Increase Rank on Bugcrowd Platform. - CrowdStream

Summary by Bugcrowd

The researcher identified that points obtained through the demo program do not add points to the user's profile, however were counted in the backend for the leaderboards. This was a flaw within the logic of the rank calculation system, which was a great find! Thanks for your awesome work MuhammadKhizerJaved!

Summary by MuhammadKhizerJaved

The vulnerability on the Bugcrowd platform allowed manipulating rank on the platform using the API. I found that the platform did not differentiate between points earned from demo programs and real programs for ranking, allowing me to import demo program reports using the Bugcrowd API and reward myself with points. Although these points did not reflect on the researcher's public profile page, they were included in the platform's ranking algorithm.

Activity

clippy Customer published the disclosure report
2 years ago(19 Apr 2023 02:59:12 UTC)
MuhammadKhizerJaved requested disclosure
2 years ago(19 Apr 2023 00:50:15 UTC)
clippy Customer changed the state to Resolved
2 years ago(17 Apr 2023 02:22:24 UTC)
MuhammadKhizerJaved cancelled the disclosure request
2 years ago(07 Apr 2023 15:17:06 UTC)
MuhammadKhizerJaved sent a message
3 years ago(03 Aug 2022 23:14:17 UTC)
MuhammadKhizerJaved requested disclosure
3 years ago(16 Jul 2022 02:16:51 UTC)
MuhammadKhizerJaved sent a message
3 years ago(01 Jul 2022 03:18:06 UTC)
bugcrowd_andy Customer sent a message
3 years ago(01 Jul 2022 03:15:00 UTC)
MuhammadKhizerJaved sent a message
3 years ago(30 Jun 2022 18:12:41 UTC)
MuhammadKhizerJaved sent a message
3 years ago(27 Jun 2022 17:23:39 UTC)
chickenJoe Customer rewarded MuhammadKhizerJaved
3 years ago(27 Jun 2022 17:19:34 UTC)
chickenJoe Customer changed the state to Unresolved
3 years ago(27 Jun 2022 17:18:37 UTC)
chickenJoe Customer rewarded MuhammadKhizerJaved 10 points
3 years ago(27 Jun 2022 17:18:37 UTC)
chickenJoe Customer sent a message
3 years ago(27 Jun 2022 17:18:23 UTC)
chickenJoe Customer sent a message
3 years ago(24 Jun 2022 17:40:09 UTC)
chickenJoe Customer sent a message
3 years ago(24 Jun 2022 00:04:57 UTC)
MuhammadKhizerJaved sent a message
3 years ago(22 Jun 2022 06:25:28 UTC)
chickenJoe Customer sent a message
3 years ago(21 Jun 2022 23:32:29 UTC)
chickenJoe Customer changed the severity to P3
3 years ago(21 Jun 2022 23:21:51 UTC)
MuhammadKhizerJaved sent a message
3 years ago(15 Jun 2022 21:55:27 UTC)Deleted 8 months ago
chickenJoe Customer sent a message
3 years ago(15 Jun 2022 21:04:29 UTC)
chickenJoe Customer changed the state to Triaged
3 years ago(15 Jun 2022 21:03:16 UTC)
MuhammadKhizerJaved resolved a blocker for Bugcrowd by responding to comments
3 years ago(14 Jun 2022 18:54:13 UTC)
MuhammadKhizerJaved sent a message
3 years ago(14 Jun 2022 18:54:13 UTC)
MuhammadKhizerJaved sent a message
3 years ago(14 Jun 2022 18:45:52 UTC)
chickenJoe Customer created a blocker on the researcher to respond to comments
3 years ago(14 Jun 2022 18:22:53 UTC)
chickenJoe Customer sent a message
3 years ago(14 Jun 2022 18:01:02 UTC)Edited 3 years ago
MuhammadKhizerJaved sent a message
3 years ago(14 Jun 2022 16:02:44 UTC)
chickenJoe Customer resolved a blocker for Bugcrowd Operations by responding to comments
3 years ago(13 Jun 2022 17:51:03 UTC)
soheesec_bugcrowd created a blocker on Bugcrowd to respond to comments
3 years ago(13 Jun 2022 07:22:30 UTC)
soheesec_bugcrowd sent a message
3 years ago(13 Jun 2022 07:18:57 UTC)
MuhammadKhizerJaved sent a message
3 years ago(09 Jun 2022 14:48:21 UTC)
chickenJoe Customer sent a message
3 years ago(08 Jun 2022 17:50:24 UTC)
MuhammadKhizerJaved sent a message
3 years ago(08 Jun 2022 10:59:49 UTC)
MuhammadKhizerJaved created the submission
3 years ago(08 Jun 2022 00:19:42 UTC)