Japz DivinoinPinoy White HatIDOR on HackerOne Embedded Submission FormSeverity: Low (3.7) — Medium (4.4) Weakness: Improper Access Control Bounty: $2,500Jun 197Jun 197
Japz DivinoinPinoy White HatRedacted usernames disclosure in "Export as .pdf" featureSeverity: Low (3.4) Weakness: Sensitive Information Disclosure Bounty: $500Aug 7, 2023Aug 7, 2023
Japz DivinoinPinoy White HatGetting email address of any HackerOne user worth $12,500Severity: High (7.5) Weakness: Sensitive Information Disclosure Bounty: Duplicate (First researcher receives $12,500)Jul 4, 20231Jul 4, 20231
Japz DivinoinPinoy White HatBypass HackerOne 2FA requirement and reporter blacklistSeverity: Medium (5.0) — High (7.1) Weakness: Improper Authorization Bounty: $10,000 Summary:Oct 31, 20186Oct 31, 20186
Japz DivinoinPinoy White HatHarvesting all private invites using leave program fast-tracked invitation and security@ email…Severity: Medium (6.1) Weakness: Business Logic Errors (CWE-840)Oct 22, 20182Oct 22, 20182
Japz DivinoinPinoy White HatSecurity teams Internal attachments can be exported via “Export as .zip” feature on HackerOneHello Internet, this blog is about my findings on hackerone own bug bounty program late 2016, a simple information disclosure which…Oct 17, 2018Oct 17, 2018
Japz DivinoinPinoy White HatIDOR on HackerOne Hacker Review “What Program Say”Severity: LowSep 2, 2017Sep 2, 2017