Skip to content

Latest commit

 

History

History
135 lines (134 loc) · 15.8 KB

TOPSLACK.md

File metadata and controls

135 lines (134 loc) · 15.8 KB

Top reports from Slack program at HackerOne:

  1. Mass account takeovers using HTTP Request Smuggling on https://slackb.com/ to steal session cookies to Slack - 843 upvotes, $0
  2. Remote Code Execution in Slack desktop apps + bonus to Slack - 497 upvotes, $0
  3. XSS vulnerable parameter in a location hash to Slack - 445 upvotes, $0
  4. URL link spoofing to Slack - 356 upvotes, $250
  5. AWS bucket leading to iOS test build code and configuration exposure to Slack - 318 upvotes, $1500
  6. TURN server allows TCP and UDP proxying to internal network, localhost and meta-data services to Slack - 314 upvotes, $3500
  7. Slack DTLS uses a private key that is in the public domain, which may lead to SRTP stream hijack to Slack - 167 upvotes, $2000
  8. XSS in gist integration to Slack - 154 upvotes, $500
  9. Unauthenticated LFI revealing log information to Slack - 119 upvotes, $0
  10. Stealing xoxs-tokens using weak postMessage / call-popup redirect to current team domain to Slack - 117 upvotes, $0
  11. Denial of Service via Hyperlinks in Posts to Slack - 106 upvotes, $1500
  12. Team members can trigger arbitrary code execution in Slack Desktop Apps via HTML Notifications to Slack - 103 upvotes, $0
  13. Stored XSS on team.slack.com using new Markdown editor of posts inside the Editing mode and using javascript-URIs to Slack - 101 upvotes, $0
  14. Ability to join an arbitrary workspace by utilizing a proxy to manipulate invite links to Slack - 100 upvotes, $0
  15. Lack of URL normalization renders Blocked-Previews feature ineffectual to Slack - 98 upvotes, $1000
  16. Real Time Error Logs Through Debug Information to Slack - 95 upvotes, $0
  17. User-assisted RCE in Slack for macOS (from official site) due to improper quarantine meta-attribute handling for downloaded files to Slack - 95 upvotes, $0
  18. SSRF via Office file thumbnails to Slack - 94 upvotes, $4000
  19. Tricking the "Create snippet" feature into displaying the wrong filetype can lead to RCE on Slack users to Slack - 94 upvotes, $1500
  20. Header modification results in disclosure of Slack infra metadata to unauthorized parties to Slack - 91 upvotes, $0
  21. Many Slack teams can be joined by abusing an improperly configured support@ inbox to Slack - 86 upvotes, $0
  22. SSRF in api.slack.com, using slash commands and bypassing the protections. to Slack - 79 upvotes, $0
  23. Unauthorized access to GovSlack to Slack - 75 upvotes, $1500
  24. Bypass invite accept for victim to Slack - 72 upvotes, $1500
  25. OSX slack:// protocol handler javascript injection to Slack - 72 upvotes, $0
  26. Stored XSS through PDF viewer to Slack - 70 upvotes, $4875
  27. Eavesdropping on private Slack calls to Slack - 67 upvotes, $1000
  28. Access to some Slack workspace metadata and settings available to unauthorized parties to Slack - 57 upvotes, $7000
  29. The Custom Emoji Page has a Reflected XSS to Slack - 55 upvotes, $0
  30. XSS on link and window.opener to Slack - 48 upvotes, $1000
  31. Internal SSRF bypass using slash commands at api.slack.com to Slack - 48 upvotes, $0
  32. [Android] Directory traversal leading to disclosure of auth tokens to Slack - 47 upvotes, $3500
  33. Linux Desktop application slack executable does not use pie / no ASLR to Slack - 47 upvotes, $100
  34. Bypass of the SSRF protection in Event Subscriptions parameter. to Slack - 47 upvotes, $0
  35. The POODLE attack (SSLv3 supported) at status.slack.com to Slack - 44 upvotes, $0
  36. Store XSS to Slack - 43 upvotes, $0
  37. Information leakage and default open port to Slack - 39 upvotes, $0
  38. Slack-Corp Heroku application disclosing limited info about company members to Slack - 38 upvotes, $0
  39. Workspace configuration metadata disclosure to Slack - 37 upvotes, $0
  40. Private application files can be uploaded to Slack via malicious uploader to Slack - 36 upvotes, $500
  41. CSS Injection to disable app & potential message exfil to Slack - 35 upvotes, $0
  42. Bypass two-factor authentication to Slack - 32 upvotes, $0
  43. URL filter bypass in Enterprise Grid to Slack - 31 upvotes, $100
  44. Snooping into messages via email service to Slack - 30 upvotes, $0
  45. Stored XSS(Cross Site Scripting) In Slack App Name to Slack - 29 upvotes, $1000
  46. DoS on the Direct Messages to Slack - 28 upvotes, $500
  47. Access of Android protected components via embedded intent to Slack - 28 upvotes, $0
  48. Subdomain takeover on podcasts.slack-core.com to Slack - 26 upvotes, $100
  49. Source code leakage through GIT web access at host '52.91.137.42' to Slack - 26 upvotes, $0
  50. Rate-limit bypass to Slack - 24 upvotes, $500
  51. Email html Injection to Slack - 24 upvotes, $250
  52. Race Condition in account survey to Slack - 24 upvotes, $0
  53. [Screenhero] Subdomain takeover to Slack - 23 upvotes, $0
  54. HTTP parameter pollution from outdated Greenhouse.io JS dependency to Slack - 23 upvotes, $0
  55. CSRF in github integration to Slack - 22 upvotes, $500
  56. Misuse of groups feature allows workspace members to join private channels without being invited to Slack - 20 upvotes, $0
  57. Uninstalling Slack for Windows (64-bit), then reinstalling keeps you logged in without authentication to Slack - 17 upvotes, $500
  58. Stored XSS in files.slack.com to Slack - 17 upvotes, $0
  59. Facebook Takeover using Slack using 302 from files.slack.com with access_token to Slack - 15 upvotes, $0
  60. Information Disclosure on stun.screenhero.com to Slack - 14 upvotes, $700
  61. Bypass to postMessage origin validation via FTP to Slack - 14 upvotes, $0
  62. Code Injection in Slack's Windows Desktop Client leads to Privilege Escalation to Slack - 14 upvotes, $0
  63. Invitation reminder emails contain insecure links to Slack - 13 upvotes, $350
  64. Bypass of the SSRF protection (Slack commands, Phabricator integration) to Slack - 13 upvotes, $100
  65. HTML Injection inside Slack promotional emails to Slack - 12 upvotes, $100
  66. dom xss in https://www.slackatwork.com to Slack - 12 upvotes, $0
  67. Open Redirect on slack.com to Slack - 11 upvotes, $500
  68. Cross-site leak allows attacker to de-anonymize members of his team from another origin to Slack - 11 upvotes, $250
  69. Open redirect vulnerability to Slack - 11 upvotes, $0
  70. Shared-channel BETA persists integration after unshare to Slack - 10 upvotes, $750
  71. User can start call in a channel of an unpaid account to Slack - 10 upvotes, $100
  72. Authentication bypass leads to sensitive data exposure (token+secret) to Slack - 9 upvotes, $2000
  73. Relative Path Vulnerability Results in Arbitrary Command Execution/Privilege Escalation to Slack - 9 upvotes, $750
  74. Slack OAuth2 "redirect_uri" Bypass to Slack - 9 upvotes, $0
  75. Stored XSS Found to Slack - 9 upvotes, $0
  76. Data exports stored on S3 can be scraped easily to Slack - 9 upvotes, $0
  77. Creating Post on a restricted channel to Slack - 9 upvotes, $0
  78. a stored xss issue in https://files.slack.com to Slack - 8 upvotes, $500
  79. Stored XSS in www.slack-files.com to Slack - 8 upvotes, $0
  80. Possibility to freeze/crash the host system of all Slack Desktop users easily to Slack - 8 upvotes, $0
  81. "a stored xss issue in share post menu" to Slack - 7 upvotes, $500
  82. CSV export/import functionality allows administrators to modify member and message content of a workspace to Slack - 7 upvotes, $250
  83. Session Fixation disclosing email address to Slack - 7 upvotes, $0
  84. Stored XSS in Slackbot Direct Messages to Slack - 7 upvotes, $0
  85. CSRF - Add optional two factor mobile number to Slack - 6 upvotes, $500
  86. Email enumeration to Slack - 6 upvotes, $0
  87. Remote file Inclusion - RFI in upload to Slack - 6 upvotes, $0
  88. Stored XSS on this link https://sehacure.slack.com/help/requests/ to Slack - 6 upvotes, $0
  89. RC4 cipher suites detected on status.slack.com to Slack - 6 upvotes, $0
  90. a stored xss in slack integration https://onerror.slack.com/services/import to Slack - 5 upvotes, $500
  91. Open Redirect login account to Slack - 5 upvotes, $100
  92. Generate new Test token to Slack - 5 upvotes, $100
  93. Broken Authentication (including Slack OAuth bugs) to Slack - 5 upvotes, $0
  94. Password Policy issue (Weak Protect) to Slack - 5 upvotes, $0
  95. Stored XSS in Slack.com to Slack - 5 upvotes, $0
  96. File upload over private IM channel to Slack - 5 upvotes, $0
  97. Email information leakage for certain addresses to Slack - 5 upvotes, $0
  98. Content Spoofing all Integrations in https://team.slack.com/services/new/ to Slack - 4 upvotes, $200
  99. Reflective XSS can be triggered in IE to Slack - 4 upvotes, $150
  100. csrf to Slack - 4 upvotes, $0
  101. Stored XSS in username.slack.com to Slack - 4 upvotes, $0
  102. URL redirection flaw to Slack - 4 upvotes, $0
  103. SSRF on https://whitehataudit.slack.com/account/photo to Slack - 4 upvotes, $0
  104. Stored XSS in Slack (weird, trial and error) to Slack - 4 upvotes, $0
  105. Executing scripts on slack-files.com using SVG to Slack - 4 upvotes, $0
  106. Reflected Xss to Slack - 3 upvotes, $500
  107. Team admin can change unauthorized team setting (allow_message_deletion) to Slack - 3 upvotes, $100
  108. State parameter missing on google OAuth to Slack - 3 upvotes, $0
  109. Stored XSS to Slack - 3 upvotes, $0
  110. Stored XSS in Channel Chat to Slack - 3 upvotes, $0
  111. Duplicate of #4550 to Slack - 3 upvotes, $0
  112. CSRF vulnerability on https://sehacure.slack.com/account/settings to Slack - 3 upvotes, $0
  113. Content Spoofing to Slack - 3 upvotes, $0
  114. Trick make all fixed open redirect links vulnerable again to Slack - 2 upvotes, $1000
  115. Team admin can add billing contacts to Slack - 2 upvotes, $200
  116. Team admin can change unauthorized team setting (require_at_for_mention) to Slack - 2 upvotes, $200
  117. Content spoofing at Stripe Integrations to Slack - 2 upvotes, $100
  118. flash content type sniff vulnerability in api.slack.com to Slack - 2 upvotes, $0
  119. User impersonation is possible with incoming webhooks to Slack - 2 upvotes, $0
  120. CSRF on add comment section to Slack - 2 upvotes, $0
  121. Open Redirect in Slack to Slack - 2 upvotes, $0
  122. Stored XSS in slack.com (integrations) to Slack - 2 upvotes, $0
  123. open redirect in https://slack.com to Slack - 2 upvotes, $0
  124. TLS1/SSLv3 Renegotiation Vulnerability to Slack - 2 upvotes, $0
  125. Deleting Teams implemenation to Slack - 2 upvotes, $0
  126. HTTP Strict Transport Policy not enabled on newly made accounts to Slack - 2 upvotes, $0
  127. Logout any user of same team to Slack - 2 upvotes, $0
  128. Reflected Self-XSS in Slack to Slack - 2 upvotes, $0
  129. Self-XSS in posts by formatting text as code to Slack - 2 upvotes, $0
  130. Unauthenticated Access to some old file thumbnails to Slack - 2 upvotes, $0
  131. File upload XSS (Java applet) on http://slackatwork.com/ to Slack - 1 upvotes, $200
  132. an xss issue in https://hunter22.slack.com/help/requests/793043 to Slack - 1 upvotes, $100
  133. Link vulnerability leads to phishing attacks to Slack - 1 upvotes, $0