TikTok - HackerOne Reports
View on HackerOne117
Total Reports
5
Critical
18
High
50
Medium
43
Low
Open Redirect TO Stealing aadvid
Reported by:
lu3ky-13
|
Disclosed:
Low
Weakness: Open Redirect
IDOR on ads.tiktok.com Allows Unauthorized Product Addition
Reported by:
p_oria
|
Disclosed:
Low
Weakness: Insecure Direct Object Reference (IDOR)
Bounty: $500.00
Reflected XSS on Pangle Endpoint
Reported by:
32bit
|
Disclosed:
High
Weakness: Cross-site Scripting (XSS) - Reflected
Bounty: $5000.00
Blocked user can see live video
Reported by:
sandipgyawalii
|
Disclosed:
Medium
Weakness: Privacy Violation
Bounty: $418.00
Reflected XSS On [https://www-useast1a.tiktok.com/ug/incentive/share/hd]
Reported by:
ashrafabdelrazik
|
Disclosed:
Medium
Weakness: Cross-site Scripting (XSS) - Reflected
CSRF on TikTok Ads Portal
Reported by:
probatorem
|
Disclosed:
Medium
Weakness: Cross-Site Request Forgery (CSRF)
Bounty: $1000.00
Create product discounts of any shop
Reported by:
datph4m
|
Disclosed:
Medium
Weakness: Insecure Direct Object Reference (IDOR)
Stored-XSS-ads.tiktok.com
Reported by:
ahmed_xyz
|
Disclosed:
Low
Weakness: Cross-site Scripting (XSS) - Stored
TikTok Account Creation Date Information Disclosure
Reported by:
f15
|
Disclosed:
Low
Weakness: Privacy Violation
Bounty: $100.00
Bypass SMS verification to delete TikTok account
Reported by:
luizviana
|
Disclosed:
Low
Weakness: Improper Authorization
Add products to any livestream.
Reported by:
datph4m
|
Disclosed:
Medium
Weakness: Insecure Direct Object Reference (IDOR)
Stored XSS Via Ads Account Name
Reported by:
rioncool22
|
Disclosed:
Medium
Weakness: Cross-site Scripting (XSS) - Stored
Bounty: $1000.00
Information Leakage via TikTok Ads Web Cache Deception
Reported by:
hehehhehehe
|
Disclosed:
Low
Weakness: Misconfiguration
HTML Injection through Account Name field on TikTok ads portal being rendered on emails
Reported by:
nagli
|
Disclosed:
Low
Weakness: Code Injection
TikTok Session Donation CSRF via QR code login
Reported by:
lauritz
|
Disclosed:
Low
Weakness: Cross-Site Request Forgery (CSRF)
Cross Site Scripting using Email parameter in Ads endpoint 2
Reported by:
luizviana
|
Disclosed:
Medium
Weakness: Cross-site Scripting (XSS) - Reflected
External SSRF and Local File Read via video upload due to vulnerable FFmpeg HLS processing
Reported by:
ach
|
Disclosed:
High
Weakness: Server-Side Request Forgery (SSRF)
Bounty: $2727.00
TikTok's pixel/sdk.js leaks current URL from websites using postMessage
Reported by:
fransrosen
|
Disclosed:
Medium
Weakness: Improper Authorization
Rate limiting on report video
Reported by:
alertjd
|
Disclosed:
Low
Weakness: Improper Restriction of Authentication Attempts
Reflected XSS on TikTok Website
Reported by:
homosec
|
Disclosed:
Medium
Weakness: Cross-site Scripting (XSS) - Reflected
Bounty: $3000.00
Page 1 of 6
Next