Thursday, 8 January 2015

Function related vulnerability in Hackerone

Hi guys this is my first writeup, I just don't know weather it's a vulnerability or not but i hope you people enjoy this:-

Website: Hackerone

Vulnerability type:- Disabled account can't be enabled at all.

How to reproduce this:-

Step1:Create an account with Hackerone.
Step2: Disable your account.
Step3: Reset your password.
Step4: Now try to login to Hackerone.
Step5: Booom u have completely messed yo with your account and now you can't enable your account again and can't be enabled again.

Current status:- Reported/Not Fixed, you can happily messup :p

Response from Hackerone team:-

Hi Konka,

We decided that this is a functional bug with a low priority because this isn't the normal flow for disabling and enabling your account again..

-- Martijn

"Mostly nothing would be found if we follow normal flow of the application"

Michiel Prins (HackerOne)
Jan 08 06:12 AM

Hi Karthik,
We appreciated that you brought this functional problem to our attention and will get that fixed. It is just not a security vulnerability, and you should never expect a bounty for non-security related problems.
Thank you,

Suggestions/ comments are always welcomed.



Post a Comment


Visitors Info.

You are from
%%v_FLG%% %%v_IP%%
%%v_CR%% ,%%v_RG%%, %%v_CI%%
%%v_OS_IMG%% %%v_OS%%
%%v_BRW_IMG%% %%v_BRW%%
%%v_I_RESO%% %%v_RESO%% %%v_I_CLR%% %%v_CLR%% Webutation Creative Commons License
Hacker Konka by Konka Karthik is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Unported License.
Back To Top