Revealing private information of hackerone

Revealing private information of hackerone – Bug Bounty POC

Hello Bug Bounty POC Viewers, Hope you are fine. As you all know few days back in hunted hackerone with a $1.5k bounty the report was disclosed publicaly but the hackerone staff disclosed the report as limited due to some sensitive information. My Name is Ubaid Zargar and today i will be showing the full edition of that report that how i found it. First I am not a Active hunter as few my friends know i have been busy with studies. But few days back i decided to take a look into hackerone. So lets come to the point as i previously mentioned in my Hacker’s Summary on the report that the vulnerable endpoint was Filter Entities. So Basically the endpoint was like :

https://­hackerone.com/bugs/­filter_entities.json?­subject=

Vulnerable Endpoint : Filter_entities.json

So When i wrote any program in the end of this Url The result was pretty shocking, All the members of the team and the name of the
groups were getting leaked in the JSON response. So the final poc was :

https://­hackerone.com/bugs/­filter_entities.json?­subject=

That was working with all type of programs :

– Sandboxed
– External Program
– Invite only

The privacy of the teams were getting leaked without even an intercation. So the hackerone fixed this by patching the endpoints.

The Data was getting leaked in such a way :

[
{
“id”:1,
“username”:”dirk”,
“name”:”dirk”,
“bio”:””,
“url”:”https://hackerone.com/dirk”
},
{
“id”:2,
“name”:”Admin”,
“team_members_count”:1
}
]

It was an tricky and to the point find so the write up ends here, Hope you Guys liked it.

 

IDOR vulnerability in Hackerone

You may also like...

2 Responses

  1. Its like you read my mind! You appear to know a
    lot about this, like you wrote the book in it or something.
    I think that you can do with some pics to drive the message home a little bit, but
    instead of that, this is great blog. An excellent read.
    I’ll certainly be back.

  2. I like what you guys are up also. Such smart work and reporting! Carry on the excellent works guys I’ve incorporated you guys to my blogroll. I think it’ll improve the value of my site 🙂

Leave a Reply

Your email address will not be published. Required fields are marked *