目標達成 すべての支援者に感謝 — 100%達成しました!

目標: 1000 CNY · 調達済み: 1000 CNY

100.0%
コーヒーを一杯おごる

漏洞赏金情报

数据来源:HackerOne 公开披露报告 · 每 6 小时更新

浏览 HackerOne 平台公开披露的漏洞赏金报告,按严重程度、漏洞类型或目标项目筛选,关联 CVE 编号。

已披露报告
12,219
关联 CVE
1,854
参与项目数
342
近 7 天新增
10
严重度: All CriticalHighMediumLow
类型: 全部 Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
项目筛选:slack
AWS bucket leading to iOS test build code and configuration exposure
Slack Information Disclosure (CWE-200)
Critical
2019-02-23
Bypass of the SSRF protection in Event Subscriptions parameter.
Slack Server-Side Request Forgery (SSRF) (CWE-918)
Medium
2019-02-22
SSRF in api.slack.com, using slash commands and bypassing the protections.
Slack Server-Side Request Forgery (SSRF) (CWE-918)
Medium
2019-02-22
The POODLE attack (SSLv3 supported) at status.slack.com
Slack Cryptographic Issues - Generic (CWE-310)
Medium
2018-11-28
HTML Injection inside Slack promotional emails
Slack
Low
2018-07-30
HTTP parameter pollution from outdated Greenhouse.io JS dependency
Slack Resource Injection (CWE-99)
Medium
2018-07-19
Internal SSRF bypass using slash commands at api.slack.com
Slack Server-Side Request Forgery (SSRF) (CWE-918)
Medium
2018-07-12
Shared-channel BETA persists integration after unshare
Slack Business Logic Errors (CWE-840)
Medium
2018-04-25
Unauthenticated LFI revealing log information
Slack Information Disclosure (CWE-200)
High
2018-01-26
Bypass two-factor authentication
Slack Improper Authentication - Generic (CWE-287)
Unknown
2017-11-18
Race Condition in account survey
Slack Violation of Secure Design Principles (CWE-657)
Unknown
2017-11-12
Many Slack teams can be joined by abusing an improperly configured support@ inbox
Slack Improper Authentication - Generic (CWE-287)
Unknown
2017-10-21
The Custom Emoji Page has a Reflected XSS
Slack Cross-site Scripting (XSS) - Reflected (CWE-79)
High
2017-09-24
Access of Android protected components via embedded intent
Slack Privilege Escalation (CAPEC-233)
Critical
2017-07-17
Code Injection in Slack's Windows Desktop Client leads to Privilege Escalation
Slack Command Injection - Generic (CWE-77)
Unknown
2017-07-14
"a stored xss issue in share post menu"
Slack Cross-site Scripting (XSS) - Generic (CWE-79)
Unknown
2017-06-25
a stored xss issue in https://files.slack.com
Slack Cross-site Scripting (XSS) - Generic (CWE-79)
Unknown
2017-06-25
Bypass to postMessage origin validation via FTP
Slack Cross-site Scripting (XSS) - Generic (CWE-79)
High
2017-04-21
dom xss in https://www.slackatwork.com
Slack Cross-site Scripting (XSS) - Generic (CWE-79)
Low
2017-03-02
Stealing xoxs-tokens using weak postMessage / call-popup redirect to current team domain
Slack Violation of Secure Design Principles (CWE-657)
Unknown
2017-02-28
高频漏洞类型
最活跃项目
项目报告数最高赏金
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud582
Shopify464
curl439
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239 $9,895