| 4397 | Client side validation strikes again: PIN code bypass ! |
Client-side enforcement of server-side security
Authentication bypass
Authorization flaw |
Netflix
Linxo |
Davy (@RandoriSec) |
Bug Bounty | 2018-12-22 | 2023-06-13 |
| 4095 | Using Burp Suite match and replace settings to escalate your user privileges and find hidden features |
Client-side enforcement of server-side security |
New Relic |
Jon Bottarini (@jon_bottarini) |
Bug Bounty | 2019-06-17 | 2023-06-13 |
| 3676 | How Inspect Element Got me a Bounty |
Client-side enforcement of server-side security |
NA |
Aditya Soni (@hetroublemakr) |
Bug Bounty | 2020-02-06 | 2023-06-13 |
| 3355 | Using Inspect Element to Bypass Security restrictions | Bug Bounty POC |
Client-side enforcement of server-side security |
NA |
Muhammad Khizer Javed (@khizer_javed47) |
Bug Bounty | 2020-06-30 | 2023-06-13 |
| 3285 | Hunting Android Application Bugs Using Android Studio. |
Authorization flaw
Client-side enforcement of server-side security
Information disclosure |
NA |
Tarek Mohammed (@Conan0x3) |
Bug Bounty | 2020-07-24 | 2023-06-13 |
| 3183 | Unhiding the hidden |
Client-side enforcement of server-side security
Authorization flaw
CSRF |
NA |
I am Broot |
Bug Bounty | 2020-08-31 | 2023-06-13 |
| 2621 | DMCA.COM Hack, Full Disclosure (With Proof-of-Concept) |
Privilege escalation
Client-side enforcement of server-side security
Stored XSS
Broken Access Control |
DMCA |
Joël Aviad Ossi |
Bug Bounty | 2021-04-21 | 2023-06-13 |
| 2349 | How the use of hidden form fields lead to Email verification bypass |
Email verification bypass
Client-side enforcement of server-side security |
NA |
Yash Swarup (@wazirsec) |
Bug Bounty | 2021-08-03 | 2023-06-13 |
| 2273 | Broken Access Control Leads To Change Of Admin Details |
Privilege escalation
Client-side enforcement of server-side security |
NA |
V3D (@v3d_bug) |
Bug Bounty | 2021-08-31 | 2023-06-13 |
| 2019 | Hacking into Admin Panel of U.S Federal government system C.A.R.S — without credentials. |
Client-side enforcement of server-side security
Privilege escalation |
U.S. General Services Administration |
Hazem Brini (@ImJungsuu) |
Bug Bounty | 2021-12-07 | 2023-06-13 |
| 1448 | Account Takeover by OTP bypass |
Information disclosure
Client-side enforcement of server-side security
OTP bypass
Account takeover |
NA |
Vaibhav Kumar Srivastava |
Bug Bounty | 2022-06-19 | 2023-06-13 |
| 1173 | Break the Logic: 5 Different Perspectives in Single Page (€1500) |
Client-side enforcement of server-side security
IDOR
Authorization flaw |
NA |
can1337 (@canmustdie) |
Bug Bounty | 2022-08-26 | 2023-06-13 |
| 1013 | Security vs Compliance-Cloudflare Password Policy Restriction Bypass |
Client-side enforcement of server-side security |
Cloudflare |
Lohith Gowda M (@lohigowda_in) |
Bug Bounty | 2022-09-29 | 2023-06-13 |
| 553 | How i Hacked Scopely with “Sign in with Google” |
Account takeover
CORS misconfiguration
Client-side enforcement of server-side security
OAuth |
Scopely |
Ph.Hitachi |
Bug Bounty | 2023-01-23 | 2023-06-13 |
