Skip to content
CyberWar.ro
  • Home
  • Countries
  • CERTs / CSIRTs Updates
  • Tools
    • IP Converter
    • CyberChef
    • HTTP Headers
    • View Source
    • Favicon Hashes
  • Resources
    • Bookmarks
    • News
    • Publications
    • Dictionary
    • Abbreviations
  • Contact

[Bug Bounty Money] – Episode 3 – Week 13 / 2023

March 29, 2023March 29, 2023 by TheNewbie

  • Open Redirect Vulnerability in Action Pack, 2400 USD
  • Lack of bruteforce protection for TOTP 2FA, 750 USD
  • Arbitrary read of all SVG files on a Nextcloud server, 1250 USD
  • Cards in Deck are readable by any user, 825 USD
  • HTML injection via insecure parameter [https://www.ubercarshare.com/], 650 USD
  • DOM based XSS via insecure parameter on [ https://uberpay-mock-psp.uber.com ], 1420 USD
  • [uchat.uberinternals.com] Mattermost doesn’t check Origin in Websockets, which leads to the Critical Inforamation Leakage., 2000 USD
  • [data-07.uberinternal.com] SSRF in Portainer app lead to access to Internal Docker API without Auth, 500 USD
  • [Go]: Add Beego.Input.RequestBody source to Beego framework, 1000 USD
  • [CPP]Add query to detect bugs like CVE-2017-5123, 1000 USD
  • [CPP]: Add query for CWE-125 Out-of-bounds Read with different interpretation of the string when use mbtowc , 1000 USD
  • Stealing Users OAuth authorization code via redirect_uri, 2000 USD
Categories Bug Bounty Money, Bug Bounty Programs, Cybersecurity Tags bug bounty
ChatGPT Plugins: A Revolution in AI Interaction and the Global Implications
Chamadas de Palestras – Fórum de CSIRTs e Workshop MISP [cert.br]

Leave a Comment Cancel reply

  • Privacy and Cookie Policy (EU)
© 2023 CyberWar.ro • Built with GeneratePress
Manage Cookie Consent
We use technologies like cookies to store and/or access device information. We do this to improve browsing experience and to show (non-) personalized ads. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage {vendor_count} vendors Read more about these purposes
View preferences
{title} {title} {title}