PinnedPublished inInfoSec Write-upsBypass HackerOne 2FA requirement and reporter blacklistSeverity: Medium (5.0) — High (7.1) Weakness: Improper Authorization Bounty: $10,000 Summary:Oct 31, 2018A response icon6Oct 31, 2018A response icon6
Published inPinoy White HatEasy $10,000 bounty using Wayback MachineSeverity: Critical (9 ~ 10) Weakness: Sensitive Information Disclosure Bounty: $10,000Jan 23A response icon7Jan 23A response icon7
Published inPinoy White HatAlleged 45 Million NBI Philippines Data Leak Raises Privacy ConcernsAn alleged data leak concerning the Philippine National Bureau of Investigation (NBI) has been making waves online after being posted on…Jan 20A response icon1Jan 20A response icon1
Published inPinoy White HatIDOR on HackerOne Embedded Submission FormSeverity: Low (3.7) — Medium (4.4) Weakness: Improper Access Control Bounty: $2,500Dec 17, 2024A response icon11Dec 17, 2024A response icon11
Published inPinoy White HatRedacted usernames disclosure in "Export as .pdf" featureSeverity: Low (3.4) Weakness: Sensitive Information Disclosure Bounty: $500Aug 7, 2023Aug 7, 2023
Published inPinoy White HatGetting email address of any HackerOne user worth $12,500Severity: High (7.5) Weakness: Sensitive Information Disclosure Bounty: Duplicate (First researcher receives $12,500)Jul 4, 2023A response icon1Jul 4, 2023A response icon1
Published inPinoy White HatHarvesting all private invites using leave program fast-tracked invitation and security@ email…Severity: Medium (6.1) Weakness: Business Logic Errors (CWE-840)Oct 22, 2018A response icon2Oct 22, 2018A response icon2
Published inInfoSec Write-upsSOP Bypass using rel=”noreferrer”Note before reading:Oct 17, 2018A response icon1Oct 17, 2018A response icon1
Published inPinoy White HatSecurity teams Internal attachments can be exported via “Export as .zip” feature on HackerOneHello Internet, this blog is about my findings on hackerone own bug bounty program late 2016, a simple information disclosure which…Oct 17, 2018Oct 17, 2018
Published inPinoy White HatIDOR on HackerOne Hacker Review “What Program Say”Severity: LowSep 2, 2017Sep 2, 2017