Private Program Discloser on HackerOne

Private Program Discloser on HackerOne

Hello friends so today i am going to share my  find in HackerOne that was (Private Program Discloser HackerOne) a user  is able to find private programs running on HackerOne by taking look at the server response length in my testing i found that the Below response Lengths revels the i am testing against the programs i am invited in to participate with my real account and using my demo account which don’t have those programs.

3491 for valid program (All the responses above 3000 series indicate that it is a valid Invite_only Program)

3316 for valid program
3316 for valid program

2477 for invalid program (All the responses above 2000 series indicate that it is a in valid Program)
2479 for invalid program


Lets get started.


Lets start with the programs which are not on HackerOne like


as you can see that the response length is 2479

now lets see the valid program like MediaFire

as you can see the response length is 3316 in all my testing in found the results to be same let try one more

Private Program Disclosed

Report sent and was marked as N/A as we were not able to distinguish between Sandbox Programs.


Please enter your comment!
Please enter your name here