PinnedPublished inInfoSec Write-upsBypass HackerOne 2FA requirement and reporter blacklistSeverity: Medium (5.0) — High (7.1) Weakness: Improper Authorization Bounty: $10,000 Summary:Oct 31, 20186Oct 31, 20186
Published inPinoy White HatEasy $10,000 bounty using Wayback MachineSeverity: Critical (9 ~ 10) Weakness: Sensitive Information Disclosure Bounty: $10,000Jan 235Jan 235
Published inPinoy White HatAlleged 45 Million NBI Philippines Data Leak Raises Privacy ConcernsAn alleged data leak concerning the Philippine National Bureau of Investigation (NBI) has been making waves online after being posted on…Jan 201Jan 201
Published inPinoy White HatIDOR on HackerOne Embedded Submission FormSeverity: Low (3.7) — Medium (4.4) Weakness: Improper Access Control Bounty: $2,500Dec 17, 202410Dec 17, 202410
Published inPinoy White HatRedacted usernames disclosure in "Export as .pdf" featureSeverity: Low (3.4) Weakness: Sensitive Information Disclosure Bounty: $500Aug 7, 2023Aug 7, 2023
Published inPinoy White HatGetting email address of any HackerOne user worth $12,500Severity: High (7.5) Weakness: Sensitive Information Disclosure Bounty: Duplicate (First researcher receives $12,500)Jul 4, 20231Jul 4, 20231
Published inPinoy White HatHarvesting all private invites using leave program fast-tracked invitation and security@ email…Severity: Medium (6.1) Weakness: Business Logic Errors (CWE-840)Oct 22, 20182Oct 22, 20182
Published inInfoSec Write-upsSOP Bypass using rel=”noreferrer”Note before reading:Oct 17, 20181Oct 17, 20181
Published inPinoy White HatSecurity teams Internal attachments can be exported via “Export as .zip” feature on HackerOneHello Internet, this blog is about my findings on hackerone own bug bounty program late 2016, a simple information disclosure which…Oct 17, 2018Oct 17, 2018
Published inPinoy White HatIDOR on HackerOne Hacker Review “What Program Say”Severity: LowSep 2, 2017Sep 2, 2017