Snapchat


reports in last 90 days

20

disclosed resolved issues

0

disclosed informative issues

0

disclosed N/A issues

Listed on HackerOne — Updated on 2019/10/15

Bug Title Bug Type Found By Report Info Report Status

High Domain Takeover in [obviousengine.com] a snapchat acquisitions

Privilege Escalation malcolmx Time to triage: 3 Days and 1 hours


Time to close: 15 Days and 7 hours
Resolved

Critical Github Token Leaked publicly for https://github.sc-corp.net

Cleartext Storage of Sensitive Information th3g3nt3lman Time to triage: 0 Days and 7 hours


Time to close: 21 Days and 7 hours
Resolved

No rating XSS found on Snapchat website

Cross-site Scripting (XSS) - Generic esnard Time to triage: 4 Days and 14 hours


Time to close: 77 Days and 4 hours
Resolved

High Subdomain Takeover via unclaimed UserVoice domain

Privilege Escalation benoculars Time to triage: 12 Days and 1 hours


Time to close: 0 Days and 13 hours
Resolved

Medium Subdomain Takeover via Unclaimed WordPress site

Improper Authentication - Generic ysx Time to triage: 0 Days and 1 hours


Time to close: 1 Days and 1 hours
Resolved

High Open prod Jenkins instance

Information Disclosure preben Time to triage: 7 Days and 4 hours


Time to close: 1 Days and 3 hours
Resolved

Medium RCE/LFI on test Jenkins instance due to improper authentication flow

None supplied nahamsec Time to triage: 3 Days and 0 hours


Time to close: 7 Days and 0 hours
Resolved

Medium [spectacles.com] Bypassing quantity limit in orders

HTTP Request Smuggling hiorws Time to triage: 4 Days and 9 hours


Time to close: 1 Days and 0 hours
Resolved

Medium CRLF Injection at vpn.bitstrips.com

CRLF Injection wplus Time to triage: 0 Days and 23 hours


Time to close: 1 Days and 1 hours
Resolved

Medium RTLO char allowed in chat

UI Redressing (Clickjacking) kontez Time to triage: 28 Days and 9 hours


Time to close: 13 Days and 3 hours
Resolved

No rating [render.bitstrips.com] Stored XSS via an incorrect avatar property value

Cross-site Scripting (XSS) - Generic s_p_q_r Time to triage: 5 Days and 21 hours


Time to close: 58 Days and 21 hours
Resolved

No rating Bypassing "You've requested your data the maximum number of times today." + "Please Verify an email address with snapchat to continue"

Improper Authentication - Generic marwan Time to triage: 24 Days and 17 hours


Time to close: 2 Days and 2 hours
Resolved

No rating Subdomain takeover of blog.snapchat.com

None supplied jreynoldsdev Time to triage: 0 Days and 5 hours


Time to close: 9 Days and 1 hours
Resolved

No rating Incoming email hijacking on sc-cdn.net

None supplied rubyroobs Time to triage: 0 Days and 23 hours


Time to close: 7 Days and 21 hours
Resolved

No rating Subdomain takeover on http://fastly.sc-cdn.net/

Violation of Secure Design Principles ebrietas Time to triage: 12 Days and 0 hours


Time to close: 8 Days and 22 hours
Resolved

No rating Administrator access to a Django Administration Panel on *.sc-corp.net via bruteforced credentials

Improper Authentication - Generic notnaffy Issue was not triaged


Time to close: 17 Days and 15 hours
Resolved

No rating Subdomain takeover in http://support.scan.me pointing to Zendesk (a Snapchat acquisition)

Cross-site Scripting (XSS) - Generic harry_mg Issue was not triaged


Time to close: 10 Days and 6 hours
Resolved

No rating Password Reset - query param overrides postdata

Privilege Escalation reecer Time to triage: 15 Days and 2 hours


Time to close: 3 Days and 1 hours
Resolved

No rating Vulnerable to JavaScript injection. (WXS) (Javascript injection)!

Command Injection - Generic protector47 Time to triage: 12 Days and 10 hours


Time to close: 12 Days and 23 hours
Resolved

No rating Captcha Bypass in Snapchat's Geofilter Submission Process

Violation of Secure Design Principles zero Time to triage: 0 Days and 8 hours


Time to close: 0 Days and 3 hours
Resolved