HackerOne disclosed on HackerOne: The /reports/:id.json endpoint...
Hi
The.json endpoint of any disclosed report is leaking reporter's email, OTP backup codes, reporter's phone number, "graphql_secret_token", tshirt size all the reporter account's internal details etc.
```
GET /reports/█████.json HTTP/2
Host: hackerone.com
````
* I was checking Hackerone's dis…
hackerone.com