Skip to main content

Top 5 Most Viewed Reports For Q2 2016

  • August 26th , 2016

Pidgey from Pokemon Go looking all mean on the street

In case you don’t have time to read three months of bug reports, here are the Top 5!

The Top 5 Most Viewed Bugs of the Second Quarter of 2016!

5. Reflected XSS on via Angular template injection
This report earned $3,000 for albinowax. He included a link to this blog article (co-written by albinowax) that nicely explains how AngularJS can be used for a client-side template injection.

4. Unauthenticated access to Content Management System -
Mak and all the other hackers in this blog are HackerOne 90/90 Club members. That means they have a higher HackerOne Signal and Impact score than 90% of measured HackerOne hackers. This one earned $5,000.

3. Publicly exposed SVN repository,
This was the most viewed report from Pornhub, who went public with their program on HackerOne shortly before this report was filed. Another one from Mak - nice job earning $10,000.

2. Local file read in image editor
Sl1m found this one and earned $5,000 from Imgur. And what a surprise, he is a member of the 90/90 Club.

1. OneLogin authentication bypass on WordPress sites
Uber has attracted the full attention of the best hackers on HackerOne, with $10,000 awards like this one. Jouko tied for the highest award among these five reports.

These two reports were actually in the Top 5, but were in last quarter’s blog so we exempted them from this list.

Public security disclosures make us all safer - they teach and inspire. Thank you to the hackers and companies that make them possible! Check out these instructions on how to share your reports on HackerOne.

Don't forget to upvote your favorite public disclosures in Hacktivity!

Rajesh F. Krishnan

Recent articles

H1-415 Hackathon Delivers to Customers, Community, and Hackers

Just a few short weeks ago, an elite group of hackers huddled in conference rooms in a San Francisco high-rise…

Introducing CWE-based Weaknesses

HackerOne updated their vulnerability taxonomy to include a more complete weakness suite based on the industry-…

Intel launches its first bug bounty program

Our friends at Intel have an exciting announcement! Their bug bounty program is live.