Skip to content

Latest commit

 

History

History
107 lines (103 loc) · 14.5 KB

TOP100PAID.md

File metadata and controls

107 lines (103 loc) · 14.5 KB

Back

Top 100 paid reports from HackerOne:

  1. Steal ALL collateral during liquidation by exploiting lack of validation in flip.kick to Maker Ecosystem Growth Holdings, Inc - $50000, 461 upvotes
  2. [Pre-Submission][H1-4420-2019] API access to Phabricator on code.uberinternal.com from leaked certificate in git repo to Uber - $39999, 229 upvotes
  3. RCE via npm misconfig -- installing internal libraries from the public registry to PayPal - $30000, 680 upvotes
  4. SSRF in Exchange leads to ROOT access in all instances to Shopify - $25000, 491 upvotes
  5. SQL Injection in report_xml.php through countryFilter[] parameter to Valve - $25000, 340 upvotes
  6. Key Reinstallation Attacks: Breaking WPA2 by forcing nonce reuse to The Internet - $25000, 190 upvotes
  7. Steal collateral during end process, by earning DSR interest after flow. to Maker Ecosystem Growth Holdings, Inc - $25000, 147 upvotes
  8. Takeover an account that doesn't have a Shopify ID and more to Shopify - $23550, 2600 upvotes
  9. Takeover an account that doesn't have a Shopify ID and more to Shopify - $23550, 2600 upvotes
  10. Takeover an account that doesn't have a Shopify ID and more to Shopify - $23550, 2600 upvotes
  11. Email Confirmation Bypass in your-store.myshopify.com which leads to privilege escalation to Shopify - $22500, 527 upvotes
  12. ETH contract handling errors to Coinbase - $21000, 198 upvotes
  13. Potential pre-auth RCE on Twitter VPN to Twitter - $20160, 1135 upvotes
  14. Bypass for #488147 enables stored XSS on https://paypal.com/signin again to PayPal - $20000, 2494 upvotes
  15. Account takeover via leaked session cookie to HackerOne - $20000, 1447 upvotes
  16. Arbitrary file read via the UploadsRewriter when moving and issue to GitLab - $20000, 1393 upvotes
  17. Confidential data of users and limited metadata of programs and reports accessible via GraphQL to HackerOne - $20000, 946 upvotes
  18. Getting all the CD keys of any game to Valve - $20000, 597 upvotes
  19. [phpobject in cookie] Remote shell/command execution to Pornhub - $20000, 595 upvotes
  20. Shopify admin authentication bypass using partners.shopify.com to Shopify - $20000, 287 upvotes
  21. DoS: type confusion in mrb_no_method_error to shopify-scripts - $20000, 60 upvotes
  22. Type confusion in mrb_exc_set leading to memory corruption to shopify-scripts - $20000, 40 upvotes
  23. Use after free vulnerability in mruby Array#to_h causing DOS possible RCE to shopify-scripts - $20000, 29 upvotes
  24. TOCTTOU bug in mrb_str_setbyte leading the memory corruption to shopify-scripts - $20000, 23 upvotes
  25. GNU Bourne-Again Shell (Bash) 'Shellshock' Vulnerability to The Internet - $20000, 15 upvotes
  26. Stored XSS on https://paypal.com/signin via cache poisoning to PayPal - $18900, 633 upvotes
  27. RCE on Steam Client via buffer overflow in Server Info to Valve - $18000, 1243 upvotes
  28. Oracle Webcenter Sites administrative and hi-privilege access available directly from the internet (/cs/Satellite) to LocalTapiola - $18000, 259 upvotes
  29. Type confusion in wrap_decimal leading to memory corruption to shopify-scripts - $18000, 35 upvotes
  30. Arbritrary file Upload on AirMax to Ubiquiti Inc. - $18000, 19 upvotes
  31. Struct type confusion RCE to shopify-scripts - $18000, 6 upvotes
  32. Privilege Escalation From user to SYSTEM via unauthenticated command execution to Ubiquiti Inc. - $16109, 531 upvotes
  33. Email Confirmation Bypass in myshop.myshopify.com that Leads to Full Privilege Escalation to Any Shop Owner by Taking Advantage of the Shopify SSO to Shopify - $16000, 1694 upvotes
  34. Email Confirmation Bypass in myshop.myshopify.com that Leads to Full Privilege Escalation to Any Shop Owner by Taking Advantage of the Shopify SSO to Shopify - $16000, 1694 upvotes
  35. Email Confirmation Bypass in myshop.myshopify.com that Leads to Full Privilege Escalation to Any Shop Owner by Taking Advantage of the Shopify SSO to Shopify - $16000, 1694 upvotes
  36. Token leak in security challenge flow allows retrieving victim's PayPal email and plain text password to PayPal - $15300, 1301 upvotes
  37. Ability to bypass partner email confirmation to take over any store given an employee email to Shopify - $15250, 214 upvotes
  38. [Part II] Email Confirmation Bypass in myshop.myshopify.com that Leads to Full Privilege Escalation to Shopify - $15000, 849 upvotes
  39. H1514 Remote Code Execution on kitcrm using bulk customer update of Priority Products to Shopify - $15000, 748 upvotes
  40. Websites Can Run Arbitrary Code on Machines Running the 'PlayStation Now' Application to PlayStation - $15000, 671 upvotes
  41. Time-Based SQL injection at city-mobil.ru to Mail.ru - $15000, 609 upvotes
  42. Github Token Leaked publicly for https://github.sc-corp.net to Snapchat - $15000, 552 upvotes
  43. Open prod Jenkins instance to Snapchat - $15000, 419 upvotes
  44. RCE on build server via misconfigured pip install to Yelp - $15000, 320 upvotes
  45. file read on MCS servers via supplying a QCOW2 image with external backing file to Mail.ru - $15000, 189 upvotes
  46. H1514 Ability to MiTM Shopify PoS Session to Takeover Communications to Shopify - $13337, 351 upvotes
  47. Internal attachments can be exported via "Export as .zip" feature to HackerOne - $12500, 247 upvotes
  48. Spring Actuator endpoints publicly available and broken authentication to LINE - $12500, 219 upvotes
  49. Test-scripts for postgis in mason-repository using unsafe unzip of content from unclaimed bucket creates potential RCE-issues to Mapbox - $12500, 194 upvotes
  50. Malformed .BSP Access Violation in CS:GO can lead to Remote Code Execution to Valve - $12500, 148 upvotes
  51. [3DS][SSL] Improper certificate validation allows an attacker to perform MitM attacks to Nintendo - $12168, 120 upvotes
  52. Git flag injection - local file overwrite to remote code execution to GitLab - $12000, 743 upvotes
  53. Local files could be overwritten in GitLab, leading to remote command execution to GitLab - $12000, 531 upvotes
  54. Project Template functionality can be used to copy private project data, such as repository, confidential issues, snippets, and merge requests to GitLab - $12000, 431 upvotes
  55. Bypass of GitLab CI runner slash fix in YAML validation to GitLab - $12000, 348 upvotes
  56. JSON serialization of any Project model results in all Runner tokens being exposed through Quick Actions to GitLab - $12000, 347 upvotes
  57. An attacker can run pipeline jobs as arbitrary user to GitLab - $12000, 297 upvotes
  58. Full Read SSRF on Gitlab's Internal Grafana to GitLab - $12000, 193 upvotes
  59. Multiple bugs leads to RCE on TikTok for Android to TikTok - $11214, 281 upvotes
  60. Exfiltrate and mutate repository and project data through injected templated service to GitLab - $11000, 727 upvotes
  61. IDOR to add secondary users in www.paypal.com/businessmanage/users/api/v1/users to PayPal - $10500, 663 upvotes
  62. XXE on sms-be-vip.twitter.com in SXMP Processor to Twitter - $10080, 247 upvotes
  63. WannaCrypt “Killswitch” to HackerOne - $10000, 790 upvotes
  64. Remote Code Execution on www.semrush.com/my_reports on Logo upload to Semrush - $10000, 768 upvotes
  65. Use-After-Free In IPV6_2292PKTOPTIONS leading To Arbitrary Kernel R/W Primitives to PlayStation - $10000, 675 upvotes
  66. Access to multiple production Grafana dashboards to Snapchat - $10000, 423 upvotes
  67. touch.mail.ru / e.mail.ru memory content disclosure to Mail.ru - $10000, 406 upvotes
  68. gitlab-workhorse bypass in Gitlab::Middleware::Multipart allowing files in allowed_paths to be read to GitLab - $10000, 387 upvotes
  69. H1514 Server Side Template Injection in Return Magic email templates? to Shopify - $10000, 384 upvotes
  70. SQL injection at fleet.city-mobil.ru to Mail.ru - $10000, 360 upvotes
  71. RCE on shared.mail.ru due to "widget" plugin to Mail.ru - $10000, 358 upvotes
  72. SSRF on project import via the remote_attachment_url on a Note to GitLab - $10000, 332 upvotes
  73. Partial disclosure of report activity through new "Export as .zip" feature to HackerOne - $10000, 329 upvotes
  74. Change any Uber user's password through /rt/users/passwordless-signup - Account Takeover (critical) to Uber - $10000, 288 upvotes
  75. Malformed NAV file leads to buffer overflow and code execution in Left4Dead2.exe to Valve - $10000, 261 upvotes
  76. Information Disclosure in /skills call to HackerOne - $10000, 251 upvotes
  77. Ethereum account balance manipulation to Coinbase - $10000, 243 upvotes
  78. Double Payout via PayPal to Coinbase - $10000, 242 upvotes
  79. SOCK_RAW sockets reachable from Webkit process allows triggering double free in IP6_EXTHDR_CHECK to PlayStation - $10000, 241 upvotes
  80. Attacker can add arbitrary data to the blockchain without paying gas to IOVLabs - $10000, 235 upvotes
  81. Privilege escalation from any user (including external) to gitlab admin when admin impersonates you to GitLab - $10000, 219 upvotes
  82. Publicly exposed SVN repository, ht.pornhub.com to Pornhub - $10000, 205 upvotes
  83. Hacker can bypass 2FA requirement and reporter blacklist through embedded submission form to HackerOne - $10000, 174 upvotes
  84. [Venmo Android] Remote theft of user session to PayPal - $10000, 141 upvotes
  85. Reading Emails in Uber Subdomains to Uber - $10000, 135 upvotes
  86. [RCE] Unserialize to XXE - file disclosure on ams.upload.pornhub.com to Pornhub - $10000, 88 upvotes
  87. password reset token leaking allowed for ATO of an Uber account to Uber - $10000, 86 upvotes
  88. uber.com may RCE by Flask Jinja2 Template Injection to Uber - $10000, 81 upvotes
  89. Steal all MKR from flap during liquidation by exploiting lack of validation in flap.kick to Maker Ecosystem Growth Holdings, Inc - $10000, 54 upvotes
  90. XXE на webdav.mail.ru - PROPFIND/PROPPATCH to Mail.ru - $10000, 53 upvotes
  91. OneLogin authentication bypass on WordPress sites to Uber - $10000, 47 upvotes
  92. read new emails from any inbox IOS APP in notification center to Mail.ru - $10000, 44 upvotes
  93. Invalid handling of zero-length heredoc identifiers leads to infinite loop in the sandbox to shopify-scripts - $10000, 21 upvotes
  94. Crash: Overwriting NoMethodError with a builtin class crashes/corrupts memory to shopify-scripts - $10000, 20 upvotes
  95. Null pointer dereference due to TOCTTOU bug in mrb_time_initialize to shopify-scripts - $10000, 15 upvotes
  96. Exception cause SIGABRT to shopify-scripts - $10000, 13 upvotes
  97. Segfault and/or potential unwanted (byte)code execution with "break" and "||=" inside a loop to shopify-scripts - $10000, 13 upvotes
  98. Buffer overflow in mrb_time_asctime to shopify-scripts - $10000, 12 upvotes
  99. Certain inputs cause tight C-level recursion leading to process stack overflow to shopify-scripts - $10000, 11 upvotes
  100. NULL pointer dereference when parsing ternary operators to shopify-scripts - $10000, 10 upvotes

Back