Snapchat - HackerOne Reports
View on HackerOne33
Total Reports
4
Critical
8
High
9
Medium
5
Low
Incoming email hijacking on sc-cdn.net
Reported by:
rubyroobs
|
Disclosed:
Weakness: Misconfiguration
Bypass Rate Limits on app.snapchat.com API Endpoint via X-Forwarded-For Header
Reported by:
sicarius
|
Disclosed:
Medium
Weakness: Business Logic Errors
Password reset tokens sent to CSP reporting endpoints
Reported by:
mahfujwhh
|
Disclosed:
Low
Weakness: Information Disclosure
Github Token Leaked publicly for https://github.sc-corp.net
Reported by:
th3g3nt3lman
|
Disclosed:
Critical
Weakness: Cleartext Storage of Sensitive Information
Server-Side Request Forgery using Javascript allows to exfill data from Google Metadata
Reported by:
nahamsec
|
Disclosed:
Weakness: Server-Side Request Forgery (SSRF)
Domain Takeover in [obviousengine.com] a snapchat acquisitions
Reported by:
malcolmx
|
Disclosed:
High
Weakness: Privilege Escalation
CSRF when unlocking lenses leads to lenses being forcefully installed without user interaction
Reported by:
sdushantha
|
Disclosed:
Low
Weakness: Cross-Site Request Forgery (CSRF)
Bounty: $250.00
CreatorID leaked from public content posted to SnapMaps
Reported by:
drrichardmatthews
|
Disclosed:
Medium
Weakness: Server-Side Request Forgery (SSRF)
Bounty: $1000.00
Subdomain takeover of blog.snapchat.com
Reported by:
jreynoldsdev
|
Disclosed:
internal dev tokens disclosure
Reported by:
happytohelp22
|
Disclosed:
Low
Weakness: Cleartext Storage of Sensitive Information
Bounty: $250.00
Bypassing "You've requested your data the maximum number of times today." + "Please Verify an email address with snapchat to continue"
Reported by:
marwan
|
Disclosed:
Weakness: Improper Authentication - Generic
HTML injection on newsroom.snap.com/* via search?q=1
Reported by:
jotita3
|
Disclosed:
Low
Weakness: Code Injection
Bounty: $500.00
Exposed Kubernetes API - RCE/Exposed Creds
Reported by:
txt3rob
|
Disclosed:
Critical
Weakness: OS Command Injection
Bounty: $25000.00
Previous
Page 2 of 2