Jump to content
Sign in to follow this  

Top 25 RCE Bug Bounty Reports

Recommended Posts

Top 25 RCE Bug Bounty Reports

The reports were disclosed through the HackerOne platform and were selected according to their upvotes, bounty, severity level, complexity, and uniqueness.


Title: Potential pre-auth RCE on Twitter VPN

Company: Twitter

Bounty: $20,160

Link: https://hackerone.com/reports/591295


Title: RCE on Steam Client via buffer overflow in Server Info

Company: Valve

Bounty: $18,000

Link: https://hackerone.com/reports/470520


Title: Struct type confusion RCE

Company: Shopify

Bounty: $18,000

Link: https://hackerone.com/reports/181879


Title: Malformed .BSP Access Violation in CS:GO can lead to Remote Code Execution

Company: Valve

Bounty: $12,500

Link: https://hackerone.com/reports/351014


Title: Git flag injection — local file overwrite to remote code execution

Company: GitLab

Bounty: $12,000

Link: https://hackerone.com/reports/658013


Title: Remote Code Execution on www.semrush.com/my_reports on Logo upload

Company: SEMrush

Bounty: $10,000

Link: https://hackerone.com/reports/403417


Title: Panorama UI XSS leads to Remote Code Execution via Kick/Disconnect Message

Company: Valve

Bounty: $9,000

Link: https://hackerone.com/reports/631956


Title: RCE using bash command injection on /system/images (toimitilat.lahitapiola.fi)

Company: LocalTapiola

Bounty: $6,800

Link: https://hackerone.com/reports/303061


Title: Remote Code Execution at http://tw.corp.ubnt.com

Company: Ubiquiti Inc.

Bounty: $5,000

Link: https://hackerone.com/reports/269066


Title: Adobe Flash Player Regular Expression UAF Remote Code Execution Vulnerability

Company: Flash (IBB)

Bounty: $5,000

Link: https://hackerone.com/reports/139879


Title: RCE by command line argument injection to `gm convert` in `/edit/process?a=crop`

Company: Imgur

Bounty: $5,000

Link: https://hackerone.com/reports/212696


Title: RCE and Complete Server Takeover of http://www.█████.starbucks.com.sg/

Company: Starbucks

Bounty: $4,000

Link: https://hackerone.com/reports/502758


Title: [ RCE ] Through stopping the redirect in /admin/* the attacker able to bypass Authentication And Upload Malicious File

Company: Mail.ru

Bounty: $4,000

Link: https://hackerone.com/reports/683957


Title: Blind SQLi leading to RCE, from Unauthenticated access to a test API Webservice

Company: Starbucks

Bounty: $4,000

Link: https://hackerone.com/reports/592400


Title: Attention! Remote Code Execution at http://wpt.ec2.shopify.com/

Company: Shopify

Bounty: $3,000

Link: https://hackerone.com/reports/73567


Title: Unchecked weapon id in WeaponList message parser on client leads to RCE

Company: Valve

Bounty: $3,000

Link: https://hackerone.com/reports/513154


Title: Drupal 7 pre auth sql injection and remote code execution

Company: The Internet Bug Bounty Program

Bounty: $3,000

Link: https://hackerone.com/reports/31756


Title: RCE via ssh:// URIs in multiple VCS

Company: The Internet Bug Bounty Program

Bounty: $3,000

Link: https://hackerone.com/reports/260005


Title: Remote Code Execution on Git.imgur-dev.com

Company: Imgur

Bounty: $2,500

Link: https://hackerone.com/reports/206227


Title: GMP Deserialization Type Confusion Vulnerability [MyBB <= 1.8.3 RCE Vulnerability]

Company: PHP (IBB)

Bounty: $1,500

Link: https://hackerone.com/reports/198734


Title: Old WebKit HTML agent in Template Preview function has multiple known vulnerabilities leading to RCE

Company: Lob

Bounty: $1,500

Link: https://hackerone.com/reports/520717


Title: Remote code execution using render :inline

Company: Ruby on Rails

Bounty: $1,500

Link: https://hackerone.com/reports/113928


Title: RCE which may occur due to `ActiveSupport::MessageVerifier` or `ActiveSupport::MessageEncryptor` (especially Active storage)

Company: Ruby on Rails

Bounty: $1,500

Link: https://hackerone.com/reports/473888


Title: Remote code execution on rubygems.org

Company: RubyGems

Bounty: $1,500

Link: https://hackerone.com/reports/274990


Title: WordPress SOME bug in plupload.flash.swf leading to RCE

Company: Automattic

Bounty: $1,337

Link: https://hackerone.com/reports/134738

Bonus: 10 Zero Dollars RCE Reports

#1 Bonus

Title: Read files on application server, leads to RCE

Company: GitLab

Bounty: $0

Link: https://hackerone.com/reports/178152

#2 Bonus

Title: XXE in DoD website that may lead to RCE

Company: U.S. D.o.D.

Bounty: $0

Link: https://hackerone.com/reports/227880

#3 Bonus

Title: Remote Code Execution (RCE) in a DoD website

Company: U.S. D.o.D.

Bounty: $0

Link: https://hackerone.com/reports/248116

#4 Bonus

Title: Remote Unrestricted file Creation/Deletion and Possible RCE.

Company: Twitter

Bounty: $0

Link: https://hackerone.com/reports/191884

#5 Bonus

Title: RCE on via CVE-2017–10271

Company: U.S. D.o.D.

Bounty: $0

Link: https://hackerone.com/reports/576887

#6 Bonus

Title: Ability to access all user authentication tokens, leads to RCE

Company: GitLab

Bounty: $0

Link: https://hackerone.com/reports/158330

#7 Bonus

Title: Remote Code Execution via Extract App Plugin

Company: Nextcloud

Bounty: $0

Link: https://hackerone.com/reports/546753

#8 Bonus

Title: Arbitrary File Reading leads to RCE in the Pulse Secure SSL VPN on the https://███

Company: U.S. D.o.D.

Bounty: $0

Link: https://hackerone.com/reports/678496

#9 Bonus

Title: Remote Code Execution in Rocket.Chat Desktop

Company: Rocket.chat

Bounty: $0

Link: https://hackerone.com/reports/276031

#10 Bonus

Title: [npm-git-publish] RCE via insecure command formatting

Company: Node.js third-party modules

Bounty: $0

Link: https://hackerone.com/reports/730121


  • Upvote 2

Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

  • Create New...