Skip to main content

Top 5 Most Viewed Reports For Q2 2016

  • August 26th , 2016

Pidgey from Pokemon Go looking all mean on the street

In case you don’t have time to read three months of bug reports, here are the Top 5!

The Top 5 Most Viewed Bugs of the Second Quarter of 2016!

5. Reflected XSS on developer.uber.com via Angular template injection
This report earned $3,000 for albinowax. He included a link to this blog article (co-written by albinowax) that nicely explains how AngularJS can be used for a client-side template injection.

4. Unauthenticated access to Content Management System - www1.pornhubpremium.com
Mak and all the other hackers in this blog are HackerOne 90/90 Club members. That means they have a higher HackerOne Signal and Impact score than 90% of measured HackerOne hackers. This one earned $5,000.

3. Publicly exposed SVN repository, ht.pornhub.com
This was the most viewed report from Pornhub, who went public with their program on HackerOne shortly before this report was filed. Another one from Mak - nice job earning $10,000.

2. Local file read in image editor
Sl1m found this one and earned $5,000 from Imgur. And what a surprise, he is a member of the 90/90 Club.

1. OneLogin authentication bypass on WordPress sites
Uber has attracted the full attention of the best hackers on HackerOne, with $10,000 awards like this one. Jouko tied for the highest award among these five reports.

These two reports were actually in the Top 5, but were in last quarter’s blog so we exempted them from this list.

Public security disclosures make us all safer - they teach and inspire. Thank you to the hackers and companies that make them possible! Check out these instructions on how to share your reports on HackerOne.

Don't forget to upvote your favorite public disclosures in Hacktivity!

Rajesh F. Krishnan

Recent articles

Flexport leverages bug bounty programs to secure their customers highly confidential shipping data

Uber of the oceans, Flexport, leverages bug bounty programs to secure their customers highly confidential…

The best security initiative you can take in 2017

As CEO of HackerOne, I am thrilled to confirm that, as part of our rapid growth, we have strengthened our…

Bug Bounties Help Keepsafe Secure The Data of 50 Million Consumers

Keepsafe is on a mission to help us keep our private lives as they should be - private. Bug bounties are a big…