Scope Changes

Temporary Limit on Pictela

Paranoids logo

Temporary Limit on Pictela

We have identified a number of issues with multiple Pictela domains thanks to the work and detail in your reports. While we work with the product team to build fixes for these issues, we will be imposing a limit on the scope of Pictela. These issues all stem from either the same root cause, or related individual causes. Any new reports for these vulnerabilities will be triaged by HackerOne as a Duplicate if the domain is in the list below. 


Known Vulnerabilities: XSS, SSRF, XXE and RCE


Known Domains:

  • ads.pictela.net
  • beta-ads.pictela.net
  • origin-ads.pictela.net
  • secure-ads.pictela.net
  • secure.pictela.net
  • service.pictela.net
  • www.pictela.net

We are interested in finding out about any new domains that have the same issues, but we are not opening up full payment for them. For the first report of any of these vulnerabilities against a new domain, the award will be a flat $2,000 for identifying another domain/subdomain.


Happy Hacking,

The Paranoids