目標達成 すべての支援者に感謝 — 100%達成しました!

目標: 1000 CNY · 調達済み: 1000 CNY

100.0%
コーヒーを一杯おごる

漏洞赏金情报

数据来源:HackerOne 公开披露报告 · 每 6 小时更新

浏览 HackerOne 平台公开披露的漏洞赏金报告,按严重程度、漏洞类型或目标项目筛选,关联 CVE 编号。

已披露报告
12,219
关联 CVE
1,854
参与项目数
342
近 7 天新增
14
严重度: All CriticalHighMediumLow
类型: 全部 Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
项目筛选:x
login csrf in analytics.mopub.com
X / xAI Cross-Site Request Forgery (CSRF) (CWE-352)
Medium
2019-10-02
Reports Modal in app.mopub.com Disclose by any user
X / xAI Information Disclosure (CWE-200)
Medium
2019-10-02
Ability to perform actions (Tweet, Retweet, DM) and other actions, unauthenticated, on any account with SMS enabled.
X / xAI Business Logic Errors (CWE-840)
Critical
2019-09-26
Periscope-all Firebase database takeover
X / xAI Improper Access Control - Generic (CWE-284)
Critical
2019-09-25
XSS and Open Redirect on MoPub Login
X / xAI Open Redirect (CWE-601)
Unknown
2019-09-24
AppLovin API Key hardcoded in a Github repo
X / xAI Cleartext Storage of Sensitive Information (CWE-312)
High
2019-09-18
Html Injection and Possible XSS via MathML
X / xAI Cross-site Scripting (XSS) - Generic (CWE-79)
Critical
2019-09-03
Wrong Interpretation of URL encoded characters, showing different punny code leads to redirection on different domain
X / xAI Open Redirect (CWE-601)
Low
2019-08-26
Github Token Leaked publicly for https://github.com/mopub
X / xAI Cleartext Storage of Sensitive Information (CWE-312)
Medium
2019-08-15
Potential pre-auth RCE on Twitter VPN
X / xAI OS Command Injection (CWE-78)CVE-2019-11510CVE-2019-11542CVE-2019-11539CVE-2019-11538CVE-2019-11508CVE-2019-11540
Critical
2019-08-10
Twitter Periscope Clickjacking Vulnerability
X / xAI UI Redressing (Clickjacking) (CAPEC-103)
Medium
2019-07-10
cookie injection allow dos attack to periscope.tv
X / xAI Uncontrolled Resource Consumption (CWE-400)
Medium
2019-07-03
Verify any unused email address
X / xAI Improper Access Control - Generic (CWE-284)
Unknown
2019-06-24
IDOR and statistics leakage in Orders
X / xAI Insecure Direct Object Reference (IDOR) (CWE-639)
Medium
2019-06-14
Subdomain takeover on dev-admin.periscope.tv
X / xAI Privilege Escalation (CAPEC-233)
Medium
2019-05-28
HTTPS is not validating TLS mac codes
X / xAI Use of a Broken or Risky Cryptographic Algorithm (CWE-327)
Unknown
2019-05-25
Protected Tweets setting overridden by Android app
X / xAI
Low
2019-05-17
Twitter ID exposure via error-based side-channel attack
X / xAI Privacy Violation (CWE-359)
Medium
2019-05-16
XSS via Direct Message deeplinks
X / xAI Cross-site Scripting (XSS) - DOM (CWE-79)
Unknown
2019-05-09
XSS and cache poisoning via upload.twitter.com on ton.twitter.com
X / xAI Cross-site Scripting (XSS) - Generic (CWE-79)
Unknown
2019-05-01
高频漏洞类型
最活跃项目
项目报告数最高赏金
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud582
Shopify464
curl439
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239 $9,895