pixiv - HackerOne Reports
View on HackerOne9
Total Reports
1
Critical
2
High
4
Medium
2
Low
CSRF at https://chatstory.pixiv.net/imported
Reported by:
katsuragicsl
|
Disclosed:
Medium
Weakness: Cross-Site Request Forgery (CSRF)
Bounty: $500.00
XSS Reflected at https://sketch.pixiv.net/ Via `next_url`
Reported by:
find_me_here
|
Disclosed:
Medium
Weakness: Cross-site Scripting (XSS) - Reflected
Bounty: $500.00
Open Redirect at https://oauth.secure.pixiv.net
Reported by:
zimmer75
|
Disclosed:
Low
Weakness: Open Redirect
Bounty: $200.00
Reset any password
Reported by:
pdaa
|
Disclosed:
High
Weakness: Weak Password Recovery Mechanism for Forgotten Password
Stealing Users OAuth authorization code via redirect_uri
Reported by:
kuzu7shiki
|
Disclosed:
High
Weakness: Improper Authorization
Bounty: $2000.00
Bypass extension check leads to stored XSS at https://s2.booth.pm
Reported by:
fanar
|
Disclosed:
Medium
Weakness: Cross-site Scripting (XSS) - Stored
Open redirect protection (https://www.pixiv.net/jump.php) is broken for novels
Reported by:
katsuragicsl
|
Disclosed:
Low
Weakness: Open Redirect
Bounty: $200.00
RCE due to ImageTragick v2
Reported by:
chaosbolt
|
Disclosed:
Critical
Weakness: Code Injection
Bounty: $2000.00
XSS reflected on [https://www.pixiv.net]
Reported by:
bcobain23
|
Disclosed:
Medium
Weakness: Cross-site Scripting (XSS) - Reflected
Bounty: $500.00