目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1020

100%
请我们喝杯咖啡

漏洞赏金情报

数据来源:HackerOne 公开披露报告 · 每 6 小时更新

浏览 HackerOne 平台公开披露的漏洞赏金报告,按严重程度、漏洞类型或目标项目筛选,关联 CVE 编号。

已披露报告
12,245
关联 CVE
1,864
参与项目数
343
近 7 天新增
23
严重度: All CriticalHighMediumLow
类型: 全部 Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 658 Improper Authentication - Generic 653 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
Prototype pollution attack through jQuery $.extend
Node.js third-party modules Modification of Assumed-Immutable Data (MAID) (CWE-471)CVE-2019-11358
Medium
2019-04-02
DLL Hijacking in Burp Suite Pro 2.0.19 Installer
PortSwigger Web Security Privilege Escalation (CAPEC-233)
Medium
2019-04-01
Login as root without password on EdgeSwitchX
Ubiquiti Inc. Improper Authentication - Generic (CWE-287)CVE-2019-5426
Medium
2019-03-31
EdgeSwitch Command Injection
Ubiquiti Inc. Command Injection - Generic (CWE-77)CVE-2019-5424
Medium
2019-03-31
Security headers missed on https://acme-validation.jamieweb.net/
JamieWeb Violation of Secure Design Principles (CWE-657)
Medium
2019-03-28
Server-Side Request Forgery on SAML Application - Import via URL
Ping Identity Server-Side Request Forgery (SSRF) (CWE-918)
Medium
2019-03-26
Email addresses exposed in getPersonBySlug API
Semmle
Medium
2019-03-25
Web Cache Deception Attack (XSS)
Algolia Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2019-03-22
CSP : Inline scripts can be inserted
Semmle Cross-site Scripting (XSS) - Generic (CWE-79)
Medium
2019-03-21
Unprotected Api EndPoints
Semmle Violation of Secure Design Principles (CWE-657)
Medium
2019-03-21
Clickjacking at ylands.com
BOHEMIA INTERACTIVE a.s. UI Redressing (Clickjacking) (CAPEC-103)
Medium
2019-03-21
Authenticated Cross-Site-Request-Forgery
Semmle Cross-Site Request Forgery (CSRF) (CWE-352)
Medium
2019-03-19
the login blocking mechanism does not work correctly
Semmle Improper Restriction of Authentication Attempts (CWE-307)
Medium
2019-03-19
[www.zomato.com] Availing Zomato Gold membership for free by tampering plan id(s)
Eternal Business Logic Errors (CWE-840)
Medium
2019-03-18
Reverse Proxy misroute leading to steal X-Shopify-Access-Token header
Shopify Server-Side Request Forgery (SSRF) (CWE-918)
Medium
2019-03-14
Privilege Escalation by abusing non-existent path. (Windows)
PortSwigger Web Security Privilege Escalation (CAPEC-233)
Medium
2019-03-13
Reflected XSS in *.myshopify.com/account/register
Shopify Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2019-03-12
Reflected Cross site Scripting (XSS) on www.starbucks.com
Starbucks Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2019-03-08
Stealing Facebook OAuth Code Through Screenshot viewer
Rockstar Games Information Disclosure (CWE-200)
Medium
2019-03-05
Email enumeration of users
Homebrew Information Disclosure (CWE-200)
Medium
2019-03-05
高频漏洞类型
最活跃项目
项目报告数最高赏金
U.S. Dept Of Defense896
Internet Bug Bounty817 $2,257
HackerOne609
Nextcloud584
Shopify464
curl457
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239