Skip to content

TOP100PAID.md

Latest commit

 

History

History
102 lines (101 loc) · 14.3 KB

TOP100PAID.md

File metadata and controls

102 lines (101 loc) · 14.3 KB

Top 100 paid reports from HackerOne:

  1. Github access token exposure to Shopify - $50000, 1526 upvotes
  2. [Pre-Submission][H1-4420-2019] API access to Phabricator on code.uberinternal.com from leaked certificate in git repo to Uber - $39999, 434 upvotes
  3. Account Takeover via Password Reset without user interactions to GitLab - $35000, 919 upvotes
  4. Незащищённый экземпляр Zeppelin to Mail.ru - $35000, 169 upvotes
  5. Remote Command Execution via Github import to GitLab - $33510, 379 upvotes
  6. RCE via the DecompressedArchiveSizeValidator and Project BulkImports (behind feature flag) to GitLab - $33510, 370 upvotes
  7. RCE via npm misconfig -- installing internal libraries from the public registry to PayPal - $30000, 931 upvotes
  8. Arbitrary file read via the bulk imports UploadsPipeline to GitLab - $29000, 323 upvotes
  9. Exposed Kubernetes API - RCE/Exposed Creds to Snapchat - $25000, 1183 upvotes
  10. SQL Injection in report_xml.php through countryFilter[] parameter to Valve - $25000, 401 upvotes
  11. Disclosing PolicyPageAssetGroup in Private Programs via /graphql gid://hackerone/PolicyPageAssetGroupsIndex::PolicyPageAssetGroup/{id} to HackerOne - $25000, 279 upvotes
  12. RepositoryPipeline allows importing of local git repos to GitLab - $22300, 82 upvotes
  13. access list owner can escalate his role to the highest roles to Teleport - $21000, 255 upvotes
  14. Potential pre-auth RCE on Twitter VPN to X / xAI - $20160, 1237 upvotes
  15. Bypass for #488147 enables stored XSS on https://paypal.com/signin again to PayPal - $20000, 2675 upvotes
  16. Account takeover via leaked session cookie to HackerOne - $20000, 1624 upvotes
  17. Arbitrary file read via the UploadsRewriter when moving and issue to GitLab - $20000, 1497 upvotes
  18. Getting all the CD keys of any game to Valve - $20000, 633 upvotes
  19. [phpobject in cookie] Remote shell/command execution to Pornhub - $20000, 607 upvotes
  20. RCE when removing metadata with ExifTool to GitLab - $20000, 504 upvotes
  21. RCE via unsafe inline Kramdown options when rendering certain Wiki pages to GitLab - $20000, 426 upvotes
  22. bd-j exploit chain to PlayStation - $20000, 295 upvotes
  23. Steal private objects of other projects via project import to GitLab - $20000, 245 upvotes
  24. Private objects exposed through project import to GitLab - $20000, 126 upvotes
  25. Stored XSS on https://paypal.com/signin via cache poisoning to PayPal - $18900, 682 upvotes
  26. Oracle Webcenter Sites administrative and hi-privilege access available directly from the internet (/cs/Satellite) to LocalTapiola - $18000, 264 upvotes
  27. Struct type confusion RCE to shopify-scripts - $18000, 14 upvotes
  28. Full Response SSRF via Google Drive to Dropbox - $17576, 302 upvotes
  29. Stored XSS in markdown via the DesignReferenceFilter to GitLab - $16000, 315 upvotes
  30. Arbitrary file read during project import to GitLab - $16000, 194 upvotes
  31. Token leak in security challenge flow allows retrieving victim's PayPal email and plain text password to PayPal - $15300, 1405 upvotes
  32. Ability to bypass partner email confirmation to take over any store given an employee email to Shopify - $15250, 268 upvotes
  33. Delete anyone's content spotlight remotely. to Snapchat - $15000, 785 upvotes
  34. Websites Can Run Arbitrary Code on Machines Running the 'PlayStation Now' Application to PlayStation - $15000, 776 upvotes
  35. Time-Based SQL injection at city-mobil.ru to Mail.ru - $15000, 631 upvotes
  36. Open prod Jenkins instance to Snapchat - $15000, 434 upvotes
  37. file read on MCS servers via supplying a QCOW2 image with external backing file to Mail.ru - $15000, 222 upvotes
  38. Incorrect authorization to the intelbot service leading to ticket information to TikTok - $15000, 216 upvotes
  39. [mcs.mail.ru] Пользователь с ролью наблюдателя может создавать ключи доступа для очереди сообщений (sqs.mcs.mail.ru) to Mail.ru - $15000, 147 upvotes
  40. Leaked JFrog Artifactory username and password exposed on GitHub - https://snapchat.jfrog.io to Snapchat - $15000, 135 upvotes
  41. Groups module can halt chain when handling a proposal with malicious group weights to Cosmos - $15000, 86 upvotes
  42. Stored XSS via Kroki diagram to GitLab - $13950, 293 upvotes
  43. Stored XSS in Notes (with CSP bypass for gitlab.com) to GitLab - $13950, 160 upvotes
  44. New /add_contacts /remove_contacts quick commands susseptible to XSS from Customer Contact firstname/lastname fields to GitLab - $13950, 92 upvotes
  45. XSS in ZenTao integration affecting self hosted instances without strict CSP to GitLab - $13950, 81 upvotes
  46. Mass Accounts Takeover Without any user Interaction at https://app.taxjar.com/ to Stripe - $13000, 206 upvotes
  47. An attacker can can view any hacker email via /SaveCollaboratorsMutation operation name to HackerOne - $12500, 422 upvotes
  48. IDOR - Delete all Licenses and certifications from users account using CreateOrUpdateHackerCertification GraphQL query to HackerOne - $12500, 381 upvotes
  49. Internal attachments can be exported via "Export as .zip" feature to HackerOne - $12500, 267 upvotes
  50. Spring Actuator endpoints publicly available and broken authentication to LY Corporation - $12500, 233 upvotes
  51. Internal Access to Hackerone confluence Docs to HackerOne - $12500, 222 upvotes
  52. Remote vulnerabilities in spp to PlayStation - $12500, 193 upvotes
  53. DOS via Mutation Aliasing in GraphQL Account Recovery Phone Number Verification API to HackerOne - $12500, 158 upvotes
  54. Git flag injection - local file overwrite to remote code execution to GitLab - $12000, 777 upvotes
  55. Local files could be overwritten in GitLab, leading to remote command execution to GitLab - $12000, 540 upvotes
  56. Project Template functionality can be used to copy private project data, such as repository, confidential issues, snippets, and merge requests to GitLab - $12000, 455 upvotes
  57. JSON serialization of any Project model results in all Runner tokens being exposed through Quick Actions to GitLab - $12000, 364 upvotes
  58. An attacker can run pipeline jobs as arbitrary user to GitLab - $12000, 307 upvotes
  59. Account Takeover via Authentication Bypass in TikTok Account Recovery to TikTok - $12000, 166 upvotes
  60. Path traversal, to RCE to GitLab - $12000, 141 upvotes
  61. Path traversal in Nuget Package Registry to GitLab - $12000, 87 upvotes
  62. Arbitrary Code Execution via npm misconfiguration – installing internal libraries from the public registry to LY Corporation - $11500, 286 upvotes
  63. Exfiltrate and mutate repository and project data through injected templated service to GitLab - $11000, 757 upvotes
  64. IDOR to add secondary users in www.paypal.com/businessmanage/users/api/v1/users to PayPal - $10500, 781 upvotes
  65. Ability to DOS any organization's SSO and open up the door to account takeovers to Superhuman (formerly Grammarly) - $10500, 255 upvotes
  66. Use-After-Free In IPV6_2292PKTOPTIONS leading To Arbitrary Kernel R/W Primitives to PlayStation - $10000, 741 upvotes
  67. Access to multiple production Grafana dashboards to Snapchat - $10000, 462 upvotes
  68. touch.mail.ru / e.mail.ru memory content disclosure to Mail.ru - $10000, 409 upvotes
  69. gitlab-workhorse bypass in Gitlab::Middleware::Multipart allowing files in allowed_paths to be read to GitLab - $10000, 409 upvotes
  70. SQL injection at fleet.city-mobil.ru to Mail.ru - $10000, 372 upvotes
  71. RCE on shared.mail.ru due to "widget" plugin to Mail.ru - $10000, 359 upvotes
  72. SSRF on project import via the remote_attachment_url on a Note to GitLab - $10000, 355 upvotes
  73. Partial disclosure of report activity through new "Export as .zip" feature to HackerOne - $10000, 353 upvotes
  74. Double Payout via PayPal to Coinbase - $10000, 317 upvotes
  75. SOCK_RAW sockets reachable from Webkit process allows triggering double free in IP6_EXTHDR_CHECK to PlayStation - $10000, 298 upvotes
  76. Information Disclosure in /skills call to HackerOne - $10000, 284 upvotes
  77. size_t-to-int vulnerability in exFAT leads to memory corruption via malformed USB flash drives to PlayStation - $10000, 278 upvotes
  78. Deserialization of untrusted data at https://www.redtube.com/media/hls?s=data to Pornhub - $10000, 271 upvotes
  79. Malformed NAV file leads to buffer overflow and code execution in Left4Dead2.exe to Valve - $10000, 268 upvotes
  80. Arbitrary Read of Another Users private repository without Authorization to GitHub - $10000, 259 upvotes
  81. sys_fsc2h_ctrl kernel stack free to PlayStation - $10000, 233 upvotes
  82. Publicly exposed SVN repository, ht.pornhub.com to Pornhub - $10000, 211 upvotes
  83. Hacker can bypass 2FA requirement and reporter blacklist through embedded submission form to HackerOne - $10000, 204 upvotes
  84. read new emails from any inbox IOS APP in notification center to Mail.ru - $10000, 186 upvotes
  85. Double fdrop on a socket through sys_netcontrol to PlayStation - $10000, 184 upvotes
  86. Authentication bypass on gist.github.com through SSH Certificates to GitHub - $10000, 178 upvotes
  87. CSRF protection bypass in GitHub Enterprise management console to GitHub - $10000, 149 upvotes
  88. Use-after-free in setsockopt IPV6_2292PKTOPTIONS (CVE-2020-7457) to PlayStation - $10000, 141 upvotes
  89. uber.com may RCE by Flask Jinja2 Template Injection to Uber - $10000, 134 upvotes
  90. Using gossip to drain miner wallets to Zilliqa - $10000, 111 upvotes
  91. password reset token leaking allowed for ATO of an Uber account to Uber - $10000, 100 upvotes
  92. OneLogin authentication bypass on WordPress sites to Uber - $10000, 57 upvotes
  93. RCE hazard in reporting (via Chromium) to Elastic - $10000, 25 upvotes
  94. Invalid handling of zero-length heredoc identifiers leads to infinite loop in the sandbox to shopify-scripts - $10000, 23 upvotes
  95. Crash: Overwriting NoMethodError with a builtin class crashes/corrupts memory to shopify-scripts - $10000, 20 upvotes
  96. Segfault and/or potential unwanted (byte)code execution with "break" and "||=" inside a loop to shopify-scripts - $10000, 13 upvotes
  97. Buffer overflow in mrb_time_asctime to shopify-scripts - $10000, 13 upvotes
  98. Certain inputs cause tight C-level recursion leading to process stack overflow to shopify-scripts - $10000, 11 upvotes
  99. Broken handling of maximum number of method call arguments leads to segfault to shopify-scripts - $10000, 10 upvotes
  100. Crash: Initialize Decimal with itself triggers an assertion to shopify-scripts - $10000, 9 upvotes