
MetaMask disclosed a bug submitted by renniepak: https://hackerone.com/reports/1710564 – Bounty: $1000

Source link
Related Articles
All Mix →Testing flow includes a DeepSource secret
Weblate disclosed a bug submitted by triplesided: https://hackerone.com/reports/1927499 Source link
Zero Daily Newsletter: Fun, yet informative, AppSec, bug bounty, and hacker news
Table of Contents What is Zero Daily? What content is included? How often will you send it? Who Should Subscribe? What else should I be…
Samesite by Default and What It Means for Bug Bounty Hunters
Table of Contents Clickjacking Cross-Site Script Inclusion JSONP Leaks Data Exfiltration XSLeaks CORS Misconfigurations Cross-Site WebSocket Hijacking XSS End of an Era? 31 January 2020…
HackerOne Policies Update | HackerOne
Introduction: During November of this year, you may have noticed a new page on HackerOne: hackerone.com/policies. This page contains the Code of Conduct and…
OAuth and PostMessage
Table of Contents Tl;DR; Summary OAuth misconfiguration: A different Approach Timeline: Tl;DR; An OAuth misconfiguration was discovered in the redirect_uri parameter at the target’s OAuth…
API Attack Awareness: Broken Object Level Authorization (BOLA)
Table of Contents What is a BOLA Vulnerability? BOLA is Common, and the Consequences are Severe How a BOLA Vulnerability Could Play Out Mitigating BOLA:…