| 2177 | Privilege Escalation to stored XSS |
Privilege escalation
HTTP response manipulation
Stored XSS |
NA |
Rohit Kumar (Rohit_443) |
Bug Bounty | 2021-10-01 | 2023-06-13 |
| 2014 | Another Admin panel |
HTTP response manipulation
Authentication bypass |
NA |
Rizwan_siddiqui (@Rizwan_SiDdiqu1) |
Bug Bounty | 2021-12-08 | 2023-06-13 |
| 1483 | My first CVE-2022–31289 |
Authentication bypass
403 bypass
HTTP response manipulation |
Sonatype |
Praveen Mali (@pmmali_) |
Bug Bounty | 2022-06-11 | 2023-06-13 |
| 1472 | 500$ Account Takeover |
Account takeover
Information disclosure
HTTP response manipulation |
Xsolla |
Hemant Kumar |
Bug Bounty | 2022-06-14 | 2023-06-13 |
| 1403 | Vertical Privilege Escalation: The user can takeover an admin account via response manipulation |
Privilege escalation
HTTP response manipulation |
NA |
Jan Muhammad Zaidi (@hasanakajan) |
Bug Bounty | 2022-07-02 | 2023-06-13 |
| 1390 | Account Takeover via Response Manipulation |
Authentication bypass
Account takeover
MFA bypass
HTTP response manipulation |
NA |
BUG HUNTER |
Bug Bounty | 2022-07-08 | 2023-06-13 |
| 1281 | Hijacking email with Cloudflare Email Routing |
HTTP response manipulation
Privilege escalation |
NA |
Albert Pedersen (@AlbertSPedersen) |
Bug Bounty | 2022-08-03 | 2023-06-13 |
| 1004 | My First And Second Bugs Are — 2FA Bypass |
MFA bypass
HTTP response manipulation
Information disclosure |
NA |
Jai Niresh J |
Bug Bounty | 2022-10-03 | 2023-06-13 |
| 650 | Authentication Bypass in Nexus manager (version 3.37.3–02) |
Components with known vulnerabilities
Authentication bypass
HTTP response manipulation |
NA |
SHARAN.K |
Bug Bounty | 2022-12-26 | 2023-06-13 |
| 648 | How I found multiple critical bugs in Red Bull |
Authentication bypass
HTTP response manipulation
Path traversal
LFI
XSS
SQL injection
RCE
Unrestricted file upload
RFI
Security code review |
Red Bull |
Bartłomiej Bergier (@_bergee_) |
Bug Bounty | 2022-12-26 | 2023-06-13 |
| 390 | The Tale of a Command Injection by Changing the Logo |
RCE
OS command injection
Unrestricted file upload
Directory listing
HTTP response manipulation |
NA |
0xrz (@omidxrz) |
Bug Bounty | 2023-02-26 | 2023-06-13 |
| 361 | Upgrade plan from Free to Paid via Response Manipulation |
Payment bypass
HTTP response manipulation |
NA |
Ibrahim Radi (@ibraradi9) |
Bug Bounty | 2023-03-03 | 2023-06-13 |
| 336 | [Account Takeover] Don’t Send a Message to anyone Before Reading This [External Audit] |
HTTP response manipulation
Authentication bypass
Account takeover |
NA |
Vipul Sahu |
Bug Bounty | 2023-03-07 | 2023-06-13 |
| 320 | Improper Authentication in Android App |
Logic flaw
Authentication flaw
HTTP response manipulation |
NA |
oXnoOneXo |
Bug Bounty | 2023-03-10 | 2023-06-13 |
| 290 | How I chained multiple High-impact vulnerabilities to create a critical one. |
Account takeover
IDOR
OTP bypass
HTTP response manipulation |
NA |
Vinay Jagetiya (@princej_76) |
Bug Bounty | 2023-03-17 | 2023-06-13 |
