This video is an explanation and walkthrough my first monetary bug bounty report that was one-click DoS on gitter.im – Gitlab aquisition. It was reported on Hackerone and rewarded $1,000.

Report:
https://hackerone.com/reports/702987

Timestamps:
00:00 Intro
00:39 What made me test this functionality
01:00 Oauth and Oauth open redirect attack
03:07 How Gitter prevents Oauth open redirect
03:40 the actual one-click DoS vulnerability
05:11 Why I have decided to report DoS
05:28 The fix

#DoS #Hackerone #bug #bounty #bugbounty #first

Add comment

Your email address will not be published. Required fields are marked *