Getting started
Learn about vulnerability types 
Getting started in bug bounties 
Test your knowledge
Free Web Application Challenges
BugBountyHunter Membership
Guides for your hunts 
ZSeano's Methodology
Effective Note Taking for bug bounties
Useful Resources 
Disclosed HackerOne Reports 
Our community
Endorsed Members
Hackevents 
Member Articles OWOX, Inc. Program Statistics
13 total issues disclosed
$0 total paid publicly
Most disclosed (4 disclosures) — Improper Authentication - Generic
Disclosed Reports
| Report Title | Vulnerability Type | Disclosed By | Severity | Disclosed on |
|---|---|---|---|---|
| Unrestricted File Upload in Chat Window | Violation of Secure Design Principles | ant_pyne | Medium | 2020-08-16 |
| Server-side cache poisoning leads to the http://my.dev.owox.com inaccessibility | None supplied | sp1d3rs | High | 2017-11-23 |
| ClickJacking | UI Redressing (Clickjacking) | blablaa | No rating | 2017-05-22 |
| Direct IP Access | Information Disclosure | ph_spade | Low | 2017-05-22 |
| invalid URL parsing with and '@' | HTTP Response Splitting | yynl | Low | 2017-05-22 |
| Subdomain Takeover on http://blog.owox.com/ | Improper Authentication - Generic | yynl | Critical | 2017-05-22 |
| Subdomain Takeover on OWOX.RU | Improper Authentication - Generic | yynl | Critical | 2017-05-22 |
| Broken Authentication & Session Management (Login Bypass) at support.owox.com | Improper Authentication - Generic | k_jagdish | Critical | 2017-05-22 |
| Subdomain takeover in many subdomains | Privilege Escalation | haxormad | Critical | 2017-03-24 |
| Stored XSS at https://finance.owox.com/customer/accountList | Cross-site Scripting (XSS) - Generic | sp1d3rs | Low | 2017-02-12 |
| Access to Grafana Dashboard | Information Disclosure | hackerish | Medium | 2017-01-06 |
| HTTP Response Splitting(CRLF injection) in bi.owox.com | Command Injection - Generic | quistertow | No rating | 2016-12-20 |
| Subdomain Takeover on http://kiosk.owox.com/ | Improper Authentication - Generic | gaurang | Critical | 2016-11-17 |