Hackerone


Most disclosed vulnerability type (97 disclosures) — Information Disclosure

haxta4ok00 has disclosed the most with 16 reports!

388 total issues disclosed

$368,515 total paid publicly


Accepts reports via HackerOne

Hackerone's top public payouts




Most recently disclosed


Blind Stored XSS in HackerOne's Sal 4.1.4.2149 (sal.████.com)

@ Submitted by nahamsec
Bug Type: Cross-site Scripting (XSS) - Stored

Disclosed on 2020-11-09

Rating: None


Getting New Invitations without Leaving Programs

@ Submitted by mygf
Bug Type: Business Logic Errors

Disclosed on 2020-10-16

Rating: Low


2020-10-09 Credential Stuffing Attack

@ Submitted by jobert
Bug Type: None supplied

Disclosed on 2020-10-13

Rating: No rating


Rating: Low


Reflected XSS on www.hackerone.com via Wistia embed code

@ Submitted by vakzz
Bug Type: Cross-site Scripting (XSS) - Reflected

Disclosed on 2020-09-24

Rating: Low


Team object in GraphQL disclosed private_comment

@ Submitted by haxta4ok00
Bug Type: Information Disclosure

Disclosed on 2020-09-10

Rating: Medium


Graphql: Sorting the reports by jira_status field resulted to different value

@ Submitted by 0619
Bug Type: Improper Access Control - Generic

Disclosed on 2020-08-27

Rating: Low


Recently added 'Country' field doesn't send email notification when changed

@ Submitted by bugra
Bug Type: Violation of Secure Design Principles

Disclosed on 2020-08-25

Rating: Low


Rating: Low


GraphQL field on Team node can be used to determine if External Program runs invite-only program

@ Submitted by kunal94
Bug Type: Information Disclosure

Disclosed on 2020-07-25

Rating: Medium


SAML Response Reuse on hackerone.com/users/saml/auth

@ Submitted by samtink
Bug Type: Improper Authentication - Generic

Disclosed on 2020-07-24

Rating: Low


Near to Infinite loop when changing Group's name that has API token as Team Member

@ Submitted by lucenaxpl0it
Bug Type: None supplied

Disclosed on 2020-07-23

Rating: Medium


Uploading large payload on domain instructions causes server-side DoS

@ Submitted by one-
Bug Type: Denial of Service

Disclosed on 2020-06-20

Rating: Medium


Rating: Medium


Login CSRF vulnerability on hackerone.com

@ Submitted by what_web
Bug Type: Cross-Site Request Forgery (CSRF)

Disclosed on 2020-06-12

Rating: Low