| Improper Access Control allows OTP bypass |
Improper Access Control - Generic |
kongwenbin |
Medium |
2023-10-25 |
| Accessing/Editing Folders of Other Users in the Orginisation. |
Improper Access Control - Generic |
imran0x01 |
High |
2022-10-29 |
| Privilege Escalation to All-staff group |
Improper Access Control - Generic |
imran0x01 |
Medium |
2022-10-28 |
| IDOR Allows Viewer to Delete Bin's Files |
Improper Access Control - Generic |
imran0x01 |
Medium |
2022-10-24 |
| Viewer is able to leak the previous versions of the file |
Improper Access Control - Generic |
imran0x01 |
Medium |
2022-10-24 |
| Removed user can still view comments on the file/documents. |
Improper Access Control - Generic |
imran_nisar |
Medium |
2022-10-20 |
| Ability to View Non-Permitted Admin Log |
Improper Access Control - Generic |
imran_nisar |
Medium |
2022-10-20 |
| [CSRF] No Csrf protection against sending invitation to join the team. |
Cross-Site Request Forgery (CSRF) |
imran_nisar |
Medium |
2022-10-20 |
| Users Without Permission Can Download Restricted Files |
Privilege Escalation |
imran_nisar |
Medium |
2022-10-18 |
| Sub-Dept User Can Add User's To Main Department. |
Improper Privilege Management |
imran_nisar |
Medium |
2022-10-18 |
| Access to private file's of helpdesk. |
Improper Access Control - Generic |
imran_nisar |
Medium |
2022-10-18 |
| Normal User is able to EXPORT Feature Usage Statistics |
Improper Access Control - Generic |
aishkendle |
Medium |
2022-03-04 |
| [AWC-Pune] - User can download files deleted by Admin using shortcuts |
None supplied |
prateek_thakare |
Medium |
2022-02-25 |
| Full read SSRF via Lark Docs `import as docs` feature |
Server-Side Request Forgery (SSRF) |
sirleeroyjenkins |
Critical |
2022-01-28 |
| Able to steal private files by manipulating response using Auto Reply function of Lark |
Insecure Direct Object Reference (IDOR) |
imran_nisar |
High |
2022-01-25 |
| Able to steal private files by manipulating response using Compose Email function of Lark |
Insecure Direct Object Reference (IDOR) |
imran_nisar |
High |
2022-01-25 |
| In orginization stored xss using location (Larksuite survey app) |
Cross-site Scripting (XSS) - Stored |
imran_nisar |
Medium |
2022-01-14 |
| Stored xss on helpdesk using user's city |
Cross-site Scripting (XSS) - Stored |
imran_nisar |
Medium |
2022-01-14 |
| Reflected xss and open redirect on larksuite.com using /?back_uri= parameter. |
Cross-site Scripting (XSS) - Reflected |
imran_nisar |
Medium |
2022-01-13 |
| [IDOR] Modify other team's reminders via reminderId parameter |
Insecure Direct Object Reference (IDOR) |
imran_nisar |
Medium |
2022-01-13 |
| Non privileged user is able to approve his own app himself leading to mass privilege escalations. |
Privilege Escalation |
imran_nisar |
High |
2021-11-20 |
| Attacker is able to join any tenant on larksuite and view personal files/chats. |
Privilege Escalation |
imran_nisar |
Critical |
2021-11-03 |
| [Lark Android] Vulnerability in exported activity WebView |
Cross-site Scripting (XSS) - Generic |
shell_c0de |
Medium |
2021-07-22 |
| Improper Access Control on Lark Footer Feature |
Improper Access Control - Generic |
imran_nisar |
High |
2021-05-18 |
| SSRF with information disclosure |
Server-Side Request Forgery (SSRF) |
jin0ne |
Medium |
2021-04-27 |
| Server Side Request Forgery |
Server-Side Request Forgery (SSRF) |
jin0ne |
Critical |
2021-03-29 |
| Server Side Request Forgery |
Server-Side Request Forgery (SSRF) |
jin0ne |
Critical |
2021-03-29 |
| Reflected XSS on Lark Suite |
Cross-site Scripting (XSS) - DOM |
jin0ne |
Medium |
2021-03-19 |
| Server Side Request Forgery |
Server-Side Request Forgery (SSRF) |
jin0ne |
Low |
2021-03-18 |
| Messages disclosure via search feature of other users group(Cross-Tenant). |
Insecure Direct Object Reference (IDOR) |
base_64 |
Medium |
2021-03-17 |
| Sensitive information of helpdesk is being leaked. |
Improper Access Control - Generic |
imran_nisar |
Medium |
2021-03-06 |
| User with single department permission can view applicant list of all department's |
Privilege Escalation |
imran_nisar |
Medium |
2021-03-03 |
| Improper generating of access link at go.larksuite.com leads to access to other organizations/users' private data |
None supplied |
w2w |
Medium |
2021-02-27 |
| Stealing app credentials by reflected xss on Lark Suite |
Cross-site Scripting (XSS) - Reflected |
imran_nisar |
Medium |
2021-02-26 |
| Stored XSS & SSRF in Lark Docs |
Server-Side Request Forgery (SSRF) |
mike12 |
Critical |
2021-02-05 |
Getting started
Learn about vulnerability types 
Getting started in bug bounties 
Test your knowledge
Free Web Application Challenges
Guides for your hunts 
ZSeano's Methodology
Effective Note Taking for bug bounties
Useful Resources 
Disclosed HackerOne Reports 
Our community
Endorsed Members
Hackevents 
Member Articles