Getting started
Learn about vulnerability types 
Getting started in bug bounties 
Test your knowledge
Free Web Application Challenges
BugBountyHunter Membership
Guides for your hunts 
ZSeano's Methodology
Effective Note Taking for bug bounties
Useful Resources 
Disclosed HackerOne Reports 
Our community
Endorsed Members
Hackevents 
Member Articles Concrete CMS Program Statistics
5 total issues disclosed
$0 total paid publicly
Most disclosed (1 disclosures) — None supplied
Disclosed Reports
| Report Title | Vulnerability Type | Disclosed By | Severity | Disclosed on |
|---|---|---|---|---|
| A bypass of adding remote files in concrete5 FIlemanager leads to remote code execution | None supplied | byc_404 | Medium | 2021-11-11 |
| Arbitrary File delete via PHAR deserialization | Deserialization of Untrusted Data | reset | High | 2021-10-20 |
| Authenticated path traversal to RCE | Path Traversal | d3addog | High | 2021-10-15 |
| Stored unauth XSS in calendar event via CSRF | Cross-site Scripting (XSS) - Stored | d3addog | Medium | 2021-10-15 |
| SSRF bypass | Server-Side Request Forgery (SSRF) | pabl00nicarres | Low | 2021-10-04 |