Hackerone disclosures 21st August 2020

Hackerone disclosures 21st August 2020

Hacktivity from elmahdi 

 

Registering with email \[ \+70 Chars \] Lead to Disclose some informations \[Django Debug Mode \]

 

https://hackerone.com/reports/963584

Disclosed at: 2020-08-21 07:41:30 UTC+0

Created at: 2020-08-20 17:48:12 UTC+0

Bug Bounty Channel, [21.08.20 19:53]

Hacktivity from try\_\_\_for\_impossible 

 

Information Disclosure through DEBUG at Subscription \[https://app\.dropcontact\.io/app/subscription?connector=salesforce\]\(CRITICAL\)

 

https://hackerone.com/reports/963921

Disclosed at: 2020-08-21 07:53:17 UTC+0

Created at: 2020-08-21 04:45:23 UTC+0

Bug Bounty Channel, [21.08.20 19:53]

Hacktivity from aungkyawphyo 

 

Django DEBUG mode enabled and leaked system information\.

 

https://hackerone.com/reports/963542

Disclosed at: 2020-08-21 08:12:50 UTC+0

Created at: 2020-08-20 16:48:05 UTC+0

Bug Bounty Channel, [21.08.20 19:53]

Hacktivity from awarau 

 

Prototype Pollution lodash 4\.17\.15

 

https://hackerone.com/reports/864701

Disclosed at: 2020-08-21 10:34:29 UTC+0

Created at: 2020-05-02 11:10:22 UTC+0

Bug Bounty Channel, [21.08.20 19:54]

Hacktivity from exploit\_db 

 

Sensitive Information Disclosure

 

https://hackerone.com/reports/963352

Disclosed at: 2020-08-21 13:19:49 UTC+0

Created at: 2020-08-20 15:19:02 UTC+0

Bug Bounty Channel, [21.08.20 20:09]

Hacktivity from higbee 

 

Django should not have debug mode enabled

 

https://hackerone.com/reports/963809

Disclosed at: 2020-08-21 14:38:33 UTC+0

Created at: 2020-08-20 21:31:23 UTC+0

Bug Bounty Channel, [22.08.20 01:23]

Hacktivity from vbdev 

 

JOIN OUR TELEGRAM CHANNEL

Django debug enabled showing information about system, database, configuration files\.

 

https://hackerone.com/reports/963164

Disclosed at: 2020-08-21 19:52:31 UTC+0

Created at: 2020-08-20 12:48:21 UTC+0

Bug Bounty Channel, [22.08.20 01:50]

Hacktivity from hk755a 

 

Unauthorized Use of Victim Credit Card

 

https://hackerone.com/reports/391385

Disclosed at: 2020-08-21 20:20:16 UTC+0

Created at: 2018-08-07 17:02:13 UTC+0

Bug Bounty Channel, [22.08.20 02:11]

Hacktivity from hk755a 

 

ClickJacking on IMPORTANT Functions of Yelp

 

https://hackerone.com/reports/305128

Disclosed at: 2020-08-21 20:41:41 UTC+0

Created at: 2018-01-16 07:45:07 UTC+0

Bug Bounty Channel, [22.08.20 02:21]

Hacktivity from hk755a 

 

CRITICAL\-CLICKJACKING at Yelp Reservations Resulting in exposure of victim Private Data \(Email info\) \+ Victim Credit Card MissUse\. 

 

https://hackerone.com/reports/355859

Disclosed at: 2020-08-21 20:51:23 UTC+0

Created at: 2018-05-22 11:27:00 UTC+0

JOIN OUR TELEGRAM CHANNEL