Skip to content

Latest commit

 

History

History
102 lines (101 loc) · 14.1 KB

TOP100PAID.md

File metadata and controls

102 lines (101 loc) · 14.1 KB

Top 100 paid reports from HackerOne:

  1. Github access token exposure to Shopify - $50000, 1007 upvotes
  2. Steal ALL collateral during liquidation by exploiting lack of validation in flip.kick to BlockDev Sp. Z o.o - $50000, 461 upvotes
  3. [Pre-Submission][H1-4420-2019] API access to Phabricator on code.uberinternal.com from leaked certificate in git repo to Uber - $39999, 280 upvotes
  4. Незащищённый экземпляр Zeppelin to Mail.ru - $35000, 139 upvotes
  5. RCE via github import to GitLab - $33510, 258 upvotes
  6. RCE via the DecompressedArchiveSizeValidator and Project BulkImports (behind feature flag) to GitLab - $33510, 249 upvotes
  7. Remote Command Execution via Github import to GitLab - $33510, 247 upvotes
  8. RCE via npm misconfig -- installing internal libraries from the public registry to PayPal - $30000, 802 upvotes
  9. Arbitrary file read via the bulk imports UploadsPipeline to GitLab - $29000, 274 upvotes
  10. Exposed Kubernetes API - RCE/Exposed Creds to Snapchat - $25000, 1101 upvotes
  11. Improper Authentication - any user can login as other user with otp/logout & otp/login to Snapchat - $25000, 901 upvotes
  12. Publicly accessible Continuous Integration Tool to Snapchat - $25000, 543 upvotes
  13. SSRF in Exchange leads to ROOT access in all instances to Shopify - $25000, 520 upvotes
  14. [CVE-2022-44268] Arbitrary Remote Leak via ImageMagick to HackerOne - $25000, 353 upvotes
  15. SQL Injection in report_xml.php through countryFilter[] parameter to Valve - $25000, 347 upvotes
  16. Key Reinstallation Attacks: Breaking WPA2 by forcing nonce reuse to Internet Bug Bounty - $25000, 191 upvotes
  17. Steal collateral during end process, by earning DSR interest after flow. to BlockDev Sp. Z o.o - $25000, 147 upvotes
  18. Takeover an account that doesn't have a Shopify ID and more to Shopify - $23550, 2855 upvotes
  19. Email Confirmation Bypass in your-store.myshopify.com which leads to privilege escalation to Shopify - $22500, 533 upvotes
  20. RepositoryPipeline allows importing of local git repos to GitLab - $22300, 60 upvotes
  21. ETH contract handling errors to Coinbase - $21000, 203 upvotes
  22. Potential pre-auth RCE on Twitter VPN to Twitter - $20160, 1163 upvotes
  23. Bypass for #488147 enables stored XSS on https://paypal.com/signin again to PayPal - $20000, 2540 upvotes
  24. Account takeover via leaked session cookie to HackerOne - $20000, 1511 upvotes
  25. Arbitrary file read via the UploadsRewriter when moving and issue to GitLab - $20000, 1431 upvotes
  26. Confidential data of users and limited metadata of programs and reports accessible via GraphQL to HackerOne - $20000, 980 upvotes
  27. [phpobject in cookie] Remote shell/command execution to Pornhub - $20000, 605 upvotes
  28. Getting all the CD keys of any game to Valve - $20000, 600 upvotes
  29. RCE when removing metadata with ExifTool to GitLab - $20000, 479 upvotes
  30. RCE via unsafe inline Kramdown options when rendering certain Wiki pages to GitLab - $20000, 409 upvotes
  31. Shopify admin authentication bypass using partners.shopify.com to Shopify - $20000, 288 upvotes
  32. bd-j exploit chain to PlayStation - $20000, 245 upvotes
  33. Steal private objects of other projects via project import to GitLab - $20000, 211 upvotes
  34. Github Apps can use Scoped-User-To-Server Tokens to Obtain Full Access to User's Projects in Project V2 GraphQL api to GitHub - $20000, 172 upvotes
  35. Private objects exposed through project import to GitLab - $20000, 101 upvotes
  36. DoS: type confusion in mrb_no_method_error to shopify-scripts - $20000, 60 upvotes
  37. Type confusion in mrb_exc_set leading to memory corruption to shopify-scripts - $20000, 40 upvotes
  38. Use after free vulnerability in mruby Array#to_h causing DOS possible RCE to shopify-scripts - $20000, 29 upvotes
  39. TOCTTOU bug in mrb_str_setbyte leading the memory corruption to shopify-scripts - $20000, 23 upvotes
  40. GNU Bourne-Again Shell (Bash) 'Shellshock' Vulnerability to Internet Bug Bounty - $20000, 17 upvotes
  41. Stored XSS on https://paypal.com/signin via cache poisoning to PayPal - $18900, 647 upvotes
  42. RCE on Steam Client via buffer overflow in Server Info to Valve - $18000, 1256 upvotes
  43. Oracle Webcenter Sites administrative and hi-privilege access available directly from the internet (/cs/Satellite) to LocalTapiola - $18000, 261 upvotes
  44. HTTP Smuggling multiple issues in Squid 3.x & squid 4.x to Internet Bug Bounty - $18000, 73 upvotes
  45. Type confusion in wrap_decimal leading to memory corruption to shopify-scripts - $18000, 35 upvotes
  46. Arbritrary file Upload on AirMax to Ubiquiti Inc. - $18000, 19 upvotes
  47. Struct type confusion RCE to shopify-scripts - $18000, 6 upvotes
  48. Full Response SSRF via Google Drive to Dropbox - $17576, 302 upvotes
  49. [Git Gud] GitHub.com Svnbridge memcached deserialization vulnerability chain leading to Remote Code Execution to GitHub - $17500, 8 upvotes
  50. Privilege Escalation From user to SYSTEM via unauthenticated command execution to Ubiquiti Inc. - $16109, 537 upvotes
  51. Email Confirmation Bypass in myshop.myshopify.com that Leads to Full Privilege Escalation to Any Shop Owner by Taking Advantage of the Shopify SSO to Shopify - $16000, 1810 upvotes
  52. Stored XSS in markdown via the DesignReferenceFilter to GitLab - $16000, 276 upvotes
  53. Arbitrary file read during project import to GitLab - $16000, 174 upvotes
  54. Token leak in security challenge flow allows retrieving victim's PayPal email and plain text password to PayPal - $15300, 1333 upvotes
  55. Ability to bypass partner email confirmation to take over any store given an employee email to Shopify - $15250, 228 upvotes
  56. [Part II] Email Confirmation Bypass in myshop.myshopify.com that Leads to Full Privilege Escalation to Shopify - $15000, 872 upvotes
  57. H1514 Remote Code Execution on kitcrm using bulk customer update of Priority Products to Shopify - $15000, 800 upvotes
  58. Websites Can Run Arbitrary Code on Machines Running the 'PlayStation Now' Application to PlayStation - $15000, 748 upvotes
  59. Time-Based SQL injection at city-mobil.ru to Mail.ru - $15000, 623 upvotes
  60. Delete anyone's content spotlight remotely. to Snapchat - $15000, 620 upvotes
  61. Github Token Leaked publicly for https://github.sc-corp.net to Snapchat - $15000, 568 upvotes
  62. Open prod Jenkins instance to Snapchat - $15000, 423 upvotes
  63. RCE on build server via misconfigured pip install to Yelp - $15000, 347 upvotes
  64. file read on MCS servers via supplying a QCOW2 image with external backing file to Mail.ru - $15000, 218 upvotes
  65. Incorrect authorization to the intelbot service leading to ticket information to TikTok - $15000, 201 upvotes
  66. [mcs.mail.ru] Пользователь с ролью наблюдателя может создавать ключи доступа для очереди сообщений (sqs.mcs.mail.ru) to Mail.ru - $15000, 146 upvotes
  67. Leaked JFrog Artifactory username and password exposed on GitHub - https://snapchat.jfrog.io to Snapchat - $15000, 120 upvotes
  68. Stored XSS via Kroki diagram to GitLab - $13950, 204 upvotes
  69. Stored-XSS with CSP-bypass via labels' color to GitLab - $13950, 151 upvotes
  70. Stored XSS in Notes (with CSP bypass for gitlab.com) to GitLab - $13950, 136 upvotes
  71. Bypass: Stored-XSS with CSP-bypass via scoped labels' color to GitLab - $13950, 91 upvotes
  72. New /add_contacts /remove_contacts quick commands susseptible to XSS from Customer Contact firstname/lastname fields to GitLab - $13950, 78 upvotes
  73. XSS in ZenTao integration affecting self hosted instances without strict CSP to GitLab - $13950, 72 upvotes
  74. H1514 Ability to MiTM Shopify PoS Session to Takeover Communications to Shopify - $13337, 362 upvotes
  75. Mass Accounts Takeover Without any user Interaction at https://app.taxjar.com/ to Stripe - $13000, 167 upvotes
  76. RCE on TikTok Ads Portal to TikTok - $12582, 302 upvotes
  77. An attacker can archive and unarchive any structured scope object on HackerOne to HackerOne - $12500, 292 upvotes
  78. Insecure Direct Object Reference (IDOR) - Delete Campaigns to HackerOne - $12500, 259 upvotes
  79. Internal attachments can be exported via "Export as .zip" feature to HackerOne - $12500, 250 upvotes
  80. Spring Actuator endpoints publicly available and broken authentication to LINE - $12500, 223 upvotes
  81. Test-scripts for postgis in mason-repository using unsafe unzip of content from unclaimed bucket creates potential RCE-issues to Mapbox - $12500, 201 upvotes
  82. Malformed .BSP Access Violation in CS:GO can lead to Remote Code Execution to Valve - $12500, 149 upvotes
  83. [3DS][SSL] Improper certificate validation allows an attacker to perform MitM attacks to Nintendo - $12168, 128 upvotes
  84. Git flag injection - local file overwrite to remote code execution to GitLab - $12000, 759 upvotes
  85. Local files could be overwritten in GitLab, leading to remote command execution to GitLab - $12000, 536 upvotes
  86. Project Template functionality can be used to copy private project data, such as repository, confidential issues, snippets, and merge requests to GitLab - $12000, 438 upvotes
  87. Bypass of GitLab CI runner slash fix in YAML validation to GitLab - $12000, 354 upvotes
  88. JSON serialization of any Project model results in all Runner tokens being exposed through Quick Actions to GitLab - $12000, 353 upvotes
  89. An attacker can run pipeline jobs as arbitrary user to GitLab - $12000, 299 upvotes
  90. Full Read SSRF on Gitlab's Internal Grafana to GitLab - $12000, 205 upvotes
  91. Path traversal, to RCE to GitLab - $12000, 136 upvotes
  92. Able to view hackerone reports attachments to GitLab - $12000, 96 upvotes
  93. Path traversal in Nuget Package Registry to GitLab - $12000, 83 upvotes
  94. UrnState Heap Overflow to Internet Bug Bounty - $12000, 27 upvotes
  95. URN Request bypass ACL Checks to Internet Bug Bounty - $12000, 21 upvotes
  96. Cache Manager ACL Bypass to Internet Bug Bounty - $12000, 20 upvotes
  97. View Only to Root Privilege Escalation on UniFi Protect to Ubiquiti Inc. - $11689, 38 upvotes
  98. Arbitrary Code Execution via npm misconfiguration – installing internal libraries from the public registry to LINE - $11500, 273 upvotes
  99. Mass Account Takeover at https://app.taxjar.com/ - No user Interaction to Stripe - $11500, 230 upvotes
  100. Multiple bugs leads to RCE on TikTok for Android to TikTok - $11214, 361 upvotes