Ethical Hacker

Top 5 Most Viewed Reports For Q2 2016

Top 5 Most Viewed Reports For Q2 2016

Pidgey from Pokemon Go looking all mean on the street

In case you don’t have time to read three months of bug reports, here are the Top 5!

The Top 5 Most Viewed Bugs of the Second Quarter of 2016!

5. Reflected XSS on developer.uber.com via Angular template injection
This report earned $3,000 for albinowax. He included a link to this blog article (co-written by albinowax) that nicely explains how AngularJS can be used for a client-side template injection.

4. Unauthenticated access to Content Management System - www1.pornhubpremium.com
Mak and all the other hackers in this blog are HackerOne 90/90 Club members. That means they have a higher HackerOne Signal and Impact score than 90% of measured HackerOne hackers. This one earned $5,000.

3. Publicly exposed SVN repository, ht.pornhub.com
This was the most viewed report from Pornhub, who went public with their program on HackerOne shortly before this report was filed. Another one from Mak - nice job earning $10,000.

2. Local file read in image editor
Sl1m found this one and earned $5,000 from Imgur. And what a surprise, he is a member of the 90/90 Club.

1. OneLogin authentication bypass on WordPress sites
Uber has attracted the full attention of the best hackers on HackerOne, with $10,000 awards like this one. Jouko tied for the highest award among these five reports.

These two reports were actually in the Top 5, but were in last quarter’s blog so we exempted them from this list.

Public security disclosures make us all safer - they teach and inspire. Thank you to the hackers and companies that make them possible!

Don't forget to upvote your favorite public disclosures in Hacktivity!

Rajesh F. Krishnan


HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty solutions encompass vulnerability assessment, crowdsourced security testing and responsible disclosure management. Discover more about our hacker powered security testing solutions or Contact Us today.