Unauthenticated request smuggling on launchpad.37signals.com
https://hackerone.com/reports/867577
null
hazimaslam
$1,737
HTTP Header Injection/HTTP_Response_Splitting
https://hackerone.com/reports/214436
null
cloudyvirus
null
Password theft login.newrelic.com via Request Smuggling
https://hackerone.com/reports/498052
null
albinowax
$3,000
HTTP Request Smuggling due to CR-to-Hyphen conversion
https://hackerone.com/reports/922597
8.5
amitklein
null
Gratipay Website CSP "script-scr" includes "unsafe-inline"
https://hackerone.com/reports/231510
null
smziaurrashid
null
HTTP Request Smuggling on https://labs.data.gov
https://hackerone.com/reports/726773
7.7
puppykok
$750
Hackerone1
https://hackerone.com/reports/471087
8.9
yasinylcn17
null
http request smuggling in twitter.com
https://hackerone.com/reports/715996
null
protostar0
null
Stealing Zomato X-Access-Token: in Bulk using HTTP Request Smuggling on api.zomato.com
https://hackerone.com/reports/771666
9.8
defparam
$5,000
Default behavior of Fastifys versioned routes can be used for cache poisoning when Fastify is used in combination with a http cache / CDN
https://hackerone.com/reports/1025575
5.9
trygve_lie
null
HTTP request smuggling using malformed Transfer-Encoding header
https://hackerone.com/reports/735748
9
erubinson
$250
Stored XSS on https://paypal.com/signin via cache poisoning
https://hackerone.com/reports/488147
8.7
albinowax
$18,900
HTTP Request Smuggling at app.workbox.dk
https://hackerone.com/reports/919988
null
zeop
$500
HTTP SMUGGLING EXPOSED HMAC/DOS
https://hackerone.com/reports/753939
6.5
pwny_sec
$350
HTTP Request Smuggling
https://hackerone.com/reports/643225
null
mah3sec_
null
Multiple HTTP Smuggling reports
https://hackerone.com/reports/648434
9.8
regilero
null
[spectacles.com] Bypassing quantity limit in orders
https://hackerone.com/reports/246803
5.3
hiorws
$250
Request smuggling on ████████
https://hackerone.com/reports/526880
null
albinowax
null
Mass account takeovers using HTTP Request Smuggling on https://slackb.com/ to steal session cookies
https://hackerone.com/reports/737140
9.3
defparam
$6,500
HTTP request Smuggling
https://hackerone.com/reports/867952
null
dracomalfoy
$500
Potential HTTP Request Smuggling in ruby webrick
https://hackerone.com/reports/965267
null
piao
$500
http request smuggling in pscp.tv and periscope.tv
https://hackerone.com/reports/713285
null
protostar0
$560
HTTP Request Smuggling
https://hackerone.com/reports/866382
null
dracomalfoy
null
Apache HTTP Request Parsing Whitespace Defects
https://hackerone.com/reports/244459
4
regilero
$1,500
HTTP request smuggling on Basecamp 2 allows web cache poisoning
https://hackerone.com/reports/919175
null
hazimaslam
$1,700
Bypass for #488147 enables stored XSS on https://paypal.com/signin again
https://hackerone.com/reports/510152
8.7
albinowax
$20,000
Request smuggling on admin-official.line.me could lead to account takeover
https://hackerone.com/reports/740037
null
shaolin_tw
$9,000
HTTP Request Smuggling on vpn.lob.com
https://hackerone.com/reports/694604
5.3
painreigns
$500