Skip to content

Latest commit

 

History

History
135 lines (134 loc) · 15.8 KB

TOPSLACK.md

File metadata and controls

135 lines (134 loc) · 15.8 KB
Raw

Top reports from Slack program at HackerOne:

  1. Mass account takeovers using HTTP Request Smuggling on https://slackb.com/ to steal session cookies to Slack - 833 upvotes, $0
  2. Remote Code Execution in Slack desktop apps + bonus to Slack - 486 upvotes, $0
  3. XSS vulnerable parameter in a location hash to Slack - 443 upvotes, $0
  4. URL link spoofing to Slack - 355 upvotes, $250
  5. AWS bucket leading to iOS test build code and configuration exposure to Slack - 316 upvotes, $1500
  6. TURN server allows TCP and UDP proxying to internal network, localhost and meta-data services to Slack - 312 upvotes, $3500
  7. Slack DTLS uses a private key that is in the public domain, which may lead to SRTP stream hijack to Slack - 167 upvotes, $2000
  8. XSS in gist integration to Slack - 154 upvotes, $500
  9. Unauthenticated LFI revealing log information to Slack - 119 upvotes, $0
  10. Stealing xoxs-tokens using weak postMessage / call-popup redirect to current team domain to Slack - 116 upvotes, $0
  11. Denial of Service via Hyperlinks in Posts to Slack - 103 upvotes, $1500
  12. Team members can trigger arbitrary code execution in Slack Desktop Apps via HTML Notifications to Slack - 102 upvotes, $0
  13. Stored XSS on team.slack.com using new Markdown editor of posts inside the Editing mode and using javascript-URIs to Slack - 101 upvotes, $0
  14. Lack of URL normalization renders Blocked-Previews feature ineffectual to Slack - 98 upvotes, $1000
  15. Ability to join an arbitrary workspace by utilizing a proxy to manipulate invite links to Slack - 96 upvotes, $0
  16. User-assisted RCE in Slack for macOS (from official site) due to improper quarantine meta-attribute handling for downloaded files to Slack - 95 upvotes, $750
  17. Real Time Error Logs Through Debug Information to Slack - 95 upvotes, $0
  18. Tricking the "Create snippet" feature into displaying the wrong filetype can lead to RCE on Slack users to Slack - 94 upvotes, $1500
  19. SSRF via Office file thumbnails to Slack - 93 upvotes, $4000
  20. Header modification results in disclosure of Slack infra metadata to unauthorized parties to Slack - 90 upvotes, $0
  21. Many Slack teams can be joined by abusing an improperly configured support@ inbox to Slack - 84 upvotes, $0
  22. SSRF in api.slack.com, using slash commands and bypassing the protections. to Slack - 78 upvotes, $0
  23. OSX slack:// protocol handler javascript injection to Slack - 72 upvotes, $0
  24. Unauthorized access to GovSlack to Slack - 71 upvotes, $1500
  25. Stored XSS through PDF viewer to Slack - 67 upvotes, $4875
  26. Bypass invite accept for victim to Slack - 66 upvotes, $1500
  27. Eavesdropping on private Slack calls to Slack - 66 upvotes, $1000
  28. Access to some Slack workspace metadata and settings available to unauthorized parties to Slack - 55 upvotes, $7000
  29. The Custom Emoji Page has a Reflected XSS to Slack - 55 upvotes, $0
  30. XSS on link and window.opener to Slack - 47 upvotes, $1000
  31. Internal SSRF bypass using slash commands at api.slack.com to Slack - 47 upvotes, $500
  32. Linux Desktop application slack executable does not use pie / no ASLR to Slack - 47 upvotes, $100
  33. [Android] Directory traversal leading to disclosure of auth tokens to Slack - 46 upvotes, $3500
  34. Bypass of the SSRF protection in Event Subscriptions parameter. to Slack - 46 upvotes, $0
  35. Store XSS to Slack - 43 upvotes, $0
  36. The POODLE attack (SSLv3 supported) at status.slack.com to Slack - 43 upvotes, $0
  37. Information leakage and default open port to Slack - 39 upvotes, $0
  38. Slack-Corp Heroku application disclosing limited info about company members to Slack - 38 upvotes, $0
  39. Workspace configuration metadata disclosure to Slack - 36 upvotes, $0
  40. CSS Injection to disable app & potential message exfil to Slack - 35 upvotes, $0
  41. Private application files can be uploaded to Slack via malicious uploader to Slack - 34 upvotes, $500
  42. URL filter bypass in Enterprise Grid to Slack - 31 upvotes, $100
  43. Bypass two-factor authentication to Slack - 30 upvotes, $500
  44. Stored XSS(Cross Site Scripting) In Slack App Name to Slack - 29 upvotes, $1000
  45. Snooping into messages via email service to Slack - 29 upvotes, $0
  46. DoS on the Direct Messages to Slack - 28 upvotes, $500
  47. Access of Android protected components via embedded intent to Slack - 27 upvotes, $0
  48. Subdomain takeover on podcasts.slack-core.com to Slack - 26 upvotes, $100
  49. Source code leakage through GIT web access at host '52.91.137.42' to Slack - 25 upvotes, $0
  50. Email html Injection to Slack - 24 upvotes, $250
  51. Rate-limit bypass to Slack - 23 upvotes, $500
  52. [Screenhero] Subdomain takeover to Slack - 23 upvotes, $0
  53. HTTP parameter pollution from outdated Greenhouse.io JS dependency to Slack - 23 upvotes, $0
  54. CSRF in github integration to Slack - 22 upvotes, $500
  55. Race Condition in account survey to Slack - 22 upvotes, $0
  56. Misuse of groups feature allows workspace members to join private channels without being invited to Slack - 19 upvotes, $0
  57. Stored XSS in files.slack.com to Slack - 17 upvotes, $0
  58. Uninstalling Slack for Windows (64-bit), then reinstalling keeps you logged in without authentication to Slack - 15 upvotes, $500
  59. Information Disclosure on stun.screenhero.com to Slack - 14 upvotes, $700
  60. Bypass to postMessage origin validation via FTP to Slack - 14 upvotes, $0
  61. Code Injection in Slack's Windows Desktop Client leads to Privilege Escalation to Slack - 14 upvotes, $0
  62. Facebook Takeover using Slack using 302 from files.slack.com with access_token to Slack - 13 upvotes, $0
  63. Invitation reminder emails contain insecure links to Slack - 12 upvotes, $350
  64. Bypass of the SSRF protection (Slack commands, Phabricator integration) to Slack - 12 upvotes, $100
  65. HTML Injection inside Slack promotional emails to Slack - 12 upvotes, $100
  66. dom xss in https://www.slackatwork.com to Slack - 12 upvotes, $0
  67. Open Redirect on slack.com to Slack - 11 upvotes, $500
  68. Cross-site leak allows attacker to de-anonymize members of his team from another origin to Slack - 11 upvotes, $250
  69. User can start call in a channel of an unpaid account to Slack - 10 upvotes, $100
  70. Shared-channel BETA persists integration after unshare to Slack - 9 upvotes, $750
  71. Relative Path Vulnerability Results in Arbitrary Command Execution/Privilege Escalation to Slack - 9 upvotes, $750
  72. Open redirect vulnerability to Slack - 9 upvotes, $0
  73. Creating Post on a restricted channel to Slack - 9 upvotes, $0
  74. a stored xss issue in https://files.slack.com to Slack - 8 upvotes, $500
  75. Slack OAuth2 "redirect_uri" Bypass to Slack - 8 upvotes, $0
  76. Stored XSS Found to Slack - 8 upvotes, $0
  77. Data exports stored on S3 can be scraped easily to Slack - 8 upvotes, $0
  78. Possibility to freeze/crash the host system of all Slack Desktop users easily to Slack - 8 upvotes, $0
  79. "a stored xss issue in share post menu" to Slack - 7 upvotes, $500
  80. CSV export/import functionality allows administrators to modify member and message content of a workspace to Slack - 7 upvotes, $250
  81. Authentication bypass leads to sensitive data exposure (token+secret) to Slack - 6 upvotes, $2000
  82. Stored XSS in www.slack-files.com to Slack - 6 upvotes, $0
  83. Remote file Inclusion - RFI in upload to Slack - 6 upvotes, $0
  84. RC4 cipher suites detected on status.slack.com to Slack - 6 upvotes, $0
  85. CSRF - Add optional two factor mobile number to Slack - 5 upvotes, $500
  86. Session Fixation disclosing email address to Slack - 5 upvotes, $0
  87. Stored XSS in Slackbot Direct Messages to Slack - 5 upvotes, $0
  88. Stored XSS on this link https://sehacure.slack.com/help/requests/ to Slack - 5 upvotes, $0
  89. Password Policy issue (Weak Protect) to Slack - 5 upvotes, $0
  90. File upload over private IM channel to Slack - 5 upvotes, $0
  91. Email information leakage for certain addresses to Slack - 5 upvotes, $0
  92. a stored xss in slack integration https://onerror.slack.com/services/import to Slack - 4 upvotes, $500
  93. Content Spoofing all Integrations in https://team.slack.com/services/new/ to Slack - 4 upvotes, $200
  94. Generate new Test token to Slack - 4 upvotes, $100
  95. Email enumeration to Slack - 4 upvotes, $0
  96. csrf to Slack - 4 upvotes, $0
  97. Broken Authentication (including Slack OAuth bugs) to Slack - 4 upvotes, $0
  98. URL redirection flaw to Slack - 4 upvotes, $0
  99. SSRF on https://whitehataudit.slack.com/account/photo to Slack - 4 upvotes, $0
  100. Stored XSS in Slack.com to Slack - 4 upvotes, $0
  101. Executing scripts on slack-files.com using SVG to Slack - 4 upvotes, $0
  102. Reflective XSS can be triggered in IE to Slack - 3 upvotes, $150
  103. Open Redirect login account to Slack - 3 upvotes, $100
  104. Duplicate of #4550 to Slack - 3 upvotes, $0
  105. CSRF vulnerability on https://sehacure.slack.com/account/settings to Slack - 3 upvotes, $0
  106. Content Spoofing to Slack - 3 upvotes, $0
  107. Stored XSS in Slack (weird, trial and error) to Slack - 3 upvotes, $0
  108. Trick make all fixed open redirect links vulnerable again to Slack - 2 upvotes, $1000
  109. Reflected Xss to Slack - 2 upvotes, $500
  110. Team admin can add billing contacts to Slack - 2 upvotes, $200
  111. Team admin can change unauthorized team setting (require_at_for_mention) to Slack - 2 upvotes, $200
  112. Content spoofing at Stripe Integrations to Slack - 2 upvotes, $100
  113. Team admin can change unauthorized team setting (allow_message_deletion) to Slack - 2 upvotes, $100
  114. State parameter missing on google OAuth to Slack - 2 upvotes, $0
  115. Stored XSS to Slack - 2 upvotes, $0
  116. flash content type sniff vulnerability in api.slack.com to Slack - 2 upvotes, $0
  117. User impersonation is possible with incoming webhooks to Slack - 2 upvotes, $0
  118. CSRF on add comment section to Slack - 2 upvotes, $0
  119. Stored XSS in Channel Chat to Slack - 2 upvotes, $0
  120. Open Redirect in Slack to Slack - 2 upvotes, $0
  121. open redirect in https://slack.com to Slack - 2 upvotes, $0
  122. Stored XSS in username.slack.com to Slack - 2 upvotes, $0
  123. TLS1/SSLv3 Renegotiation Vulnerability to Slack - 2 upvotes, $0
  124. HTTP Strict Transport Policy not enabled on newly made accounts to Slack - 2 upvotes, $0
  125. Logout any user of same team to Slack - 2 upvotes, $0
  126. File upload XSS (Java applet) on http://slackatwork.com/ to Slack - 1 upvotes, $200
  127. an xss issue in https://hunter22.slack.com/help/requests/793043 to Slack - 1 upvotes, $100
  128. Stored XSS in slack.com (integrations) to Slack - 1 upvotes, $0
  129. Deleting Teams implemenation to Slack - 1 upvotes, $0
  130. Link vulnerability leads to phishing attacks to Slack - 1 upvotes, $0
  131. Reflected Self-XSS in Slack to Slack - 1 upvotes, $0
  132. Self-XSS in posts by formatting text as code to Slack - 1 upvotes, $0
  133. Unauthenticated Access to some old file thumbnails to Slack - 1 upvotes, $0