.png)
1 day ago
8 BOOK THIS SPACE FOR AD
ARTICLE AD
This is Hacker One report that helps to understand which kind of Vulnerability we will find in our target and Learn about new methodologies to earn more bounty.
Hi, My dear hackers Mr Horbio this side with fresh and interesting article. This article helps to identify some hidden bugs which we ignore sometimes. But this article will open your eye. After reading this article you think about some endpoints that you missed during your testing.
This found from HackerOne hactivity. HackeOne gave him $25,000 Bounty for this Vulnerability.
POC [Proof of Concept]:
There is some Endpoint that helps to see the HackerOne reports. When he saw the disclosed report then he identified the one endpoint that is
GET /reports/***.json HTTP/2Host: hackerone.com
This Endpoint disclose some sensitive information
reporter’s email, OTP backup codes, reporter’s phone number, “graphql_secret_token”, tshirt size all the reporter account’s internal details etc.
Sensitive data leaked such as:-
email"changed_password_at"
"totp_secret"
"allow_next_sign_in_attempt_at
otp_backup_codes
"tshirt_size"
current_sign_in_country
request_endorsements_at
"graphql_secret_token
overview_token_2017
account_recovery_phone_number" (in hashed form)
account_recovery_unverified_phone_number"
account_recovery_phone_number_sent_at
account_recovery_phone_number_token
totp_enabled_at
sequential_totp_failures
facebook_oauth_state
ctf_points
"calendar_token"
cached_reputation_for_user_profile_last_reputation_id
etc etc
This data is provided by researcher.
Reason Behind the BUG
Co-Founder of HackerOne Said :
“On February 19, 2025 HackerOne upgraded from Rails 6.1.7.9 to Rails 7.1.5.1. Both versions offer the ability to serialize Ruby hashes into JSON. There is a slight difference between the way this works in both versions.”
Bengali (Bangladesh) · 
English (United States) ·