Skip to content

Latest commit

 

History

History
420 lines (308 loc) · 5.18 KB

File metadata and controls

420 lines (308 loc) · 5.18 KB

Title

Unauthenticated request smuggling on launchpad.37signals.com

URL

https://hackerone.com/reports/867577

Severity score

null

Reporter

hazimaslam

Bounty paid

$1,737


Title

HTTP Header Injection/HTTP_Response_Splitting

URL

https://hackerone.com/reports/214436

Severity score

null

Reporter

cloudyvirus

Bounty paid

null


Title

Password theft login.newrelic.com via Request Smuggling

URL

https://hackerone.com/reports/498052

Severity score

null

Reporter

albinowax

Bounty paid

$3,000


Title

HTTP Request Smuggling due to CR-to-Hyphen conversion

URL

https://hackerone.com/reports/922597

Severity score

8.5

Reporter

amitklein

Bounty paid

null


Title

Gratipay Website CSP "script-scr" includes "unsafe-inline"

URL

https://hackerone.com/reports/231510

Severity score

null

Reporter

smziaurrashid

Bounty paid

null


Title

HTTP Request Smuggling on https://labs.data.gov

URL

https://hackerone.com/reports/726773

Severity score

7.7

Reporter

puppykok

Bounty paid

$750


Title

Hackerone1

URL

https://hackerone.com/reports/471087

Severity score

8.9

Reporter

yasinylcn17

Bounty paid

null


Title

http request smuggling in twitter.com

URL

https://hackerone.com/reports/715996

Severity score

null

Reporter

protostar0

Bounty paid

null


Title

Stealing Zomato X-Access-Token: in Bulk using HTTP Request Smuggling on api.zomato.com

URL

https://hackerone.com/reports/771666

Severity score

9.8

Reporter

defparam

Bounty paid

$5,000


Title

Default behavior of Fastifys versioned routes can be used for cache poisoning when Fastify is used in combination with a http cache / CDN

URL

https://hackerone.com/reports/1025575

Severity score

5.9

Reporter

trygve_lie

Bounty paid

null


Title

HTTP request smuggling using malformed Transfer-Encoding header

URL

https://hackerone.com/reports/735748

Severity score

9

Reporter

erubinson

Bounty paid

$250


Title

Stored XSS on https://paypal.com/signin via cache poisoning

URL

https://hackerone.com/reports/488147

Severity score

8.7

Reporter

albinowax

Bounty paid

$18,900


Title

HTTP Request Smuggling at app.workbox.dk

URL

https://hackerone.com/reports/919988

Severity score

null

Reporter

zeop

Bounty paid

$500


Title

HTTP SMUGGLING EXPOSED HMAC/DOS

URL

https://hackerone.com/reports/753939

Severity score

6.5

Reporter

pwny_sec

Bounty paid

$350


Title

HTTP Request Smuggling

URL

https://hackerone.com/reports/643225

Severity score

null

Reporter

mah3sec_

Bounty paid

null


Title

Multiple HTTP Smuggling reports

URL

https://hackerone.com/reports/648434

Severity score

9.8

Reporter

regilero

Bounty paid

null


Title

[spectacles.com] Bypassing quantity limit in orders

URL

https://hackerone.com/reports/246803

Severity score

5.3

Reporter

hiorws

Bounty paid

$250


Title

Request smuggling on ████████

URL

https://hackerone.com/reports/526880

Severity score

null

Reporter

albinowax

Bounty paid

null


Title

Mass account takeovers using HTTP Request Smuggling on https://slackb.com/ to steal session cookies

URL

https://hackerone.com/reports/737140

Severity score

9.3

Reporter

defparam

Bounty paid

$6,500


Title

HTTP request Smuggling

URL

https://hackerone.com/reports/867952

Severity score

null

Reporter

dracomalfoy

Bounty paid

$500


Title

Potential HTTP Request Smuggling in ruby webrick

URL

https://hackerone.com/reports/965267

Severity score

null

Reporter

piao

Bounty paid

$500


Title

http request smuggling in pscp.tv and periscope.tv

URL

https://hackerone.com/reports/713285

Severity score

null

Reporter

protostar0

Bounty paid

$560


Title

HTTP Request Smuggling

URL

https://hackerone.com/reports/866382

Severity score

null

Reporter

dracomalfoy

Bounty paid

null


Title

Apache HTTP Request Parsing Whitespace Defects

URL

https://hackerone.com/reports/244459

Severity score

4

Reporter

regilero

Bounty paid

$1,500


Title

HTTP request smuggling on Basecamp 2 allows web cache poisoning

URL

https://hackerone.com/reports/919175

Severity score

null

Reporter

hazimaslam

Bounty paid

$1,700


Title

Bypass for #488147 enables stored XSS on https://paypal.com/signin again

URL

https://hackerone.com/reports/510152

Severity score

8.7

Reporter

albinowax

Bounty paid

$20,000


Title

Request smuggling on admin-official.line.me could lead to account takeover

URL

https://hackerone.com/reports/740037

Severity score

null

Reporter

shaolin_tw

Bounty paid

$9,000


Title

HTTP Request Smuggling on vpn.lob.com

URL

https://hackerone.com/reports/694604

Severity score

5.3

Reporter

painreigns

Bounty paid

$500