Dropbox Bug Bounty Program Statistics

Dropbox Program Statistics

31 total issues disclosed

$17,203 total paid publicly

Most disclosed (6 disclosures) — None supplied

Disclosed Reports

Report Title	Vulnerability Type	Disclosed By	Severity	Disclosed on
Server Side Request Forgery (SSRF) at app.hellosign.com leads to AWS private keys disclosure	Server-Side Request Forgery (SSRF)	sayaanalam	High	2020-11-10
Server Side Request Forgery (SSRF) at app.hellosign.com leads to AWS private keys disclosure	Server-Side Request Forgery (SSRF)	sayaanalam	High	2020-11-10
Broken OAuth leads to change photo profile users .	Improper Authentication - Generic	u0pattern	No rating	2020-10-21
Local Privilege Escalation on Dropbox Desktop for Windows	Privilege Escalation	tesitura	Medium	2020-09-03
Dropbox Paper - Markdown XSS	Cross-site Scripting (XSS) - Stored	paulos_	No rating	2018-10-29
Stored XSS in dropboxforum.com	Cross-site Scripting (XSS) - Stored	dumeelvavvalu	No rating	2018-10-19
Dropbox employee benefits documents are available in a test Dropbox folder	None supplied	phwd	No rating	2018-09-17
Exposed Git Repo at http://fileserver.dropboxbusiness.com	Information Disclosure	todayisnew	Low	2018-09-14
Bypass Local Authentication (TouchID)	Improper Authentication - Generic	zeq3ul	None	2018-06-13
User Impersonation - Create Support Ticket With Any Registered Account Email	None supplied	oaidjoaisdjoaisjdioasfsdhfuios	High	2018-05-01
Android - Access of some not exported content providers	Privilege Escalation	bagipro	Low	2017-11-30
Missing URL sanitization in comments can be leveraged for phishing	Phishing	leovin	Medium	2017-08-04
SSL Key Certificate expires	Improper Access Control - Generic	honccbb	None	2017-05-04
CSV Injection with the CVS export feature	None supplied	sunil995	High	2017-04-13
Subtile Code Injection Vulnerability in Dropbox for Windows	Command Injection - Generic	fbogner	No rating	2016-12-03
[monitor.sjc.dropbox.com] CRLF Injection	None supplied	bobrov	No rating	2016-11-02
XSS in OAuth Redirect Url	Cross-site Scripting (XSS) - Generic	hussein98d	No rating	2016-10-06
SSRF allows access to internal services like Ganglia	Information Disclosure	agarri_fr	No rating	2016-08-30
XSS, Unvalidated redirects & phishing website hosting on dropbox servers	None supplied	coder13	No rating	2016-08-30
Can make any number of dropbox accounts with one email	Violation of Secure Design Principles	maxon_omar_saleh	No rating	2016-08-30
Lack of account link warning enables dropbox hijacking	Violation of Secure Design Principles	albinowax	No rating	2016-06-27
Dropbox apps Server side request forgery	Improper Authentication - Generic	ehsahil	No rating	2016-05-09
No Rate Limiting while sending the feedback under Dropbox Help Centre	Denial of Service	nileshsapariya	No rating	2016-04-13
Possible SQL injection can cause denial of service attack	SQL Injection	super_hack	No rating	2016-04-10
XSS in dropbox main domain	Cross-site Scripting (XSS) - Generic	missoum1307	No rating	2015-06-09
Race condition when redeeming coupon codes	None supplied	franjkovic	No rating	2015-05-11
SSRF vulnerablity in app webhooks	Information Disclosure	haquaman	No rating	2015-04-24
XSS in version history of an HTML file in a shared folder	Cross-site Scripting (XSS) - Generic	haquaman	No rating	2015-04-17
Create N Accounts In Dropbox Irrespective Of Domain	Memory Corruption - Generic	rohill-eis	No rating	2015-04-04
Unvalidated Redirects and Stored XSS	Cross-site Scripting (XSS) - Generic	aarmageddon	No rating	2015-03-05
WP User Enumeration is possible at https://blog.dropbox.com	Violation of Secure Design Principles	panchocosil	No rating	2015-02-12

BugBountyHunter

Dropbox Program Statistics

Disclosed Reports