Public Badoo bug reports.

Team Bounty Title
Badoo $280 CSRF Attack on ( account and erasing imported contacts
Badoo $140 Email Spoofing
Badoo $280 Leave inaccessible messaging system with a message (
Badoo $260 Arbitrary modification value "session" (Cookie) in
Badoo $140 Unvalidated redirect on
Badoo $140 No rate-limit in SERVER_SECURITY_CHECK
Badoo $140 Change contents of the careers iframe in
Badoo $280 Получение оригинала скрытого изображения
Badoo $280 Ability to collect users' ids that have visited a specific web page with malicious code
Badoo - AWS S3 Bucket hotornot-images permissions allow for listing and removing files
Badoo - Badoo and Hotornot User Disclosure
Badoo $852 [CRITICAL] Full account takeover using CSRF
Badoo - Insecure Direct Object Reference on
Badoo $850 Account Takeover
Badoo $427 Broken Authentication on Badoo
Badoo - Password modification without knowing actual password & httpOnly bypass
Badoo $153 Open redirect helps to steal Facebook access_token
Badoo $310 crossdomain.xml too permissive on,, etc.
Badoo $456 Tokens from services like Facebook can be stolen