目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1110

100%
请我们喝杯咖啡

漏洞赏金情报

数据来源:HackerOne 公开披露报告 · 每 6 小时更新

浏览 HackerOne 平台公开披露的漏洞赏金报告,按严重程度、漏洞类型或目标项目筛选,关联 CVE 编号。

已披露报告
12,247
关联 CVE
1,864
参与项目数
343
近 7 天新增
22
严重度: All CriticalHighMediumLow
类型: 全部 Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 658 Improper Authentication - Generic 653 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
SQL injection vulnerability on a DoD website
U.S. Dept Of Defense SQL Injection (CWE-89)
Medium
2017-02-17
Personal information disclosure on a DoD website
U.S. Dept Of Defense Information Disclosure (CWE-200)
Medium
2017-02-16
Exposed Access Control Data Backup Files on DoD Website
U.S. Dept Of Defense Improper Authentication - Generic (CWE-287)
Medium
2017-02-15
[reStructuredText] XSS in project README files
GitLab Cross-site Scripting (XSS) - Generic (CWE-79)
Medium
2017-02-15
[Textile] XSS in project README files
GitLab Cross-site Scripting (XSS) - Generic (CWE-79)
Medium
2017-02-15
[RDoc] XSS in project README files
GitLab Cross-site Scripting (XSS) - Generic (CWE-79)
Medium
2017-02-15
Reflected XSS by exploiting CSRF vulnerability on teavana.com wishlist comment module. (wishlist-comments)
Starbucks Cross-site Scripting (XSS) - Generic (CWE-79)
Medium
2017-02-13
CSRF exploit | Adding/Editing comment of wishlist items (teavana.com - Wishlist-Comments)
Starbucks Cross-Site Request Forgery (CSRF) (CWE-352)
Medium
2017-02-13
Bypass permissions
Nextcloud Privilege Escalation (CAPEC-233)CVE-2017-0883CVE-2017-0884
Medium
2017-02-09
CVE-2017-3730: Bad (EC)DHE parameters cause a client crash
Internet Bug Bounty Uncontrolled Resource Consumption (CWE-400)CVE-2017-3730
Medium
2017-02-07
imagefilltoborder stackoverflow on truecolor images
Internet Bug Bounty Uncontrolled Resource Consumption (CWE-400)
Medium
2017-02-07
Clickjacking Periscope.tv on Chrome
X / xAI UI Redressing (Clickjacking) (CAPEC-103)
Medium
2017-02-06
CSRF Attack on (m.badoo.com)deleting account and erasing imported contacts
Bumble Cross-Site Request Forgery (CSRF) (CWE-352)
Medium
2017-02-06
Stealing User emails by clickjacking cards.twitter.com/xxx/xxx
X / xAI UI Redressing (Clickjacking) (CAPEC-103)
Medium
2017-02-03
cloudup Subdomain Takeover That resolves to Desk.com ( CNAME cloudup.desk.com )
Automattic Violation of Secure Design Principles (CWE-657)
Medium
2017-02-02
Clickjacking
Pushwoosh UI Redressing (Clickjacking) (CAPEC-103)
Medium
2017-02-02
Stored xss in ALBUM DESCRIPTION
Imgur Cross-site Scripting (XSS) - Generic (CWE-79)
Medium
2017-01-27
Starbucks.com is reachable via ip address thus possible to link any doamin to Starbucks.
Starbucks Cryptographic Issues - Generic (CWE-310)
Medium
2017-01-26
Users can download old project exports due to unclaimed namespace
GitLab Information Disclosure (CWE-200)
Medium
2017-01-23
Every user can delete public deploy keys
GitLab Privilege Escalation (CAPEC-233)
Medium
2017-01-23
高频漏洞类型
最活跃项目
项目报告数最高赏金
U.S. Dept Of Defense896
Internet Bug Bounty817 $2,257
HackerOne609
Nextcloud584
Shopify464
curl457
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239