Skip to content

Latest commit

 

History

History
135 lines (134 loc) · 15.9 KB

TOPSLACK.md

File metadata and controls

135 lines (134 loc) · 15.9 KB
Raw

Top reports from Slack program at HackerOne:

  1. Mass account takeovers using HTTP Request Smuggling on https://slackb.com/ to steal session cookies to Slack - 826 upvotes, $6500
  2. Remote Code Execution in Slack desktop apps + bonus to Slack - 481 upvotes, $1750
  3. XSS vulnerable parameter in a location hash to Slack - 442 upvotes, $1100
  4. URL link spoofing to Slack - 354 upvotes, $250
  5. AWS bucket leading to iOS test build code and configuration exposure to Slack - 315 upvotes, $1500
  6. TURN server allows TCP and UDP proxying to internal network, localhost and meta-data services to Slack - 311 upvotes, $3500
  7. Slack DTLS uses a private key that is in the public domain, which may lead to SRTP stream hijack to Slack - 166 upvotes, $2000
  8. XSS in gist integration to Slack - 152 upvotes, $500
  9. Unauthenticated LFI revealing log information to Slack - 119 upvotes, $4000
  10. Stealing xoxs-tokens using weak postMessage / call-popup redirect to current team domain to Slack - 116 upvotes, $3000
  11. Denial of Service via Hyperlinks in Posts to Slack - 102 upvotes, $1500
  12. Team members can trigger arbitrary code execution in Slack Desktop Apps via HTML Notifications to Slack - 101 upvotes, $1500
  13. Stored XSS on team.slack.com using new Markdown editor of posts inside the Editing mode and using javascript-URIs to Slack - 101 upvotes, $1000
  14. Lack of URL normalization renders Blocked-Previews feature ineffectual to Slack - 97 upvotes, $1000
  15. Real Time Error Logs Through Debug Information to Slack - 95 upvotes, $1500
  16. User-assisted RCE in Slack for macOS (from official site) due to improper quarantine meta-attribute handling for downloaded files to Slack - 94 upvotes, $750
  17. Tricking the "Create snippet" feature into displaying the wrong filetype can lead to RCE on Slack users to Slack - 93 upvotes, $1500
  18. SSRF via Office file thumbnails to Slack - 90 upvotes, $4000
  19. Header modification results in disclosure of Slack infra metadata to unauthorized parties to Slack - 89 upvotes, $500
  20. Many Slack teams can be joined by abusing an improperly configured support@ inbox to Slack - 83 upvotes, $1500
  21. SSRF in api.slack.com, using slash commands and bypassing the protections. to Slack - 78 upvotes, $500
  22. OSX slack:// protocol handler javascript injection to Slack - 71 upvotes, $1000
  23. Ability to join an arbitrary workspace by utilizing a proxy to manipulate invite links to Slack - 67 upvotes, $0
  24. Eavesdropping on private Slack calls to Slack - 66 upvotes, $1000
  25. Stored XSS through PDF viewer to Slack - 65 upvotes, $4875
  26. Unauthorized access to GovSlack to Slack - 64 upvotes, $1500
  27. Bypass invite accept for victim to Slack - 62 upvotes, $1500
  28. The Custom Emoji Page has a Reflected XSS to Slack - 55 upvotes, $1250
  29. Access to some Slack workspace metadata and settings available to unauthorized parties to Slack - 54 upvotes, $7000
  30. Internal SSRF bypass using slash commands at api.slack.com to Slack - 47 upvotes, $500
  31. Linux Desktop application slack executable does not use pie / no ASLR to Slack - 47 upvotes, $100
  32. Bypass of the SSRF protection in Event Subscriptions parameter. to Slack - 46 upvotes, $500
  33. [Android] Directory traversal leading to disclosure of auth tokens to Slack - 45 upvotes, $3500
  34. XSS on link and window.opener to Slack - 45 upvotes, $1000
  35. Store XSS to Slack - 43 upvotes, $500
  36. The POODLE attack (SSLv3 supported) at status.slack.com to Slack - 43 upvotes, $500
  37. Information leakage and default open port to Slack - 39 upvotes, $350
  38. Slack-Corp Heroku application disclosing limited info about company members to Slack - 38 upvotes, $300
  39. Workspace configuration metadata disclosure to Slack - 35 upvotes, $3500
  40. CSS Injection to disable app & potential message exfil to Slack - 35 upvotes, $500
  41. Private application files can be uploaded to Slack via malicious uploader to Slack - 34 upvotes, $500
  42. URL filter bypass in Enterprise Grid to Slack - 31 upvotes, $100
  43. Snooping into messages via email service to Slack - 29 upvotes, $2500
  44. Bypass two-factor authentication to Slack - 29 upvotes, $500
  45. Stored XSS(Cross Site Scripting) In Slack App Name to Slack - 28 upvotes, $1000
  46. DoS on the Direct Messages to Slack - 28 upvotes, $500
  47. Access of Android protected components via embedded intent to Slack - 27 upvotes, $1000
  48. Subdomain takeover on podcasts.slack-core.com to Slack - 26 upvotes, $100
  49. Source code leakage through GIT web access at host '52.91.137.42' to Slack - 25 upvotes, $1500
  50. Rate-limit bypass to Slack - 23 upvotes, $500
  51. HTTP parameter pollution from outdated Greenhouse.io JS dependency to Slack - 23 upvotes, $250
  52. Email html Injection to Slack - 23 upvotes, $250
  53. [Screenhero] Subdomain takeover to Slack - 23 upvotes, $200
  54. CSRF in github integration to Slack - 22 upvotes, $500
  55. Race Condition in account survey to Slack - 22 upvotes, $150
  56. Misuse of groups feature allows workspace members to join private channels without being invited to Slack - 19 upvotes, $3500
  57. Stored XSS in files.slack.com to Slack - 16 upvotes, $1000
  58. Uninstalling Slack for Windows (64-bit), then reinstalling keeps you logged in without authentication to Slack - 15 upvotes, $500
  59. Bypass to postMessage origin validation via FTP to Slack - 14 upvotes, $850
  60. Code Injection in Slack's Windows Desktop Client leads to Privilege Escalation to Slack - 14 upvotes, $750
  61. Information Disclosure on stun.screenhero.com to Slack - 14 upvotes, $700
  62. Facebook Takeover using Slack using 302 from files.slack.com with access_token to Slack - 12 upvotes, $500
  63. Invitation reminder emails contain insecure links to Slack - 12 upvotes, $350
  64. dom xss in https://www.slackatwork.com to Slack - 12 upvotes, $200
  65. HTML Injection inside Slack promotional emails to Slack - 12 upvotes, $100
  66. Open Redirect on slack.com to Slack - 11 upvotes, $500
  67. Bypass of the SSRF protection (Slack commands, Phabricator integration) to Slack - 11 upvotes, $100
  68. Cross-site leak allows attacker to de-anonymize members of his team from another origin to Slack - 10 upvotes, $250
  69. User can start call in a channel of an unpaid account to Slack - 10 upvotes, $100
  70. Shared-channel BETA persists integration after unshare to Slack - 9 upvotes, $750
  71. Relative Path Vulnerability Results in Arbitrary Command Execution/Privilege Escalation to Slack - 9 upvotes, $750
  72. Creating Post on a restricted channel to Slack - 9 upvotes, $500
  73. a stored xss issue in https://files.slack.com to Slack - 8 upvotes, $500
  74. Possibility to freeze/crash the host system of all Slack Desktop users easily to Slack - 8 upvotes, $500
  75. Open redirect vulnerability to Slack - 8 upvotes, $0
  76. Stored XSS Found to Slack - 7 upvotes, $500
  77. "a stored xss issue in share post menu" to Slack - 7 upvotes, $500
  78. Slack OAuth2 "redirect_uri" Bypass to Slack - 7 upvotes, $100
  79. Data exports stored on S3 can be scraped easily to Slack - 7 upvotes, $0
  80. Authentication bypass leads to sensitive data exposure (token+secret) to Slack - 6 upvotes, $2000
  81. CSV export/import functionality allows administrators to modify member and message content of a workspace to Slack - 6 upvotes, $250
  82. File upload over private IM channel to Slack - 5 upvotes, $500
  83. CSRF - Add optional two factor mobile number to Slack - 5 upvotes, $500
  84. Email information leakage for certain addresses to Slack - 5 upvotes, $400
  85. Stored XSS in www.slack-files.com to Slack - 5 upvotes, $200
  86. RC4 cipher suites detected on status.slack.com to Slack - 5 upvotes, $100
  87. Remote file Inclusion - RFI in upload to Slack - 5 upvotes, $0
  88. Password Policy issue (Weak Protect) to Slack - 4 upvotes, $100
  89. Generate new Test token to Slack - 4 upvotes, $100
  90. Session Fixation disclosing email address to Slack - 4 upvotes, $0
  91. Stored XSS on this link https://sehacure.slack.com/help/requests/ to Slack - 4 upvotes, $0
  92. Stored XSS in Slackbot Direct Messages to Slack - 3 upvotes, $500
  93. a stored xss in slack integration https://onerror.slack.com/services/import to Slack - 3 upvotes, $500
  94. SSRF on https://whitehataudit.slack.com/account/photo to Slack - 3 upvotes, $300
  95. Stored XSS in Slack.com to Slack - 3 upvotes, $300
  96. URL redirection flaw to Slack - 3 upvotes, $200
  97. Broken Authentication (including Slack OAuth bugs) to Slack - 3 upvotes, $100
  98. Email enumeration to Slack - 3 upvotes, $0
  99. csrf to Slack - 3 upvotes, $0
  100. Executing scripts on slack-files.com using SVG to Slack - 3 upvotes, $0
  101. Trick make all fixed open redirect links vulnerable again to Slack - 2 upvotes, $1000
  102. Stored XSS in Slack (weird, trial and error) to Slack - 2 upvotes, $500
  103. Content Spoofing all Integrations in https://team.slack.com/services/new/ to Slack - 2 upvotes, $200
  104. Team admin can add billing contacts to Slack - 2 upvotes, $200
  105. Team admin can change unauthorized team setting (require_at_for_mention) to Slack - 2 upvotes, $200
  106. Reflective XSS can be triggered in IE to Slack - 2 upvotes, $150
  107. CSRF vulnerability on https://sehacure.slack.com/account/settings to Slack - 2 upvotes, $100
  108. Open Redirect login account to Slack - 2 upvotes, $100
  109. Team admin can change unauthorized team setting (allow_message_deletion) to Slack - 2 upvotes, $100
  110. Content Spoofing to Slack - 2 upvotes, $0
  111. HTTP Strict Transport Policy not enabled on newly made accounts to Slack - 2 upvotes, $0
  112. flash content type sniff vulnerability in api.slack.com to Slack - 1 upvotes, $500
  113. Reflected Xss to Slack - 1 upvotes, $500
  114. Stored XSS in Channel Chat to Slack - 1 upvotes, $500
  115. Duplicate of #4550 to Slack - 1 upvotes, $500
  116. Stored XSS in username.slack.com to Slack - 1 upvotes, $500
  117. Content spoofing at Stripe Integrations to Slack - 1 upvotes, $100
  118. Logout any user of same team to Slack - 1 upvotes, $100
  119. an xss issue in https://hunter22.slack.com/help/requests/793043 to Slack - 1 upvotes, $100
  120. State parameter missing on google OAuth to Slack - 1 upvotes, $0
  121. Stored XSS to Slack - 1 upvotes, $0
  122. User impersonation is possible with incoming webhooks to Slack - 1 upvotes, $0
  123. CSRF on add comment section to Slack - 1 upvotes, $0
  124. open redirect in https://slack.com to Slack - 1 upvotes, $0
  125. TLS1/SSLv3 Renegotiation Vulnerability to Slack - 1 upvotes, $0
  126. Unauthenticated Access to some old file thumbnails to Slack - 1 upvotes, $0
  127. Stored XSS in slack.com (integrations) to Slack - 0 upvotes, $500
  128. File upload XSS (Java applet) on http://slackatwork.com/ to Slack - 0 upvotes, $200
  129. Reflected Self-XSS in Slack to Slack - 0 upvotes, $100
  130. Self-XSS in posts by formatting text as code to Slack - 0 upvotes, $100
  131. Open Redirect in Slack to Slack - 0 upvotes, $0
  132. Deleting Teams implemenation to Slack - 0 upvotes, $0
  133. Link vulnerability leads to phishing attacks to Slack - 0 upvotes, $0