Getting started
Learn about vulnerability types 
Getting started in bug bounties 
Test your knowledge
Free Web Application Challenges
Guides for your hunts 
ZSeano's Methodology
Effective Note Taking for bug bounties
Useful Resources 
Disclosed HackerOne Reports 
Our community
Endorsed Members
Hackevents 
Member Articles Lyst Program Statistics
8 total issues disclosed
$1,550 total paid publicly
Most disclosed (3 disclosures) — Violation of Secure Design Principles
Disclosed Reports
| Report Title | Vulnerability Type | Disclosed By | Severity | Disclosed on |
|---|---|---|---|---|
| Web Cache poisoning attack leads to User information Disclosure and more | Violation of Secure Design Principles | deksterh11 | Medium | 2022-03-22 |
| [https://█████████/]&&[https://█████████/] Open Redirection | Open Redirect | mandark | Medium | 2022-03-22 |
| Subdomain takeover of storybook.lystit.com | Privilege Escalation | parzel | High | 2020-01-22 |
| Bypassing one-time checkout router page (revealing payment information) | Information Disclosure | tolo7010 | Low | 2018-05-10 |
| SSRF at iris.lystit.com | Server-Side Request Forgery (SSRF) | tripwire | Low | 2017-10-18 |
| CSRF - Adding unlimited number of saved items via GET request | Cross-Site Request Forgery (CSRF) | inhibitor181 | Medium | 2017-09-28 |
| Site configured improperly at subdomain of lyst.co.uk | Violation of Secure Design Principles | mr_edwards | No rating | 2017-03-29 |
| Mixed Active content issue on https://www.lyst.com | Violation of Secure Design Principles | mrr3boot | Low | 2017-02-22 |