Getting started
Learn about vulnerability types 
Getting started in bug bounties 
Test your knowledge
Free Web Application Challenges
Guides for your hunts 
ZSeano's Methodology
Effective Note Taking for bug bounties
Useful Resources 
Disclosed HackerOne Reports 
Our community
Endorsed Members
Hackevents 
Member Articles Omise Program Statistics
5 total issues disclosed
$1,000 total paid publicly
Most disclosed (1 disclosures) — Server-Side Request Forgery (SSRF)
Disclosed Reports
| Report Title | Vulnerability Type | Disclosed By | Severity | Disclosed on |
|---|---|---|---|---|
| Broken Authentication and Session Management Flaw After Change Password and Logout | Violation of Secure Design Principles | root_geek | Low | 2020-11-08 |
| Authenticity token doesnt expire after single use leading to CSRF | Cross-Site Request Forgery (CSRF) | d4rk_h4xor | No rating | 2020-08-17 |
| Signup with any email and enable 2FA without verifying email | None supplied | rioncool22 | Medium | 2020-04-23 |
| Found Origin IP's Lead To Access To [ Grafana Instance , PgHero Instance [ Can SQL Injection ] | Improper Access Control - Generic | elmahdi | Medium | 2019-10-09 |
| SSRF in webhooks leads to AWS private keys disclosure | Server-Side Request Forgery (SSRF) | honoki | High | 2019-06-28 |