| 5008 | Getting access to 25k employees details |
Exposed registration page |
NA |
Sahil Ahamad (@ehsahil) |
Bug Bounty | 2017-08-11 | 2023-06-13 |
| 3528 | From Recon to P1 (Critical) — An Easy Win |
Exposed registration page |
NA |
Harsh Bothra (@harshbothra_) |
Bug Bounty | 2020-04-24 | 2023-06-13 |
| 3272 | Company’s zendesk subdomain lead to hidden access. |
Exposed registration page |
NA |
himanshu pdy (@himanshu_pdy) |
Bug Bounty | 2020-07-28 | 2023-06-13 |
| 2704 | How to Harpon Big Blue! |
Logic flaw
Exposed registration page |
IBM |
Clark Voss (@clark_voss) |
Bug Bounty | 2021-03-19 | 2023-06-13 |
| 2502 | 403 Forbidden Bypass |
OTP bypass
Exposed registration page
XSS |
NA |
th3.d1p4k (@DipakPanchal05) |
Bug Bounty | 2021-06-04 | 2023-06-13 |
| 2474 | Story of Google Hall of Fame and Private program bounty worth $$$$ |
Exposed registration page |
Google |
Basavaraj Banakar (@basu_banakar) |
Bug Bounty | 2021-06-16 | 2023-06-13 |
| 2281 | ATO of WordPress Website “4 digits €€€€ Bounty in 5 Minute!” |
Exposed registration page
Account takeover |
NA |
Ritesh Gohil (@RiteshG37659480) |
Bug Bounty | 2021-08-29 | 2023-06-13 |
| 1555 | From android app to access admin dashboard |
Exposed registration page
Account takeover |
NA |
Oday Alhalabi (@OdayAlhalabi) |
Bug Bounty | 2022-05-13 | 2023-06-13 |
| 1554 | My New Discovery In Oracle E-Business Login Panel That Allowed To Access For All Employees Information%27s & In Some cases Passwords At More Than 1000 Companies |
Exposed registration page |
NA |
Orwa Atyat (@GodfatherOrwa) |
Bug Bounty | 2022-05-14 | 2023-06-13 |
| 938 | Found vulnaribility on subdomain of nasa.gov simply using censys |
Exposed registration page |
NASA |
hacker_might |
Bug Bounty | 2022-10-19 | 2023-06-13 |
| 874 | Chaining Multiple Vulnerabilities Leads to Remote Code Execution (RCE) on One of the Payment Service Companies. |
Exposed registration page
Exposed Jenkins instance
Weak credentials
RCE |
NA |
Rohit Soni (@streetofhacker) |
Bug Bounty | 2022-11-02 | 2023-06-13 |
| 816 | Security concerns with the e-Tugra certificate authority |
Default credentials
Exposed registration page |
e-Tugra |
Ian Carroll (@iangcarroll) |
Bug Bounty | 2022-11-17 | 2023-06-13 |
| 776 | Hacking Dutch Government-Broken Authentication To Full Website Takeover (P1) |
Exposed registration page |
Dutch Government |
V1dr4X |
Bug Bounty | 2022-11-26 | 2023-06-13 |
| 641 | Unauthorized Sign-up on Subdomain of Subdomain leading to Organization takeover worth $2000 |
Exposed registration page |
NA |
Manav Bankatwala (@ManavBankatwala) |
Bug Bounty | 2022-12-28 | 2023-06-13 |
| 196 | From Django Debug Mode to PII Data Leak of more than 500+ Employees due Broken Access Control and IDOR |
Debug mode enabled
IDOR
Information disclosure
JWT
Broken Access Control
Exposed registration page |
NA |
Aayush Vishnoi (@AayushVishnoi10) |
Bug Bounty | 2023-04-14 | 2023-06-13 |
