Getting started
Learn about vulnerability types 
Getting started in bug bounties 
Test your knowledge
Free Web Application Challenges
Guides for your hunts 
ZSeano's Methodology
Effective Note Taking for bug bounties
Useful Resources 
Disclosed HackerOne Reports 
Our community
Endorsed Members
Hackevents 
Member Articles Palo Alto Software Program Statistics
7 total issues disclosed
$0 total paid publicly
Most disclosed (2 disclosures) — Insecure Direct Object Reference (IDOR)
Disclosed Reports
| Report Title | Vulnerability Type | Disclosed By | Severity | Disclosed on |
|---|---|---|---|---|
| weak protection against brute-forcing on login api leads to account takeover | Improper Restriction of Authentication Attempts | zer0code | Critical | 2022-08-29 |
| Clickjacking | None supplied | paramdham | No rating | 2022-01-17 |
| DNS Miconfiguration Leads to Subdomain Takeover - max1.liveplan.com | Privilege Escalation | melbadry9 | High | 2021-09-08 |
| Subdomain takeover of www2.growasyouplan.com | Externally Controlled Reference to a Resource in Another Sphere | ian | Medium | 2021-05-29 |
| IDOR on notes to HTML injection | Insecure Direct Object Reference (IDOR) | ph-hitachi | Medium | 2020-11-26 |
| IDOR on update user preferences | Insecure Direct Object Reference (IDOR) | macasun | Critical | 2020-05-13 |
| Stored XSS on upload files leads to steal cookie | Cross-site Scripting (XSS) - Stored | seqrity | High | 2020-04-18 |