Skip to content
This repository has been archived by the owner on Nov 16, 2022. It is now read-only.

Security Radar 6 #549

Closed
gratipay-bot opened this issue Mar 27, 2016 · 12 comments
Closed

Security Radar 6 #549

gratipay-bot opened this issue Mar 27, 2016 · 12 comments
Labels
bot/Radar Security

Comments

@gratipay-bot
Copy link

← Security Radar 5

Docs

http://inside.gratipay.com/howto/sweep-the-radar

Scope

This radar covers Gratipay's security program, including:

Queue

Unclear Risk

https://hackerone.com/reports/117187
https://hackerone.com/reports/117195

Severe Risk
Moderate Risk

https://hackerone.com/reports/127218

Mild Risk

https://hackerone.com/reports/76304
https://hackerone.com/reports/80907
https://hackerone.com/reports/90805
https://hackerone.com/reports/108645
https://hackerone.com/reports/109161

https://hackerone.com/reports/111325
https://hackerone.com/reports/115284
https://hackerone.com/reports/117739
https://hackerone.com/reports/117984
https://hackerone.com/reports/118023

https://hackerone.com/reports/118699
https://hackerone.com/reports/123688
https://hackerone.com/reports/123697
https://hackerone.com/reports/126010

Theoretical Risk

https://hackerone.com/reports/78151
https://hackerone.com/reports/90777
https://hackerone.com/reports/116147
https://hackerone.com/reports/117142
https://hackerone.com/reports/117330

https://hackerone.com/reports/117386
https://hackerone.com/reports/117833
https://hackerone.com/reports/120026
https://hackerone.com/reports/123742
https://hackerone.com/reports/123942

https://hackerone.com/reports/123897
https://hackerone.com/reports/124096
https://hackerone.com/reports/127824
@chadwhitacre chadwhitacre mentioned this issue Mar 30, 2016
Closed
@chadwhitacre
Copy link
Contributor

New 9, Unclear 2.

@chadwhitacre
Copy link
Contributor

@TheHmadQureshi It looks like maybe you are used your alternate H1 account to investigate 117739 via 90778, ya? :-)

Unfortunately, it seems to have crashed H1 for 90778. I've emailed their support department to get us unstuck there.

@chadwhitacre
Copy link
Contributor

New 0, Triaged 30. Unclear 3.

@TheHmadQureshi
Copy link

@whit537 Sorry mate!

my friend was checking for some vulnerability and he posted some payload which made the report failed to load. Let me know what does h1 replies about that.

@chadwhitacre
Copy link
Contributor

No worries, will do. :-)

@TheHmadQureshi
Copy link

BTW i am getting emails of the progress. You are doing an awesome job. Kudos 👍

@chadwhitacre
Copy link
Contributor

Thanks! Need to classify these unclear risks ...

@TheHmadQureshi
Copy link

Great work. I am sure you are eligible for a good bounty. 🚗

@chadwhitacre
Copy link
Contributor

Ok Chad, we've removed that comment altogether. Should be unblocked now!

We've filed an internal task for further investigation of the link flood issue. Thanks for bringing it up.

Confirmed fixed. Thanks! :-)

@TheHmadQureshi
Copy link

@whit537 This is an issue which Hackerone refused to fix. Here's the origional report: http://sh3ifu.blogspot.com/2015/08/hackerone-issue-in-reports-permenant.html.

Can you please tell them to look into the above mail and mark the bug as resolved there as well.

@chadwhitacre
Copy link
Contributor

@TheHmadQureshi I don't really want to get in the middle of the issue with HackerOne.

@chadwhitacre
Copy link
Contributor

Got the bill for last month: $82.

@gratipay-bot gratipay-bot mentioned this issue Apr 3, 2016
Closed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
bot/Radar Security
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@chadwhitacre @TheHmadQureshi @gratipay-bot