Private Program Disclosure in /:handle/reports/draft.json endpoint
Unknown
Vulnerability Details
PoC revealed an issue in the HTTP codes returned for the /reports/draft.json endpoint:
private team: https://hackerone.com/[invite-only team handle]/reports/draft.json
Returned {"error":"You need to sign in or sign up before continuing."} with Status Code:401 OK
user: https://hackerone.com/[user handle]/reports/draft.json
Returned 404
thanks
Actions
View on HackerOneReport Stats
- Report ID: 116032
- State: Closed
- Substate: resolved
- Upvotes: 5