My First Valid Bug In Hackerone


  1. Vulnerable
  2. Http Error
  3. Not Vulnerable



  1. Clicked on any social media links and intercepted the request.
  2. Observed the Refer header.
  3. I can clearly see the complete password reset token being leaked to 3rd party sites.
Reset password token leaked




Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Vulnhub Writeup-Tommy Boy: 1

Scure Wallet Airdrop 2nd 🎁

GDPR / HSS Inspired Data Liquidity & Future Of Privacy

On-chain analysts called attention to an 80,000 ether (ETH) transaction from Wormhole to an address…

New anti-stalking firmware update for the Apple AirTags — iOS 14.5

HNT Mining-A World of Hotspots

Catastrophic Attack and “Reasonable Probability”

Massive $30,000 Airdrop by GameFi projects on BSC

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Tridev Reddy

Tridev Reddy

More from Medium


Project 3

Terrell Lawrence — — Blog Post 1: Media Consumption

CS373 Spring 2022: Samson Broten, Blog 5