Skip to content

Latest commit

 

History

History
177 lines (176 loc) · 24.6 KB

TOPMOBILE.md

File metadata and controls

177 lines (176 loc) · 24.6 KB
Raw

Top Mobile reports from HackerOne:

  1. CVE-2019-5765: 1-click HackerOne account takeover on all Android devices to Chrome - 374 upvotes, $0
  2. Multiple bugs leads to RCE on TikTok for Android to TikTok - 362 upvotes, $0
  3. AWS bucket leading to iOS test build code and configuration exposure to Slack - 316 upvotes, $1500
  4. [Razer Pay Mobile App] Broken access control allowing other user's bank account to be deleted to Razer - 311 upvotes, $1000
  5. Golden techniques to bypass host validations in Android apps to ██████ - 275 upvotes, $0
  6. Periscope android app deeplink leads to CSRF in follow action to X (Formerly Twitter) - 208 upvotes, $0
  7. read new emails from any inbox IOS APP in notification center to Mail.ru - 186 upvotes, $10000
  8. url that twitter mobile site can not load to X (Formerly Twitter) - 139 upvotes, $1120
  9. XSS via message subject - mobile application to Mail.ru - 139 upvotes, $1000
  10. Changing email address on Twitter for Android unsets "Protect your Tweets" to X (Formerly Twitter) - 116 upvotes, $2940
  11. Possible to steal any protected files on Android to ownCloud - 112 upvotes, $750
  12. Disclosure of all uploads to Cloudinary via hardcoded api secret in Android app to Reverb.com - 85 upvotes, $0
  13. [Razer Pay Android App] Multiple vulnerabilities chained to allow "RedPacket" money to be stolen by a 3rd party to Razer - 84 upvotes, $1000
  14. MetaMask Browser URL and Transaction Origin Spoofing - Metamask wallet Android & Metamask wallet iOS to MetaMask - 84 upvotes, $0
  15. Grammarly Keyboard for Android <4.1 leaks user input through logs (except for sensitive input fields) to Grammarly - 82 upvotes, $0
  16. Reflect XSS on Mobile Search page to Pornhub - 79 upvotes, $250
  17. Sensitive Info Leak - An Attacker Can Retrieve All the Users Mobile Numbers at https://website-api.production.curve.app/api/waitlist/us to Curve - 78 upvotes, $0
  18. Bypass of biometrics security functionality is possible in Android application (com.shopify.mobile) to Shopify - 77 upvotes, $500
  19. Grammarly Keyboard for Android "Authorization Code with PKCE" flow implementation vulnerability that allows account takeover to Grammarly - 72 upvotes, $0
  20. Persistant Arbitrary code execution in mattermost android to Mattermost - 63 upvotes, $0
  21. Insufficient session expiration in the com.shopify.ping android app to Shopify - 60 upvotes, $0
  22. Java: CWE-749 Unsafe resource loading in Android WebView leaking to injection attacks to GitHub Security Lab - 59 upvotes, $2300
  23. Authorization bypass using login by phone option+horizontal escalation possible on Grab Android App to Grab - 58 upvotes, $1000
  24. Android: Explanation of Access to app protected components vulnerability to ██████ - 57 upvotes, $0
  25. Path Traversal в iOS приложении to VK.com - 55 upvotes, $0
  26. Default Nextcloud Server and Android Client leak sharee searches to Nextcloud to Nextcloud - 54 upvotes, $750
  27. Possibility to attach any mobile number to any email to Mail.ru - 54 upvotes, $0
  28. Periscope iOS app CSRF in follow action due to deeplink to X (Formerly Twitter) - 53 upvotes, $2940
  29. Stealing Private Information in VK Android App through PlayerProxy Port Remotely to VK.com - 50 upvotes, $700
  30. Firebase Database Takeover in Zego Sense Android app to Zego - 49 upvotes, $0
  31. Уязвимость в приложении для Android to VK.com - 48 upvotes, $0
  32. Able to Login deactivated staff account in shopify app mobile to Shopify - 47 upvotes, $0
  33. Insecure Storage and Overly Permissive API Keys in Android App to Zenly - 45 upvotes, $0
  34. bypass two-factor authentication in Android apps and web to TikTok - 39 upvotes, $0
  35. iOS group chat denial of service to LY Corporation - 38 upvotes, $300
  36. Two-factor authentication bypass on Grab Android App to Grab - 38 upvotes, $0
  37. Twitter iOS fails to validate server certificate and sends oauth token to X (Formerly Twitter) - 36 upvotes, $2100
  38. Arbitrary file write triggered by deeplink abuse - MetaMask Android to MetaMask - 36 upvotes, $0
  39. Path traversal allows tricking the Talk Android app into writing files into it's root directory to Nextcloud - 36 upvotes, $0
  40. Android - Access of some not exported content providers to Dropbox - 34 upvotes, $1000
  41. Webview in LINE client for iOS will render application/octet-stream files as HTML to LY Corporation - 34 upvotes, $500
  42. Starbucks China Android app cloud storage service leaks a credential. to Starbucks - 33 upvotes, $0
  43. Webview address bar spoofing in LINE client for iOS to LY Corporation - 33 upvotes, $0
  44. Path traversal in ZIP extract routine on LINE Android to LY Corporation - 32 upvotes, $475
  45. Private Grab Messages on Android App can be accessed and cached by Search Engines to Grab - 32 upvotes, $200
  46. Possible to steal any protected files on Android to Harvest - 32 upvotes, $0
  47. Получение БД кэша из Android-приложения через стороннее приложение to VK.com - 32 upvotes, $0
  48. Android WebViews in Twitter app are vulnerable to UXSS due to configuration and CVE-2020-6506 to X (Formerly Twitter) - 30 upvotes, $560
  49. SQL Injection found in NextCloud Android App Content Provider to Nextcloud - 30 upvotes, $150
  50. Weak user aunthentication on mobile application - I just broken userKey secret password to Pornhub - 29 upvotes, $5000
  51. [█████████] Hardcoded credentials in Android App to Zomato - 27 upvotes, $500
  52. IP address can be leaked on Image preview in ICQ for Android chat to Mail.ru - 27 upvotes, $150
  53. Access of Android protected components via embedded intent to Slack - 27 upvotes, $0
  54. Exposed█████████in apk file - devbuilds.uber.com to Uber - 27 upvotes, $0
  55. No validation to Image upload user can upload ( php APK zip files and can be used as storage purpose) to Linktree - 27 upvotes, $0
  56. Mail.Ru Email for Android: Injecting custom screen inside adding new account flow to Mail.ru - 26 upvotes, $750
  57. Facebook App API credentials leaked in the APK to GlassWire - 26 upvotes, $0
  58. App PIN code can be bypassed in Files iOS to Nextcloud - 26 upvotes, $0
  59. Blind Stored XSS on iOS App due to Unsanitized Webview to Nextcloud - 25 upvotes, $100
  60. Passcode bypass on Talk Android app to Nextcloud - 25 upvotes, $0
  61. Leak arbitrary file under nextcloud android client privacy directory to Nextcloud - 24 upvotes, $0
  62. Possibility to enumerate and bruteforce promotion codes in Uber iOS App to Uber - 23 upvotes, $3000
  63. ICQ Android APP remote DoS to Mail.ru - 23 upvotes, $1000
  64. Twitter for android is exposing user's location to any installed android app to X (Formerly Twitter) - 23 upvotes, $560
  65. Vine - overwrite account associated with email via android application to X (Formerly Twitter) - 23 upvotes, $280
  66. 2 click Remote Code execution in Evernote Android to Evernote - 23 upvotes, $0
  67. Identify the mobile number of a twitter user to X (Formerly Twitter) - 22 upvotes, $560
  68. DoS of LINE client for Android via message containing multiple unicode characters (0x0e & 0x0f) to LY Corporation - 22 upvotes, $0
  69. Completely remove VPN profile from locked WARP iOS cient. to Cloudflare Public Bug Bounty - 20 upvotes, $1000
  70. Insecure HostnameVerifier within WebView of Razer Pay Android (TLS Vulnerability) to Razer - 20 upvotes, $750
  71. [Quora Android] Possible to steal arbitrary files from mobile device to Quora - 19 upvotes, $0
  72. Can use the Reddit android app as usual even though revoking the access of it from reddit.com to Reddit - 18 upvotes, $0
  73. Full Passcode bypass on Nextcloud App iOS to Nextcloud - 17 upvotes, $0
  74. (Pornhub & Youporn & Brazzers ANDROID APP) : Upload Malicious APK / Overrite Existing APK / Android BackOffice Access to Pornhub - 16 upvotes, $1500
  75. Protected Tweets setting overridden by Android app to X (Formerly Twitter) - 16 upvotes, $560
  76. Improper markup sanitisation in Simplenote Android application. to Automattic - 16 upvotes, $0
  77. Hardcoded credentials in Android App to 8x8 - 16 upvotes, $0
  78. Mail.ru for Android - Theft of sensitive data to Mail.ru - 16 upvotes, $0
  79. [Java] CWE-755: Query to detect Local Android DoS caused by NFE to GitHub Security Lab - 15 upvotes, $1800
  80. Mobile Reflect XSS / CSRF at Advertisement Section on Search page to Pornhub - 15 upvotes, $200
  81. Multiple critical vulnerabilities in Odnoklassniki Android application to ok.ru - 15 upvotes, $0
  82. Mobile Authentication Endpoint Credentials Brute-Force Vulnerability to New Relic - 15 upvotes, $0
  83. Android - Possible to intercept broadcasts about uploaded files to Nextcloud - 15 upvotes, $0
  84. Find whether a video has been favourited or not, for any user [via YouPorn Mobile API] to Pornhub - 15 upvotes, $0
  85. User Profiles Leak PII in HTML Document for Mobile Browser User Agents to Zomato - 15 upvotes, $0
  86. Talk Android broadcast receiver is not protected by broadcastPermission allowing malicious apps to communicate to Nextcloud - 15 upvotes, $0
  87. App pin of the Android app can be bypassed via 3rdparty apps generating deep links to Nextcloud - 15 upvotes, $0
  88. iOS app crashed by specially crafted direct message reactions to X (Formerly Twitter) - 14 upvotes, $560
  89. URL Scheme misconfiguration on TikTok for IOS to TikTok - 14 upvotes, $500
  90. Local SQL Injection in Content Provider (ru.mail.data.contact.ContactsProvider) of Mail.ru for Android, version 12.2.0.29734 to Mail.ru - 14 upvotes, $0
  91. End to end encryption public key is not properly verified on Desktop and Android to Nextcloud - 13 upvotes, $1500
  92. Android app does not clear end to end encryption keys to Nextcloud - 13 upvotes, $100
  93. [ios] Address bar spoofing in Brave for iOS to Brave Software - 13 upvotes, $0
  94. [Razer Pay Mobile App] IDOR within /v1_IM/friends/queryDrawRedLog allowed unauthorised access to read logs to Razer - 12 upvotes, $500
  95. Android MailRu Email: Thirdparty can access private data files with small user interaction to Mail.ru - 12 upvotes, $300
  96. Login with Google Not Authenticated on iOS App to Instacart - 12 upvotes, $0
  97. Upgrade menu exposes the mobile application token meant to only be visible to administrators to New Relic - 11 upvotes, $750
  98. Email leak in transcations in Android app to Coinbase - 11 upvotes, $500
  99. Access to arbitrary file of the Nextcloud Android app from within the Nextcloud Android app to Nextcloud - 11 upvotes, $250
  100. Can register any mobile number in MFA without current code. to Grammarly - 11 upvotes, $0
  101. Insufficient limitation of web page title leads to DoS against ICQ for Android to Mail.ru - 11 upvotes, $0
  102. Bypass Cloudflare WARP lock on iOS. to Cloudflare Public Bug Bounty - 10 upvotes, $500
  103. Theft of protected files on Android to ownCloud - 10 upvotes, $50
  104. Coinbase Android Application - Bitcoin Wallet Leaks OAuth Response Code to Coinbase - 10 upvotes, $0
  105. Sensitive information contained with New Relic APM iOS application to New Relic - 10 upvotes, $0
  106. Insecure Storage and Overly Permissive Google Maps API Key in Android App to Mail.ru - 10 upvotes, $0
  107. Hard-coded API keys at NordVpn Android App to Nord Security - 10 upvotes, $0
  108. NordVPN Android Application privacy violation due to Google Advertising Identifier misuse to Nord Security - 10 upvotes, $0
  109. Theft of arbitrary files in LINE Lite client for Android to LY Corporation - 10 upvotes, $0
  110. [Java] CWE-312: Query to detect cleartext storage of sensitive information using Android SharedPreferences to GitHub Security Lab - 9 upvotes, $4500
  111. Mapbox Android SDK uses Broadcast Receiver instead of Local Broadcast Manager to Mapbox - 9 upvotes, $1000
  112. Phishing/Malware site blocking on Brave iOS can be bypassed with trailing dot in hostname to Brave Software - 9 upvotes, $250
  113. Brute force login and bypass locked account restrictions via iOS app to Instacart - 9 upvotes, $0
  114. DoS in Brave browser for iOS to Brave Software - 8 upvotes, $80
  115. Coinbase Android Security Vulnerabilities to Coinbase - 8 upvotes, $0
  116. XSS when replying / forwarding to a malicious email on iOS to Mail.ru - 8 upvotes, $0
  117. Physical Access to Mobile App Allows Local Attribute Updates without Authentication to Uber - 8 upvotes, $0
  118. доступ к com.vk.usersstore.UsersContentProvider, возможна утечка exchange_token на android < 21 to VK.com - 8 upvotes, $0
  119. Stored XSS at Mobile (Versions tab) to New Relic - 8 upvotes, $0
  120. Java: Detect remote source from Android intent extra to GitHub Security Lab - 7 upvotes, $1800
  121. Brave Shield for iOS is weak against IDN homograph attacks to Brave Software - 7 upvotes, $150
  122. Android content provider exposes password-protected share password hashes to Nextcloud - 7 upvotes, $75
  123. Shopify android client all API request's response leakage, including access_token, cookie, response header, response body content to Shopify - 7 upvotes, $0
  124. HTML Injection on flickr screename using IOS App to Yahoo! - 7 upvotes, $0
  125. XSS on IOS app via HTML rendering to Nextcloud - 7 upvotes, $0
  126. Reflected XSS in Zomato Mobile - category parameter to Zomato - 6 upvotes, $0
  127. [iOS] URL can be replaceState by blob URL in iOS Brave to Brave Software - 6 upvotes, $0
  128. XSS on mobile version of vimeo.com where the button "Follow" appears to Vimeo - 6 upvotes, $0
  129. Passcode Protection in Android Devices Can be Bypassed. to Nextcloud - 6 upvotes, $0
  130. Malicious apps can crash Nextcloud Android client by sending malformed intents to Nextcloud - 6 upvotes, $0
  131. CSRF - Add optional two factor mobile number to Slack - 5 upvotes, $500
  132. Mail.ru for Android Content Provider Vulnerability to Mail.ru - 5 upvotes, $250
  133. Insecure Data Storage in Vine Android App to X (Formerly Twitter) - 5 upvotes, $140
  134. ByPassing the email Validation Email on Sign up process in mobile apps to Coinbase - 5 upvotes, $100
  135. Bug in iOS application which could lead to unauthorised access. to IRCCloud - 5 upvotes, $0
  136. No Security check at changing password and at adding mobile number which leads to account takeover and spam to Khan Academy - 5 upvotes, $0
  137. Android SDK - CREATE_REQUEST broascast is unprotected to Zendesk - 5 upvotes, $0
  138. /accounts/USERID.json file is left open for Restricted User of organization disclosing Owners's Mobile Number and "billing_info, cc_email" to New Relic - 5 upvotes, $0
  139. Widespread failure of certificate validation in Android apps to Internet Bug Bounty - 5 upvotes, $0
  140. SSRF on local storage of iOS mobile to Nextcloud - 5 upvotes, $0
  141. Default Nextcloud server config and iOS Nextcloud client leak sharee searches to Nextcloud to Nextcloud - 5 upvotes, $0
  142. Bypass of #447975 - view mobile application token though "Application Information" sidebar on Installation page to New Relic - 4 upvotes, $500
  143. In Fantasy Sports iOS app, signup page is requested over HTTP to Yahoo! - 4 upvotes, $0
  144. HTML/XSS rendered in Android App of Crashlytics through fabric.io to X (Formerly Twitter) - 4 upvotes, $0
  145. No authorization required in iOS device web-application to Coinbase - 4 upvotes, $0
  146. Uber is Flooding my Mobile with SMS Daily like a cron JOB to Uber - 4 upvotes, $0
  147. API OAuth Public Key disclosure in mobile app to Instacart - 4 upvotes, $0
  148. [Java] CWE-200: Query to detect exposure of sensitive information from android file intent to GitHub Security Lab - 3 upvotes, $1800
  149. Bypass pin(4 digit passcode on your android app) to Whisper - 3 upvotes, $100
  150. iOS application does not destroy session upon logout. to IRCCloud - 3 upvotes, $0
  151. secret app for iOS and android is sending some info over HTTP to Secret - 3 upvotes, $0
  152. User's DM won't deleted after logout from Twitter for iOS (com.atebits.xxx.application-state) to X (Formerly Twitter) - 3 upvotes, $0
  153. Lack of SSL Pinning on POS Application ( iOS ) to Shopify - 3 upvotes, $0
  154. [iOS] URI Obfuscation in iOS application to Brave Software - 3 upvotes, $0
  155. Retrieval and alteration of exposed media on Android Oreo to Nextcloud - 3 upvotes, $0
  156. **minor issue ** -Nextcloud 10.0 session issue with desktop client and android client to Nextcloud - 3 upvotes, $0
  157. Misconfiguration of Merchant id in jwt header + Weird Debug mode enabling behavior leads to exposed OTP of mobile number. to Kartpay - 3 upvotes, $0
  158. Android App Crashes while sending message to users/ on channel to Rocket.Chat - 3 upvotes, $0
  159. Authentication Failed Mobile version to Shopify - 2 upvotes, $500
  160. Unproper usage of Mobile Number that will lead to Information Disclosure to Mail.ru - 2 upvotes, $0
  161. Content Spoofing vulnerability in Mail.ru mobile to Mail.ru - 2 upvotes, $0
  162. Code for registration of qiwi account is not coming even after a long interval of time for Indian mobile number to QIWI - 2 upvotes, $0
  163. iOS App can establish Facetime calls without user's permission to X (Formerly Twitter) - 2 upvotes, $0
  164. Expire User Sessions in Admin Site does not expire user session in Shopify Application in IOS to Shopify - 2 upvotes, $0
  165. XSS in imgur mobile to Imgur - 2 upvotes, $0
  166. XSS in imgur mobile 3 to Imgur - 2 upvotes, $0
  167. Android app does not use SSL for login to Boozt Fashion AB - 2 upvotes, $0
  168. BROKEN AUTHENTICATION IN MOBILE VERIFICATION to X (Formerly Twitter) - 1 upvotes, $0
  169. twitter android app Fragment Injection to X (Formerly Twitter) - 1 upvotes, $0
  170. Multiple Stored XSS on Sanbox.veris.in through Veris Frontdesk Android App to Veris - 1 upvotes, $0
  171. Privilege escalation to allow non activated users to login and use uber partner ios app to Uber - 1 upvotes, $0
  172. Runtime manipulation iOS app breaking the PIN to Coinbase - 1 upvotes, $0
  173. Dependency confusion in https://github.com/hyperledger/aries-mobile-agent-react-native to Hyperledger - 1 upvotes, $0
  174. Information disclosue in Android Application to Coinbase - 0 upvotes, $0
  175. Information disclosure in coinbase android app to Coinbase - 0 upvotes, $0