Revealing private information of hackerone – Bug Bounty POC
Hello Bug Bounty POC Viewers, Hope you are fine. As you all know few days back in hunted hackerone with a $1.5k bounty the report was disclosed publicaly but the hackerone staff disclosed the report as limited due to some sensitive information. My Name is Ubaid Zargar and today i will be showing the full edition of that report that how i found it. First I am not a Active hunter as few my friends know i have been busy with studies. But few days back i decided to take a look into hackerone. So lets come to the point as i previously mentioned in my Hacker’s Summary on the report that the vulnerable endpoint was Filter Entities. So Basically the endpoint was like :
Vulnerable Endpoint : Filter_entities.json
So When i wrote any program in the end of this Url The result was pretty shocking, All the members of the team and the name of the
groups were getting leaked in the JSON response. So the final poc was :
That was working with all type of programs :
– External Program
– Invite only
The privacy of the teams were getting leaked without even an intercation. So the hackerone fixed this by patching the endpoints.
The Data was getting leaked in such a way :
It was an tricky and to the point find so the write up ends here, Hope you Guys liked it.