During our next tryout, we also found a loophole on another large hosting company – Active24.com
The vulnerability gave us access to any customer’s personal files and his/her whole hosting space.
We have reported it and got a quick response from hosting company. The issue was fixed in the next few days, and according to their Bug Reward Program, they gave us the reward too. The communication and details were confidential and will be never disclosed publicly.