Top 5 Most Viewed Bugs of 2016

Public vulnerability reports are security gold – everyone benefits from the shared knowledge. There are over 1600 publicly disclosed vulnerability reports on HackerOne, with more added each day. For every company or hacker that shares a report – thank you! The internet and all of us are safer because of your generous actions.

And so today we reveal — drumroll, please — the 5 Most Viewed HackerOne Vulnerability Reports of 2016 (so far).

#5: Tweet Deck XSS -Persistent- Group DM name

This XSS bug earned Wesecureapp $2,520 from Twitter. Why such an odd number? It’s a multiple of 140, which is the number of characters allowed in a Tweet.

#4: RCE by Flask Jinja2 Template Injection

This RCE from orange earned $10,000. Look at the timestamps to see how quickly Uber jumped on this and fixed it. Hackers, look how quickly they pay!

#3: Arbritrary file Upload on AirMax was the biggest earner on this list — $18,000. There was a great collaboration between 93c08539 and the company that allowed ample time for affected devices to be updated safely.

#2: DOM based XSS via Wistia embedding

This amazing find was matched with a blazing fast fix — 7 hours. It earned reactors08 a $1,152 bug bounty.

And at #1. By a lot: SSRF in https://imgur.com/vidgif/url

This was reported by Aesteral, part of HackerOne’s 90-90 Club (90+ percentile in Signal and Impact). It lit up the web stats the weekend it went public and all of HackerOne marveled at how widely it was read. Aesteral was awarded $2,000 for this clearly written and effective report.

Do you have any favorites from the list? Tell us about it on Twitter! #h1buglove.

― Rajesh F. Krishnan

HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty program solutions encompass vulnerability assessment, crowdsourced testing and responsible disclosure management. Discover more about our security testing solutions or Contact Us today.

Keep your files stored safely and securely with the SanDisk 2TB Extreme Portable SSD. With over 69,505 ratings and an impressive 4.6 out of 5 stars, this product has been purchased over 8K+ times in the past month. At only $129.99, this Amazon’s Choice product is a must-have for secure file storage.

Help keep private content private with the included password protection featuring 256-bit AES hardware encryption. Order now for just $129.99 on Amazon!

Help Power Techcratic’s Future – Scan To Support

If Techcratic’s content and insights have helped you, consider giving back by supporting the platform with crypto. Every contribution makes a difference, whether it’s for high-quality content, server maintenance, or future updates. Techcratic is constantly evolving, and your support helps drive that progress.

As a solo operator who wears all the hats, creating content, managing the tech, and running the site, your support allows me to stay focused on delivering valuable resources. Your support keeps everything running smoothly and enables me to continue creating the content you love. I’m deeply grateful for your support, it truly means the world to me! Thank you!