Getting started
Learn about vulnerability types 
Getting started in bug bounties 
Test your knowledge
Free Web Application Challenges
Guides for your hunts 
ZSeano's Methodology
Effective Note Taking for bug bounties
Useful Resources 
Disclosed HackerOne Reports 
Our community
Endorsed Members
Hackevents 
Member Articles Expedia Group Bug Bounty Program Statistics
6 total issues disclosed
$1,100 total paid publicly
Most disclosed (1 disclosures) — Code Injection
Disclosed Reports
| Report Title | Vulnerability Type | Disclosed By | Severity | Disclosed on |
|---|---|---|---|---|
| https://www.wotif.com/vc/blog/info.php script is prone to reflected HTML/CSS injection and COOKIE leak | Code Injection | maskopatol | Low | 2023-05-20 |
| Reflected XSS Via origCity Parameter (UPPER Case + WAF Protection Bypass) | Cross-site Scripting (XSS) - Reflected | bombon | Medium | 2023-05-04 |
| Sensitive information for phpinfo.php at https://products.ean.com/ | Information Disclosure | exploitmsf | Low | 2023-04-11 |
| Cache Deception Allows Account Takeover | Use of Cache Containing Sensitive Information | bombon | High | 2023-04-01 |
| Cache Poisoning Allows Stored XSS Via hav Cookie Parameter (To Account Takeover) | Cross-site Scripting (XSS) - Stored | bombon | High | 2023-04-01 |
| Open Redirect in Logout & Login | Open Redirect | qualw1n | Medium | 2023-03-02 |