Skip to content

Latest commit

 

History

History
102 lines (101 loc) · 14.2 KB

TOP100PAID.md

File metadata and controls

102 lines (101 loc) · 14.2 KB

Top 100 paid reports from HackerOne:

  1. Github access token exposure to Shopify - $50000, 985 upvotes
  2. Steal ALL collateral during liquidation by exploiting lack of validation in flip.kick to BlockDev Sp. Z o.o - $50000, 461 upvotes
  3. [Pre-Submission][H1-4420-2019] API access to Phabricator on code.uberinternal.com from leaked certificate in git repo to Uber - $39999, 275 upvotes
  4. Незащищённый экземпляр Zeppelin to Mail.ru - $35000, 139 upvotes
  5. RCE via the DecompressedArchiveSizeValidator and Project BulkImports (behind feature flag) to GitLab - $33510, 234 upvotes
  6. Remote Command Execution via Github import to GitLab - $33510, 214 upvotes
  7. RCE via github import to GitLab - $33510, 146 upvotes
  8. RCE via npm misconfig -- installing internal libraries from the public registry to PayPal - $30000, 794 upvotes
  9. Arbitrary file read via the bulk imports UploadsPipeline to GitLab - $29000, 268 upvotes
  10. Exposed Kubernetes API - RCE/Exposed Creds to Snapchat - $25000, 1087 upvotes
  11. Improper Authentication - any user can login as other user with otp/logout & otp/login to Snapchat - $25000, 888 upvotes
  12. Publicly accessible Continuous Integration Tool to Snapchat - $25000, 538 upvotes
  13. SSRF in Exchange leads to ROOT access in all instances to Shopify - $25000, 517 upvotes
  14. SQL Injection in report_xml.php through countryFilter[] parameter to Valve - $25000, 347 upvotes
  15. Key Reinstallation Attacks: Breaking WPA2 by forcing nonce reuse to Internet Bug Bounty - $25000, 191 upvotes
  16. Steal collateral during end process, by earning DSR interest after flow. to BlockDev Sp. Z o.o - $25000, 147 upvotes
  17. Takeover an account that doesn't have a Shopify ID and more to Shopify - $23550, 2839 upvotes
  18. Email Confirmation Bypass in your-store.myshopify.com which leads to privilege escalation to Shopify - $22500, 532 upvotes
  19. RepositoryPipeline allows importing of local git repos to GitLab - $22300, 57 upvotes
  20. ETH contract handling errors to Coinbase - $21000, 200 upvotes
  21. Potential pre-auth RCE on Twitter VPN to Twitter - $20160, 1157 upvotes
  22. Bypass for #488147 enables stored XSS on https://paypal.com/signin again to PayPal - $20000, 2528 upvotes
  23. Account takeover via leaked session cookie to HackerOne - $20000, 1498 upvotes
  24. Arbitrary file read via the UploadsRewriter when moving and issue to GitLab - $20000, 1427 upvotes
  25. Confidential data of users and limited metadata of programs and reports accessible via GraphQL to HackerOne - $20000, 972 upvotes
  26. [phpobject in cookie] Remote shell/command execution to Pornhub - $20000, 604 upvotes
  27. Getting all the CD keys of any game to Valve - $20000, 600 upvotes
  28. RCE when removing metadata with ExifTool to GitLab - $20000, 475 upvotes
  29. RCE via unsafe inline Kramdown options when rendering certain Wiki pages to GitLab - $20000, 408 upvotes
  30. Shopify admin authentication bypass using partners.shopify.com to Shopify - $20000, 287 upvotes
  31. bd-j exploit chain to PlayStation - $20000, 236 upvotes
  32. Steal private objects of other projects via project import to GitLab - $20000, 208 upvotes
  33. Private objects exposed through project import to GitLab - $20000, 101 upvotes
  34. DoS: type confusion in mrb_no_method_error to shopify-scripts - $20000, 60 upvotes
  35. Type confusion in mrb_exc_set leading to memory corruption to shopify-scripts - $20000, 40 upvotes
  36. Use after free vulnerability in mruby Array#to_h causing DOS possible RCE to shopify-scripts - $20000, 29 upvotes
  37. TOCTTOU bug in mrb_str_setbyte leading the memory corruption to shopify-scripts - $20000, 23 upvotes
  38. GNU Bourne-Again Shell (Bash) 'Shellshock' Vulnerability to Internet Bug Bounty - $20000, 17 upvotes
  39. Stored XSS on https://paypal.com/signin via cache poisoning to PayPal - $18900, 645 upvotes
  40. RCE on Steam Client via buffer overflow in Server Info to Valve - $18000, 1253 upvotes
  41. Oracle Webcenter Sites administrative and hi-privilege access available directly from the internet (/cs/Satellite) to LocalTapiola - $18000, 260 upvotes
  42. HTTP Smuggling multiple issues in Squid 3.x & squid 4.x to Internet Bug Bounty - $18000, 72 upvotes
  43. Type confusion in wrap_decimal leading to memory corruption to shopify-scripts - $18000, 35 upvotes
  44. Arbritrary file Upload on AirMax to Ubiquiti Inc. - $18000, 19 upvotes
  45. Struct type confusion RCE to shopify-scripts - $18000, 6 upvotes
  46. Full Response SSRF via Google Drive to Dropbox - $17576, 302 upvotes
  47. [Git Gud] GitHub.com Svnbridge memcached deserialization vulnerability chain leading to Remote Code Execution to GitHub - $17500, 8 upvotes
  48. Privilege Escalation From user to SYSTEM via unauthenticated command execution to Ubiquiti Inc. - $16109, 535 upvotes
  49. Email Confirmation Bypass in myshop.myshopify.com that Leads to Full Privilege Escalation to Any Shop Owner by Taking Advantage of the Shopify SSO to Shopify - $16000, 1801 upvotes
  50. Stored XSS in markdown via the DesignReferenceFilter to GitLab - $16000, 274 upvotes
  51. Arbitrary file read during project import to GitLab - $16000, 174 upvotes
  52. Token leak in security challenge flow allows retrieving victim's PayPal email and plain text password to PayPal - $15300, 1324 upvotes
  53. Ability to bypass partner email confirmation to take over any store given an employee email to Shopify - $15250, 223 upvotes
  54. [Part II] Email Confirmation Bypass in myshop.myshopify.com that Leads to Full Privilege Escalation to Shopify - $15000, 868 upvotes
  55. H1514 Remote Code Execution on kitcrm using bulk customer update of Priority Products to Shopify - $15000, 790 upvotes
  56. Websites Can Run Arbitrary Code on Machines Running the 'PlayStation Now' Application to PlayStation - $15000, 744 upvotes
  57. Time-Based SQL injection at city-mobil.ru to Mail.ru - $15000, 619 upvotes
  58. Github Token Leaked publicly for https://github.sc-corp.net to Snapchat - $15000, 566 upvotes
  59. Open prod Jenkins instance to Snapchat - $15000, 421 upvotes
  60. RCE on build server via misconfigured pip install to Yelp - $15000, 346 upvotes
  61. file read on MCS servers via supplying a QCOW2 image with external backing file to Mail.ru - $15000, 218 upvotes
  62. Incorrect authorization to the intelbot service leading to ticket information to TikTok - $15000, 200 upvotes
  63. [mcs.mail.ru] Пользователь с ролью наблюдателя может создавать ключи доступа для очереди сообщений (sqs.mcs.mail.ru) to Mail.ru - $15000, 146 upvotes
  64. Leaked JFrog Artifactory username and password exposed on GitHub - https://snapchat.jfrog.io to Snapchat - $15000, 116 upvotes
  65. Stored XSS in Notes (with CSP bypass for gitlab.com) to GitLab - $13950, 135 upvotes
  66. XSS in ZenTao integration affecting self hosted instances without strict CSP to GitLab - $13950, 69 upvotes
  67. New /add_contacts /remove_contacts quick commands susseptible to XSS from Customer Contact firstname/lastname fields to GitLab - $13950, 63 upvotes
  68. H1514 Ability to MiTM Shopify PoS Session to Takeover Communications to Shopify - $13337, 357 upvotes
  69. Mass Accounts Takeover Without any user Interaction at https://app.taxjar.com/ to Stripe - $13000, 154 upvotes
  70. RCE on TikTok Ads Portal to TikTok - $12582, 301 upvotes
  71. An attacker can archive and unarchive any structured scope object on HackerOne to HackerOne - $12500, 279 upvotes
  72. Internal attachments can be exported via "Export as .zip" feature to HackerOne - $12500, 248 upvotes
  73. Spring Actuator endpoints publicly available and broken authentication to LINE - $12500, 223 upvotes
  74. Test-scripts for postgis in mason-repository using unsafe unzip of content from unclaimed bucket creates potential RCE-issues to Mapbox - $12500, 200 upvotes
  75. Malformed .BSP Access Violation in CS:GO can lead to Remote Code Execution to Valve - $12500, 149 upvotes
  76. [3DS][SSL] Improper certificate validation allows an attacker to perform MitM attacks to Nintendo - $12168, 125 upvotes
  77. Git flag injection - local file overwrite to remote code execution to GitLab - $12000, 759 upvotes
  78. Local files could be overwritten in GitLab, leading to remote command execution to GitLab - $12000, 536 upvotes
  79. Project Template functionality can be used to copy private project data, such as repository, confidential issues, snippets, and merge requests to GitLab - $12000, 438 upvotes
  80. JSON serialization of any Project model results in all Runner tokens being exposed through Quick Actions to GitLab - $12000, 353 upvotes
  81. Bypass of GitLab CI runner slash fix in YAML validation to GitLab - $12000, 351 upvotes
  82. An attacker can run pipeline jobs as arbitrary user to GitLab - $12000, 299 upvotes
  83. Full Read SSRF on Gitlab's Internal Grafana to GitLab - $12000, 201 upvotes
  84. Path traversal, to RCE to GitLab - $12000, 136 upvotes
  85. Able to view hackerone reports attachments to GitLab - $12000, 95 upvotes
  86. Path traversal in Nuget Package Registry to GitLab - $12000, 83 upvotes
  87. UrnState Heap Overflow to Internet Bug Bounty - $12000, 27 upvotes
  88. URN Request bypass ACL Checks to Internet Bug Bounty - $12000, 21 upvotes
  89. Cache Manager ACL Bypass to Internet Bug Bounty - $12000, 20 upvotes
  90. View Only to Root Privilege Escalation on UniFi Protect to Ubiquiti Inc. - $11689, 38 upvotes
  91. Arbitrary Code Execution via npm misconfiguration – installing internal libraries from the public registry to LINE - $11500, 270 upvotes
  92. Mass Account Takeover at https://app.taxjar.com/ - No user Interaction to Stripe - $11500, 222 upvotes
  93. Multiple bugs leads to RCE on TikTok for Android to TikTok - $11214, 359 upvotes
  94. Exfiltrate and mutate repository and project data through injected templated service to GitLab - $11000, 732 upvotes
  95. IDOR to add secondary users in www.paypal.com/businessmanage/users/api/v1/users to PayPal - $10500, 679 upvotes
  96. Ability to DOS any organization's SSO and open up the door to account takeovers to Grammarly - $10500, 205 upvotes
  97. CSP-bypass XSS in project settings page to GitLab - $10270, 67 upvotes
  98. Chain of IDORs Between U4B and Vouchers APIs Allows Attackers to View and Modify Program/Voucher Policies and to Obtain Organization Employees' PII to Uber - $10250, 53 upvotes
  99. XXE on sms-be-vip.twitter.com in SXMP Processor to Twitter - $10080, 250 upvotes
  100. WannaCrypt “Killswitch” to HackerOne - $10000, 797 upvotes