Bypass front server restrictions and access to forbidden files and directories through X-Rewrite-Url/X-original-url header on account.mackeeper.com
https://hackerone.com/reports/737323
6.1
rumiljonov
$300
Django DEBUG mode enabled and leaked system information.
https://hackerone.com/reports/963542
null
aungkyawphyo
null
Mirror of https://city-mobil.ru admin interface
https://hackerone.com/reports/749677
null
merron
$150
misconfigured CORS let to HPP and SOP bypass
https://hackerone.com/reports/867436
null
dagamosst90
null
Helpdesk takeover (subdomain takeover) in razerzone.com domain via unclaimed Zendesk instance
https://hackerone.com/reports/810807
null
mshassy
$250
Spring Actuator endpoints publicly available, leading to account takeover
https://hackerone.com/reports/862589
null
kazan71p
$5,000
mailgun subdomain takeover on "email.mail.geekbrains.ru"
https://hackerone.com/reports/819309
3.8
risinghunter
null
Spring Actuator endpoints publicly available and broken authentication
https://hackerone.com/reports/838635
null
kazan71p
$12,500
Cross-origin resource sharing misconfig | steal user information
https://hackerone.com/reports/235200
5.7
bughunterboy
$1,000
[staging.tarantool.org] Github Pages Subdomain-take-over
https://hackerone.com/reports/813377
3.1
iframe
null
vk.com profile page takeover on https://cabinet.am.ru/
https://hackerone.com/reports/799593
null
naategh
null