Top Vulnerability Reports of Third Quarter, 2016
It’s time for the third installment of Top 5 Vulnerability Reports on HackerOne.
What a quarter! We sweated through the Vegas conferences, Hacked the World and held a jammed AMA on Reddit. Our hackers crossed the $10,000,000 mark of bounties earned. Best of all, our fantastic hackers helped companies find great vulnerabilities like the ones below.
Instead of listing the raw top five, we looked at the best five, non-repeat, non-summarized vulnerabilities of the quarter to share. Detailed vulnerabilities are the most instructive, so that’s why we highlight them here.
The Top 5 Vulnerability Reports of Third Quarter, 2016:
Mongo investigated Uber passwords via their passwordless signup features. Uber fixed it in a day (Mongo confirmed it) and paid out $10,000. In Uber’s words, “Thanks for the great find @mongo!”. We’re very glad to have Mongo hacking for HackerOne.
A frequent reporter in this blog series, orange knows how not to waste a trip. In this case to China, where a .cn domain of Uber’s was found to have a SQL Injection vulnerability when investigating an unsubscribe link closely. The report earned a nice $4,000.
Paragonie-Scott is one of the most vocal security team leaders on HackerOne. Read his reaction to this oddball .svg report that reminds us that .svg is not like other image file formats. It allows arbitrary code execution by design. Abdullah received the largest-ever bounty from the Paragon program, not to mention over 3,500 pageviews and counting.
We see lots of phrases like “This is probably not a big deal…” in initial hacker reports. Modest hackers! This report Subdomain takeover on http://fastly.sc-cdn.net/ began that way. Ebrietas started with an outdated DNS record and ended with a $3,000 bounty payment. Thanks for preventing users from potentially being served false content.
HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty solutions encompass vulnerability assessment, crowdsourced security testing and responsible disclosure management. Discover more about our hacker powered security testing solutions or Contact Us today.