Skip to content

Latest commit

 

History

History
64 lines (63 loc) · 8.61 KB

TOPRACECONDITION.md

File metadata and controls

64 lines (63 loc) · 8.61 KB
Raw

Top Race Condition reports from HackerOne:

  1. Race Condition allows to redeem multiple times gift cards which leads to free "money" to Reverb.com - 274 upvotes, $0
  2. Race condition in performing retest allows duplicated payments to HackerOne - 204 upvotes, $0
  3. Client-Side Race Condition using Marketo, allows sending user to data-protocol in Safari when form without onSuccess is submitted on www.hackerone.com to HackerOne - 144 upvotes, $1250
  4. Race condition in activating email resulting in infinite amount of diamonds received to InnoGames - 137 upvotes, $2000
  5. Race Condition leads to undeletable group member to HackerOne - 126 upvotes, $0
  6. Race Conditions in Popular reports feature. to HackerOne - 107 upvotes, $500
  7. Race Condition when following a user to Staging.every.org - 93 upvotes, $0
  8. Race Condition : Exploiting the loyalty claim https://xxx.vendhq.com/loyalty/claim/email/xxxxx url and gain x amount of loyalty bonus/cash to Vend VDP - 90 upvotes, $0
  9. Race Condition in Flag Submission to HackerOne - 76 upvotes, $0
  10. Race condition leads to duplicate payouts to HackerOne - 66 upvotes, $0
  11. Race Condition of Transfer data Credits to Organization Leads to Add Extra free Data Credits to the Organization to Helium - 62 upvotes, $250
  12. Race condition in joining CTF group to HackerOne - 60 upvotes, $500
  13. Race Condition on "Get free Badoo Premium" which allows to get more days of free premium for Free. to Bumble - 52 upvotes, $0
  14. Race condition in faucet when using starport to Cosmos - 50 upvotes, $5000
  15. Race condition in claiming program credentials to HackerOne - 46 upvotes, $0
  16. Race Conditions in OAuth 2 API implementations to Internet Bug Bounty - 37 upvotes, $2500
  17. Race condition in User comments Likes to Zomato - 37 upvotes, $0
  18. Race conditions can be used to bypass invitation limit to Keybase - 36 upvotes, $350
  19. Race condition while removing the love react in community files. to Figma - 34 upvotes, $150
  20. Race Condition in Redeeming Coupons to Instacart - 33 upvotes, $0
  21. Race condition на market.games.mail.ru to Mail.ru - 31 upvotes, $1000
  22. JSBeautifier BApp: Race condition leads to memory disclosure to PortSwigger Web Security - 31 upvotes, $0
  23. Race condition via project team member invitation system. to Enjin - 27 upvotes, $0
  24. Race condition at create new Location to Shopify - 24 upvotes, $500
  25. Race condition leads to Inflation of coins when bought via Google Play Store at endpoint https://oauth.reddit.com/api/v2/gold/android/verify_purchase to Reddit - 24 upvotes, $0
  26. CVE-2023-32001: fopen race condition to curl - 23 upvotes, $0
  27. Race Condition in account survey to Slack - 22 upvotes, $0
  28. [api.krisp.ai] Race condition on /v2/seats endpoint allows bypassing the original seat limit to Krisp - 22 upvotes, $0
  29. Register multiple users using one invitation (race condition) to Keybase - 21 upvotes, $350
  30. Race condition in GitLab import, giving access to other people their imports due to filename collision to GitLab - 19 upvotes, $0
  31. Race condition vulnerability on "This Rocks" button. to Rockstar Games - 19 upvotes, $0
  32. Race condition in endpoint POST fetlife.com/users/invitation, allow attacker to generate unlimited invites to FetLife - 19 upvotes, $0
  33. Race condition on https://judge.me/people to Judge.me - 17 upvotes, $250
  34. Race condition on the Federalist API endpoints can lead to the Denial of Service attack to GSA Bounty - 16 upvotes, $0
  35. Race condition при покупке подарков на games.mail.ru to Mail.ru - 15 upvotes, $0
  36. [curl] CVE-2023-32001: fopen race condition to Internet Bug Bounty - 14 upvotes, $2480
  37. race condition in adding team members to Shopify - 14 upvotes, $0
  38. Race condition (TOCTOU) in NordVPN can result in local privilege escalation to Nord Security - 14 upvotes, $0
  39. Race Condition Vulnerability On Pornhubpremium.com to Pornhub - 13 upvotes, $520
  40. Issue in the implementation of captcha and race condition to VK.com - 13 upvotes, $100
  41. Race condition in Flash workers may cause an exploitabl​e double free to Internet Bug Bounty - 12 upvotes, $10000
  42. Race Condition in Definition Votes to Urban Dictionary - 12 upvotes, $0
  43. Race condition на покупке призов за баллы to Mail.ru - 12 upvotes, $0
  44. Race Condition allows to get more free trials and get more than 100 languages and strings for free to Weblate - 12 upvotes, $0
  45. Bypass subdomain limits using race condition to Chaturbate - 10 upvotes, $100
  46. Race Condition in Article "Helpful" Indicator to Zendesk - 10 upvotes, $0
  47. Race condition allows to send multiple times feedback for the hacker to HackerOne - 10 upvotes, $0
  48. Race Condition in Oauth 2.0 flow can lead to malicious applications create multiple valid sessions to Razer - 8 upvotes, $250
  49. Race Conditions Exist When Accepting Invitations to HackerOne - 8 upvotes, $0
  50. Race condition on action: Invite members to a team to Omise - 8 upvotes, $0
  51. The endpoint /api/internal/graphql/requestAuthEmail on Khanacademy.or is vulnerable to Race Condition Attack. to Khan Academy - 7 upvotes, $0
  52. CVE-2023-28320 - siglongjmp race condition to Internet Bug Bounty - 6 upvotes, $480
  53. Race condition allowing user to review app multiple times to Coinbase - 6 upvotes, $0
  54. Race Condition Vulnerability when creating profiles to Showmax - 6 upvotes, $0
  55. Acronis True Image Local Privilege Escalation Due To Race Condition In Application Verification to Acronis - 6 upvotes, $0
  56. Race condition when redeeming coupon codes to Dropbox - 5 upvotes, $216
  57. Race condition on my.stripo.email at /cabinet/stripeapi/v1/projects/298427/emails/folders uri to Stripo Inc - 5 upvotes, $0
  58. Race condition in workers may cause an exploitable double free by abusing bytearray.compress() to Internet Bug Bounty - 3 upvotes, $10000
  59. Adobe Flash Player Race Condition Vulnerability to Internet Bug Bounty - 3 upvotes, $2000
  60. CVE-2023-28320: siglongjmp race condition to curl - 3 upvotes, $0
  61. Race condition with CURL_LOCK_DATA_CONNECT can cause connections to be used at the same time to curl - 1 upvotes, $0
  62. Data race conditions reported by helgrind when performing parallel DNS queries in libcurl to curl - 0 upvotes, $0