This program has been suspended till further notice due to: Our program has been temporarily suspended till our latest reported bugs are fixed! Keep them coming! We thank all hackers who submitted vulnerability reports.


Domains

www.antihack.me

Minimum
Bounty

$0

Reports
solved

37

Hackers
Thanked

19

Bounty Statistics

-

Total bounties paid

- - -

Average bounty range

- - -

Top bounty range

Hacktivity
  • 2 month ago

    [Full Path disclosure Through Error message on hacker_messages_send]closed a report and changed the status to Duplicate
  • 2 month ago

    [Email Spoofing]closed a report and changed the status to Duplicate
  • 1 month ago

    changed a report status to Triaged
  • 2 month ago

    [Stack error leads to "Full Path Disclosure"]closed a report and changed the status to Duplicate
  • 2 month ago

    [full path disclosure on https://www.antihack.me]closed a report and changed the status to Duplicate
  • 1 month ago

    [XSS while posting a comment during submission]closed a report and changed the status to Resolved
  • 2 month ago

    changed a report status to Need more info
  • 3 week ago

    [Information Disclosure leads to Possible SQLi]closed a report and changed the status to Not applicable
  • 2 month ago

    [closed Reports not showing in.inbox]closed a report and changed the status to Not applicable
  • 3 month ago

    changed a report status to Need more info
  • 2 month ago

    [Ability to Bypass Business Logic To Update Data in Forms]closed a report and changed the status to Resolved
  • 2 month ago

    [UI Redressing aka Clickjacking]closed a report and changed the status to Resolved
  • 1 month ago

    [Directory Information Disclosure leads to CV disclosures part 2]closed a report and changed the status to Resolved
  • 2 month ago

    [Directory Information Disclosure leads to CV disclosures]closed a report and changed the status to Resolved
  • 2 month ago

    [CRITICAL. Direct file Access. Can access PoC images and videos by anyone on any report.]closed a report and changed the status to Resolved
  • 3 month ago

    [CRITICAL. Direct file Access. Can access PoC images and videos by anyone on any report.]closed a report and changed the status to Duplicate
  • 2 month ago

    [{CRITICAL} anyone can access any report ]closed a report and changed the status to Resolved
  • 3 week ago

    [Stored XSS in name filed.]closed a report and changed the status to Resolved
  • 2 month ago

    [[URGENT] Unrestricted File Upload (RCE) on submit_report endpoint]closed a report and changed the status to Resolved
  • 2 month ago

    [Account takeover by chaining vulnerabilities]closed a report and changed the status to Resolved
  • 3 week ago

    [Server Side Request Forgery (SSRF) on https://www.antihack.me/php/img_crop_to_file_hacker.php]closed a report and changed the status to Not applicable
  • 2 month ago

    [Changing of username via burp intercept]closed a report and changed the status to Resolved
  • 2 month ago

    [Stored XSS in reports form. Can leak antihack employee dashboard url, cookies etc.]closed a report and changed the status to Resolved
  • 2 month ago

    [XSS]closed a report and changed the status to Resolved
  • 2 month ago

    [Stored XSS in profile section (field = about me)]closed a report and changed the status to Resolved
  • 2 month ago

    [Missing SPF record for www.antihack.me]closed a report and changed the status to Duplicate
  • 2 month ago

    [[IDOR] Changing anybody profile picture on antihack.me]closed a report and changed the status to Resolved
  • 2 month ago

    [Stored xss in username field that executes in submitted bugs too ]closed a report and changed the status to Resolved
  • 2 month ago

    [Unrestricted File Upload Leading to Remote Code Execution]closed a report and changed the status to Resolved
  • 2 month ago

    [Overwriting of Other Users Profile Image]closed a report and changed the status to Resolved
  • 2 month ago

    [Verbose error messages]closed a report and changed the status to Resolved
  • 2 month ago

    [Verbose error messages]closed a report and changed the status to Not applicable
  • 2 month ago

    [Able to edit others profile image ]closed a report and changed the status to Resolved
  • 2 month ago

    [Php file upload to remote code execution ]closed a report and changed the status to Resolved
  • 2 month ago

    [xss via svg file ]closed a report and changed the status to Resolved
  • 2 month ago

    [clickjacking is possible due to lack of iframe option ]closed a report and changed the status to Resolved
  • 2 month ago

    [Cross-site Scripting]closed a report and changed the status to Resolved
  • 1 month ago

    [Tab nabbing]closed a report and changed the status to Resolved
  • 2 month ago

    [Accessing report details of other users]closed a report and changed the status to Resolved
  • 3 month ago

    [http doesn't redirect to https]closed a report and changed the status to Not applicable
  • 2 month ago

    [Full account takeover]closed a report and changed the status to Resolved
  • 2 month ago

    [Version & Technology Disclosure]closed a report and changed the status to Informative
  • 2 month ago

    [Username Takeover of any User]closed a report and changed the status to Resolved
  • 2 month ago

    [Username Takeover of any User]closed a report and changed the status to Resolved
  • 2 month ago

    [Username Takeover of any User]closed a report and changed the status to Not applicable
  • 3 week ago

    [SQL Query Disclosure via Error Message]closed a report and changed the status to Not applicable
  • 2 month ago

    changed a report status to Need more info
  • 3 week ago

    [Server Version Disclosure]closed a report and changed the status to Not applicable
  • 2 month ago

    [Internal Path Disclosure]closed a report and changed the status to Resolved
  • 2 month ago

    changed a report status to Triaged
  • 2 month ago

    [Critical Remote Code Execution antihack.me]closed a report and changed the status to Duplicate
  • 2 month ago

    [Stored XSS at Profile Page]closed a report and changed the status to Resolved
  • 3 month ago

    []closed a report and changed the status to Informative
  • 3 month ago

    [Missing DMARC on antihack.me]closed a report and changed the status to Duplicate
  • 2 month ago

    [Stored XSS using URL Markdown]closed a report and changed the status to Duplicate
  • 3 month ago

    [session not expiring]closed a report and changed the status to Informative
  • 2 month ago

    [Remote code execution via report file upload [critical]]closed a report and changed the status to Resolved
  • 3 month ago

    [Changing of username without contacting antihack.me team]closed a report and changed the status to Not applicable
  • 3 month ago

    [Stored xss in hacker profile]closed a report and changed the status to Duplicate
  • 3 month ago

    [XSS in https://www.antihack.me/hacker_inbox]closed a report and changed the status to Duplicate
  • 3 month ago

    [XSS in https://www.antihack.me/settings_hackers]closed a report and changed the status to Duplicate
  • 3 month ago

    [Full path disclosure and internal file structure disclosure]closed a report and changed the status to Duplicate
  • 3 month ago

    []closed a report and changed the status to Duplicate
  • 3 month ago

    [XSS in profile]closed a report and changed the status to Informative
  • 3 month ago

    [Universal XSS in profile]closed a report and changed the status to Duplicate
  • 3 month ago

    [Changing handle without verification]closed a report and changed the status to Informative
  • 3 month ago

    [Full Path Disclosure]closed a report and changed the status to Duplicate
  • 2 month ago

    [Blind XSS @ antihack.me/admin/contactus-listing]closed a report and changed the status to Not applicable
  • 2 month ago

    [Xss on profile]closed a report and changed the status to Duplicate
  • 3 month ago

    [Full path disclosure]closed a report and changed the status to Duplicate
  • 3 month ago

    [Xss via image name]closed a report and changed the status to Informative
  • 3 month ago

    changed a report status to Triaged
  • 3 month ago

    [Cross-site Scripting]closed a report and changed the status to Not applicable
  • 3 month ago

    [Broken authentication : Improper cache handling ]closed a report and changed the status to Informative
  • 3 month ago

    [Sensitive information saved on browser cache in https://www.antihack.me/_company/Antihack.Me/submit_report]closed a report and changed the status to Not applicable
  • 3 month ago

    [Reports attachments are acessible by anyone using direct link]closed a report and changed the status to Resolved
  • 2 month ago

    changed a report status to Need more info
  • 3 month ago

    [Information Disclosure via Error Message]closed a report and changed the status to Not applicable
  • 3 month ago

    [Full path Disclosure Due to Improper Error Handling]closed a report and changed the status to Duplicate
  • 3 month ago

    [Full path Disclosure Due to Improper Error Handling]closed a report and changed the status to Not applicable
  • 3 month ago

    [Full path disclosure through https://www.antihack.me/hacker_list/]closed a report and changed the status to Duplicate
  • 3 month ago

    [Stored XSS on report inbox]closed a report and changed the status to Resolved
  • 3 month ago

    [XSS on hackers profile]closed a report and changed the status to Not applicable
  • 1 month ago

    [FPD (full path disclosure) and local files disclosure on antihack.me]closed a report and changed the status to Duplicate
  • 2 month ago

    [Reflected XSS in Report's ID.]closed a report and changed the status to Resolved
  • 2 month ago

    changed a report status to Triaged
  • 1 week ago

    [Server crashing showing user details and hashed passwords]closed a report and changed the status to Resolved
  • 1 week ago

    [Allowed upload of scripts via hacker registration page]closed a report and changed the status to Resolved