readme.md
January 20, 2023 · View on GitHub
Title
XXE in DoD website that may lead to RCE
URL
https://hackerone.com/reports/227880
Severity score
null
Reporter
jin
Bounty paid
null
Title
Uploaded XLF files result in External Entity Execution
URL
https://hackerone.com/reports/232614
Severity score
7.1
Reporter
4cad
Bounty paid
null
Title
XXE on sms-be-vip.twitter.com in SXMP Processor
URL
https://hackerone.com/reports/248668
Severity score
5.3
Reporter
joshbrodienz
Bounty paid
$10,080
Title
XXE Injection through SVG image upload leads to SSRF
URL
https://hackerone.com/reports/897244
Severity score
0
Reporter
swaysthinking
Bounty paid
null
Title
Remote Code Execution (RCE) vulnerability in a DoD website
URL
https://hackerone.com/reports/232330
Severity score
null
Reporter
peuch
Bounty paid
null
Title
XXE on ██████████ by bypassing WAF ████
URL
https://hackerone.com/reports/433996
Severity score
null
Reporter
honoki
Bounty paid
$5,000
Title
LFI and SSRF via XXE in emblem editor
URL
https://hackerone.com/reports/347139
Severity score
null
Reporter
alexbirsan
Bounty paid
$1,500
Title
Blind XXE on my.mail.ru
URL
https://hackerone.com/reports/276276
Severity score
null
Reporter
chaosbolt
Bounty paid
$800
Title
Flag WriteUp
URL
https://hackerone.com/reports/415202
Severity score
null
Reporter
caioluders
Bounty paid
null
Title
Non-production Open Database In Combination With XXE Leads To SSRF
URL
https://hackerone.com/reports/742808
Severity score
null
Reporter
kaulse
Bounty paid
null
Title
XXE at ecjobs.starbucks.com.cn/retail/hxpublic_v6/hxdynamicpage6.aspx
URL
https://hackerone.com/reports/500515
Severity score
10
Reporter
johnstone
Bounty paid
$4,000
Title
Partial bypass of #483774 with Blind XXE on https://duckduckgo.com
URL
https://hackerone.com/reports/486732
Severity score
null
Reporter
mik317
Bounty paid
null
Title
OOB XXE
URL
https://hackerone.com/reports/690387
Severity score
null
Reporter
johndoe1492
Bounty paid
$500
Title
DMARC Not found for paragonie.com URGENT
URL
https://hackerone.com/reports/179828
Severity score
null
Reporter
hackerone_hero
Bounty paid
null
Title
blind XXE in autodiscover parser
URL
https://hackerone.com/reports/315837
Severity score
null
Reporter
obmi
Bounty paid
$5,000
Title
Singapore - XXE at https://www.starbucks.com.sg/RestApi/soap11
URL
https://hackerone.com/reports/762251
Severity score
7.5
Reporter
rugb
Bounty paid
$500
Title
XXE on pulse.mail.ru
URL
https://hackerone.com/reports/505947
Severity score
null
Reporter
chaosbolt
Bounty paid
$6,000
Title
XXE on DoD web server
URL
https://hackerone.com/reports/188743
Severity score
null
Reporter
dawgyg
Bounty paid
null
Title
XXE in Site Audit function exposing file and directory contents
URL
https://hackerone.com/reports/312543
Severity score
null
Reporter
ajxchapman
Bounty paid
$2,000
Title
Blind XXE via Powerpoint files
URL
https://hackerone.com/reports/334488
Severity score
null
Reporter
mishre
Bounty paid
$2,000
Title
Blind XXE on pu.vk.com
URL
https://hackerone.com/reports/296622
Severity score
null
Reporter
barracud4_
Bounty paid
$500
Title
XXE on https://duckduckgo.com
URL
https://hackerone.com/reports/483774
Severity score
null
Reporter
mik317
Bounty paid
null
Title
OOB XXE
URL
https://hackerone.com/reports/690295
Severity score
null
Reporter
johndoe1492
Bounty paid
$500
Title
XXE крит
URL
https://hackerone.com/reports/449627
Severity score
null
Reporter
linkks
Bounty paid
$300
Title
blind XXE when uploading avatar in mymail phone app
URL
https://hackerone.com/reports/277341
Severity score
null
Reporter
chaosbolt
Bounty paid
$1,000
Title
XXE through injection of a payload in the XMP metadata of a JPEG file
URL
https://hackerone.com/reports/836877
Severity score
null
Reporter
moebius
Bounty paid
null