On February 24th, 2016, a bug bounty hunter called Mahmoud G. published a vulnerability that directly affected HackerOne's platform.
In order to provide support to its users, HackerOne implemented Zendesk, an automated technical support solution. The vulnerable URL is as follows:
https://hackerone.com/zendesk_session?locale_id=1&return_to=https://support.hackerone.com/ping/redirect_to_account?state=compayn:/
When a user clicks on the link automatically, the application since HackerOne creates the request to Zendesk. A malicious user can manipulate the redirection by changing the value in the redirect_to_account parameter, making the Zendesk session and other user data vulnerable.
If you want to read more about this bug, you can find the report at https://hackerone.com/reports/111968.