| IDOR on HackerOne Embedded Submission Form |
|
|
|
| HackerOne redacted usernames disclosure in “Export as .pdf” feature |
|
|
|
| Getting email address of any HackerOne user worth $7,500 |
|
|
|
| Bypass HackerOne 2FA requirement and reporter blacklist |
|
|
|
| Harvesting all private invites using leave program fast-tracked invitation and security@ email forwarding feature |
|
|
|
| Security teams Internal attachments can be exported via "Export as .zip" feature on HackerOne |
|
|
|
| IDOR on HackerOne Hacker Review “What Program Say” |
|
|
|
writeups.xyz
/
Japz Divino (@Japzdivino)