Skip to main content

Top 5 Most Viewed Reports For Q2 2016

  • August 26th , 2016

Pidgey from Pokemon Go looking all mean on the street

In case you don’t have time to read three months of bug reports, here are the Top 5!

The Top 5 Most Viewed Bugs of the Second Quarter of 2016!

5. Reflected XSS on via Angular template injection
This report earned $3,000 for albinowax. He included a link to this blog article (co-written by albinowax) that nicely explains how AngularJS can be used for a client-side template injection.

4. Unauthenticated access to Content Management System -
Mak and all the other hackers in this blog are HackerOne 90/90 Club members. That means they have a higher HackerOne Signal and Impact score than 90% of measured HackerOne hackers. This one earned $5,000.

3. Publicly exposed SVN repository,
This was the most viewed report from Pornhub, who went public with their program on HackerOne shortly before this report was filed. Another one from Mak - nice job earning $10,000.

2. Local file read in image editor
Sl1m found this one and earned $5,000 from Imgur. And what a surprise, he is a member of the 90/90 Club.

1. OneLogin authentication bypass on WordPress sites
Uber has attracted the full attention of the best hackers on HackerOne, with $10,000 awards like this one. Jouko tied for the highest award among these five reports.

These two reports were actually in the Top 5, but were in last quarter’s blog so we exempted them from this list.

Public security disclosures make us all safer - they teach and inspire. Thank you to the hackers and companies that make them possible! Check out these instructions on how to share your reports on HackerOne.

Don't forget to upvote your favorite public disclosures in Hacktivity!

Rajesh F. Krishnan

Recent articles

Zero Daily Newsletter: Fun, yet informative, AppSec, bug bounty, and hacker news

Read the news every day, and check the usual websites? Want to get your industry news and have a little humor…

More Hardware, More Problems

Bounties are for hardware, too. Microwaves notwithstanding, there is an increasing amount of connected…

Bug fixes just got a little easier; HackerOne introduces bi-directional JIRA integration

It’s now possible to view updates on JIRA issues right inside your HackerOne Reports. The two-way integration…