目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1020

100%
请我们喝杯咖啡

漏洞赏金情报

数据来源:HackerOne 公开披露报告 · 每 6 小时更新

浏览 HackerOne 平台公开披露的漏洞赏金报告,按严重程度、漏洞类型或目标项目筛选,关联 CVE 编号。

已披露报告
12,245
关联 CVE
1,864
参与项目数
343
近 7 天新增
23
严重度: All CriticalHighMediumLow
类型: 全部 Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 658 Improper Authentication - Generic 653 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
wrong url in hackerone > goes to wix.com > unconnected
Sifchain Misconfiguration (CWE-16)
Low
2021-05-07
Disavowing an account doesn't disable it
Liberapay Improper Authentication - Generic (CWE-287)
Low
2021-05-07
Editing Pentest Summary Report Answers After Submitting Them
HackerOne Modification of Assumed-Immutable Data (MAID) (CWE-471)
Low
2021-05-06
Open Redirect on https://www.twitterflightschool.com/widgets/experience?destination_url=https://evil.com
X / xAI Open Redirect (CWE-601)
Low
2021-05-04
No rate Limit
Moneybird
Low
2021-05-03
Code Injection via Insecure Yaml.load
Kubernetes Code Injection (CWE-94)
Low
2021-05-01
CVE-2021-22890: TLS 1.3 session ticket proxy host mixup
curl Man-in-the-Middle (CWE-300)CVE-2021-22890
Low
2021-04-30
CVE-2021-22876: Automatic referer leaks credentials
curl CVE-2021-22876
Low
2021-04-30
Hi! Security Team Rocket.Chat, It's possible to get information about the users emails without authentication
Rocket.Chat Information Disclosure (CWE-200)CVE-2021-22892
Low
2021-04-29
credentials found in config file on github
BlockFi Password in Configuration File (CWE-260)
Low
2021-04-28
Privilege Escalation Leads to Control The Owner Access Token Which leads to control the stream [streamlabs.com]
Logitech Privilege Escalation (CAPEC-233)
Low
2021-04-27
Password policy changes not enforced for existing passwords
Nextcloud Weak Cryptography for Passwords (CWE-261)
Low
2021-04-26
Social media link hijack of team member [Linkedin] at https://mackeeper.com/team/
Clario Misconfiguration (CWE-16)
Low
2021-04-21
PHP info page disclosure
U.S. General Services Administration Information Disclosure (CWE-200)
Low
2021-04-14
Flash Based Reflected XSS on www.grouplogic.com/jwplayer/player.swf
Acronis Cross-site Scripting (XSS) - Reflected (CWE-79)
Low
2021-04-13
Reflected XSS on www.grouplogic.com/video.asp
Acronis Cross-site Scripting (XSS) - Reflected (CWE-79)
Low
2021-04-13
Reflected XSS on http://www.grouplogic.com/files/glidownload/verify.asp
Acronis Cross-site Scripting (XSS) - Reflected (CWE-79)
Low
2021-04-13
CRLF INJECTION
U.S. General Services Administration
Low
2021-04-10
Open Redirect и подмена ссылки в сниппете приложения VKMA
VK.com Open Redirect (CWE-601)
Low
2021-04-09
Отправляем смс на любой номер от имени vk.com. (Сообщение в смс всегда одно и то же, его менять нельзя.)
VK.com Business Logic Errors (CWE-840)
Low
2021-04-09
高频漏洞类型
最活跃项目
项目报告数最高赏金
U.S. Dept Of Defense896
Internet Bug Bounty817 $2,257
HackerOne609
Nextcloud584
Shopify464
curl457
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239