目標達成 すべての支援者に感謝 — 100%達成しました!

目標: 1000 CNY · 調達済み: 1000 CNY

100.0%
コーヒーを一杯おごる

漏洞赏金情报

数据来源:HackerOne 公开披露报告 · 每 6 小时更新

浏览 HackerOne 平台公开披露的漏洞赏金报告,按严重程度、漏洞类型或目标项目筛选,关联 CVE 编号。

已披露报告
12,219
关联 CVE
1,854
参与项目数
342
近 7 天新增
11
严重度: All CriticalHighMediumLow
类型: 全部 Information Disclosure 1173 Cross-site Scripting (XSS) … 747 Violation of Secure Design … 719 Improper Access Control - Generic 656 Improper Authentication - Generic 652 Cross-site Scripting (XSS) … 513 Uncontrolled Resource Consumption 483 Cross-site Scripting (XSS) … 461 Cross-Site Request Forgery (CSRF) 421 Privilege Escalation 375
项目筛选:x
Sensitive Information Disclosure https://cards-dev.twitter.com
X / xAI Information Disclosure (CWE-200)
Medium
2017-09-29
Open Redirect
X / xAI Open Redirect (CWE-601)
Unknown
2017-08-19
XXE on sms-be-vip.twitter.com in SXMP Processor
X / xAI XML External Entities (XXE) (CWE-611)
Medium
2017-07-26
CSRF on Periscope Web OAuth authorization endpoint
X / xAI Cross-Site Request Forgery (CSRF) (CWE-352)
Unknown
2017-07-26
Vine all registered user Private/sensitive information disclosure .[ Ip address/phone no/email and many other informations ]
X / xAI Information Disclosure (CWE-200)
Critical
2017-07-11
CRLF and XSS stored on ton.twitter.com
X / xAI Cross-site Scripting (XSS) - Generic (CWE-79)
Unknown
2017-07-05
csp bypass + xss
X / xAI Cross-site Scripting (XSS) - Generic (CWE-79)
Unknown
2017-07-05
[Studio.twitter.com] See someone else pics
X / xAI Improper Authentication - Generic (CWE-287)
Unknown
2017-06-22
Vine - overwrite account associated with email via android application
X / xAI Improper Authentication - Generic (CWE-287)
Medium
2017-06-14
[██████████.gnip.com] .htpasswd disclosure
X / xAI
Critical
2017-05-26
[URGENT] Opportunity to publish tweets on any twitters account
X / xAI
High
2017-05-22
[IDOR][translate.twitter.com] Opportunity to change any comment at the forum
X / xAI Privilege Escalation (CAPEC-233)
Low
2017-05-12
[Gnip Blogs] Reflected XSS via "plupload.flash.swf" component vulnerable to SOME
X / xAI Cross-site Scripting (XSS) - Reflected (CWE-79)
Medium
2017-05-08
HTTP 401 response injection on "amp.twimg.com/amplify-web-player/prod/source.html" through "image_src" parameter
X / xAI Information Disclosure (CWE-200)
Low
2017-05-08
Bypassing Digits bridge origin validation
X / xAI Improper Authentication - Generic (CWE-287)
Unknown
2017-04-30
Multiple DOMXSS on Amplify Web Player
X / xAI Cross-site Scripting (XSS) - Generic (CWE-79)
Unknown
2017-04-15
CSRF on cards API
X / xAI Cross-Site Request Forgery (CSRF) (CWE-352)
Unknown
2017-04-11
DOM based cookie bomb
X / xAI Uncontrolled Resource Consumption (CWE-400)
Unknown
2017-04-11
SSRF in https://cards-dev.twitter.com/validator
X / xAI Server-Side Request Forgery (SSRF) (CWE-918)
Medium
2017-04-06
DOMXSS in Tweetdeck
X / xAI Cross-site Scripting (XSS) - Generic (CWE-79)
Unknown
2017-04-02
高频漏洞类型
最活跃项目
项目报告数最高赏金
U.S. Dept Of Defense896
Internet Bug Bounty817
HackerOne609
Nextcloud582
Shopify464
curl439
Node.js third-party modules307
GitLab258
X / xAI250 $2,500
Uber239 $9,895