxn ➟ HackerOne 🆘 Critical 💰 None 🔗 #bugbounty #bugbountytips #cybersecurity #infosec

8

5

42

H1 Disclosed - Public Disclosures

@h1Disclosed

1 year

⚡ Authentication bypass on through SSH Certificates 👨💻 ammar2 ➟ GitHub 🟥 High 💰 $10,000 #bugbounty #bugbountytips #cybersecurity

0

7

41

H1 Disclosed - Public Disclosures

@h1Disclosed

1 year

⚡ Hackerone All Private Program Name Leaked to Public Via Collaborator OR Attacker can Easily Dump all Private Program Names through Collaborator 👨💻 hackit_bharat ➟ HackerOne 🟧 Medium 💰 $2,500 #bugbounty #bugbountytips #cybersecurity

2

4

43

H1 Disclosed - Public Disclosures

@h1Disclosed

8 months

⚡ Html injection on subscription email 👨🏻‍💻 benjamin-mauss ➟ CS Money 🟧 Medium 💰 None 🔗 #bugbounty #bugbountytips #cybersecurity #infosec

2

4

43

H1 Disclosed - Public Disclosures

@h1Disclosed

5 months

⚡ Self XSS in Tag name pattern field /<username>/<reponame>/settings/tag_protection/new 👨🏻‍💻 @sudhanshur705 ➟ GitHub 🟧 Medium 💰 $7,500 🔗 #bugbounty #bugbountytips #cybersecurity #infosec

0

6

43

H1 Disclosed - Public Disclosures

@h1Disclosed

1 year

⚡ HTTP Request Smuggling via Empty headers separated by CR 👨🏻‍💻 @YadhuKrishna_ ➟ Internet Bug Bounty 🟧 Medium 💰 $1,800 🔗 #bugbounty #bugbountytips #cybersecurity #infosec

0

7

42

H1 Disclosed - Public Disclosures

@h1Disclosed

1 year

====================== ⚡ CVE-2023-30587 Process-based permissions can be bypassed with the "inspector" module. 👨🏻‍💻 mattaustin ➟ Internet Bug Bounty 🟥 High 💰 $3,495 🔗 ====================== #bugbounty #bugbountytips #cybersecurity #infosec

0

11

40

H1 Disclosed - Public Disclosures

@h1Disclosed

10 months

⚡ Able to blocking users with 2fa from login into their accounts by just knowing the SteamID 👨🏻‍💻 benjamin-mauss ➟ CS Money 🟧 Medium 💰 $300 🔗 #bugbounty #bugbountytips #cybersecurity #infosec

0

6

42

H1 Disclosed - Public Disclosures

@h1Disclosed

11 months

====================== ⚡ Google Docs link in JS files allows editing & reading survey information 👨🏻‍💻 @bebiksior ➟ HackerOne 🟧 Medium 💰 $2,500 🔗 ====================== #bugbounty #bugbountytips #cybersecurity #infosec

0

5

41

H1 Disclosed - Public Disclosures

@h1Disclosed

2 years

⚡ XSS on ( █████████.gov ) Via URL path 👨💻 @Ajay_jachak24 ➟ U.S. Dept Of Defense 🟧 Medium 💰 N/A #bugbounty #bugbountytips #cybersecurity

1

4

41

H1 Disclosed - Public Disclosures

@h1Disclosed

6 months

⚡ #2 XSS on 👨🏻‍💻 @maxdha1 ➟ inDrive ⬜ None 💰 $100 🔗 #bugbounty #bugbountytips #cybersecurity #infosec

1

42

H1 Disclosed - Public Disclosures

@h1Disclosed

1 month

⚡ CVE-2024-42005: Potential SQL injection in QuerySet.values() and values_list() 👨🏻‍💻 @EyalSec ➟ Internet Bug Bounty 🟥 High 💰 $4,263 🔗 #bugbounty #bugbountytips #cybersecurity #infosec

0

4

42