目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1310

100%
请我们喝杯咖啡

漏洞赏金情报

数据来源:HackerOne 公开披露报告 · 每 6 小时更新

浏览 HackerOne 平台公开披露的漏洞赏金报告,按严重程度、漏洞类型或目标项目筛选,关联 CVE 编号。

已披露报告
12,254
关联 CVE
1,865
参与项目数
343
近 7 天新增
7
严重度: All CriticalHighMediumLow
类型: 全部 Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 658 Improper Authentication - Generic 654 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
Homebrew installed LaunchDaemons create simple root esclations
Homebrew Privilege Escalation (CAPEC-233)
High
2019-05-24
Privilege-0 to Root Privilege Escalation on EdgeSwitch
Ubiquiti Inc. Privilege Escalation (CAPEC-233)CVE-2019-5425
High
2019-03-31
SaaS admin can modify/delete/get user information.
Ping Identity Privilege Escalation (CAPEC-233)
High
2019-03-26
Subdomain takeover on usclsapipma.cv.ford.com
Ford Privilege Escalation (CAPEC-233)
High
2019-03-24
Privilege Escalation: Read-Only to Admin
Inflection Privilege Escalation (CAPEC-233)
High
2019-03-15
Subdomain takeover at signup.uber.com
Uber Privilege Escalation (CAPEC-233)
High
2019-01-25
UniFi Video Server - Broken access control on system configuration
Ubiquiti Inc. Privilege Escalation (CAPEC-233)
High
2018-11-07
Domain Takeover in [obviousengine.com] a snapchat acquisitions
Snapchat Privilege Escalation (CAPEC-233)
High
2018-10-07
Subdomain takeover on wfmnarptpc.starbucks.com
Starbucks Privilege Escalation (CAPEC-233)
High
2018-08-09
Privilage escalation with malicious .npmrc
Node.js third-party modules Privilege Escalation (CAPEC-233)
High
2018-06-30
UniFi Video v3.2.2 (Windows) Local Privileges Escalation due to weak default install directory ACLs
Ubiquiti Inc. Privilege Escalation (CAPEC-233)CVE-2016-6914
High
2017-12-20
Multiple Subdomain takeovers via unclaimed instances
Starbucks Privilege Escalation (CAPEC-233)
High
2017-12-04
Subdomain Takeover
GSA Bounty Privilege Escalation (CAPEC-233)
High
2017-11-28
Privilege escalation in the client impersonation functionality
Ubiquiti Inc. Privilege Escalation (CAPEC-233)
High
2017-11-13
Subdomain Takeover via unclaimed UserVoice domain
Snapchat Privilege Escalation (CAPEC-233)
High
2017-10-04
Subdomain take-over of {REDACTED}.18f.gov
GSA Bounty Privilege Escalation (CAPEC-233)
High
2017-09-06
Privilege escalation-User who does not have access is able to add notes to the contact
Mixmax Privilege Escalation (CAPEC-233)
High
2017-06-16
Password Reset link hijacking via Host Header Poisoning
Concrete CMS Privilege Escalation (CAPEC-233)
High
2017-06-06
Privilege escalation - Normal user can somehow make admin to delete shared folders
Nextcloud Privilege Escalation (CAPEC-233)
High
2017-05-20
Subdomain takeover on happymondays.starbucks.com due to non-used AWS S3 DNS record
Starbucks Privilege Escalation (CAPEC-233)
High
2016-12-19
高频漏洞类型
最活跃项目
项目报告数最高赏金
U.S. Dept Of Defense896
Internet Bug Bounty817 $2,257
HackerOne609
Nextcloud584
Shopify464
curl459
Node.js third-party modules307
GitLab258
X / xAI250 $7,000
Uber239