HackerOne Bug Bounty Disclosure: any-user-could-upload-attachments-to-pentest-scoping-form-they-don-t-have-access-to-hillybot

May 15, 2024

Company Name:
HackerOne

Company HackerOne URL:
https://hackerone.com/security

Submitted By:
hillybot__

Link to Submitters Profile:
https://hackerone.com/hillybot__

Report Title:
any user could upload attachments to pentest scoping form they don’t have access to

Report Link:
https://hackerone.com/reports/2450215

Date Submitted:
15 May 2024

A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below

Buy Me A Coffee
Patreon

To keep up to date follow us on the below channels.

You may have missed

hacking

Hackers Exploit Default Credentials in FOUNDATION Software to Breach Construction Firms

September 19, 2024
ransomware 2

Wherever There’s Ransomware, There’s Service Account Compromise. Are You Protected?

September 19, 2024
hackerone

HackerOne Bug Bounty Disclosure: bypass-comment-restriction-retat

September 19, 2024
hackerone

HackerOne Bug Bounty Disclosure: issue-with-vdp-program-s-transition-to-private-status-and-missing-warning-labels-on-org-invitation-callmed

September 19, 2024
hackerone

HackerOne Bug Bounty Disclosure: inviting-collaborator-using-email-disclose-the-hackerone-account-related-to-the-user-raymatp

September 19, 2024