| 4323 | Detecting and exploiting mass-assignments in order to manipulate user columns and read private messages |
Mass assignment |
NA |
Paul (@padannewitz) |
Bug Bounty | 2019-02-05 | 2023-06-13 |
| 2831 | How I Gain Access to the Server Administration of a Million-Dollar Company |
Privilege escalation
Mass assignment |
NA |
Marx Chryz Del Mundo |
Bug Bounty | 2021-02-08 | 2023-06-13 |
| 2557 | Mass Assignment exploitation in the wild - Escalating privileges in style |
Mass assignment
Privilege escalation |
NA |
Gal Nagli (@naglinagli) |
Bug Bounty | 2021-05-14 | 2023-06-13 |
| 2486 | Story of Account Takeover : Using Social Login with Mass Assignment Vulnerability to hack accounts ! |
Mass assignment
Account takeover |
NA |
Mohammad Kaif |
Bug Bounty | 2021-06-13 | 2023-06-13 |
| 2465 | Accessing Restricted Documents With Extra JSON Body Content |
Mass assignment
Authorization flaw |
NA |
Imran Huda (@imranHudaA) |
Bug Bounty | 2021-06-18 | 2023-06-13 |
| 2324 | Simple HTML Injection to $250 |
Account takeover
Mass assignment |
NA |
Ahmad Halabi (@Ahmad_Halabi_) |
Bug Bounty | 2021-08-14 | 2023-06-13 |
| 1953 | One Click To Account Takeover |
Mass assignment |
NA |
M7.Arman (@ArmanSecurity) |
Bug Bounty | 2022-01-01 | 2023-06-13 |
| 1596 | [EN] Privileged account creation via Mass Assignment towards a full compromise using a Stored XSS |
Stored XSS
Mass assignment
Security code review |
pass Culture |
Aethlios (@AethliosIK) |
Bug Bounty | 2022-04-26 | 2023-06-13 |
| 1445 | Hacking into the worldwide Jacuzzi SmartTub network |
SPA
Android
JWT
Privilege escalation
Mass assignment |
Jacuzzi Group
SmartTub |
Eaton Z. (@XeEaton) |
Bug Bounty | 2022-06-20 | 2023-06-13 |
| 1414 | [BugBounty] how do I get a premium tier account without paying a penny |
Mass assignment
Payment bypass |
NA |
Marzuki (@aizack_ma) |
Bug Bounty | 2022-06-29 | 2023-06-13 |
| 1310 | Hunting For Mass Assignment Vulnerabilities Using GitHub CodeSearch and grep.app |
Mass assignment |
freeCodeCamp |
Laurence Tennant |
Bug Bounty | 2022-07-26 | 2023-06-13 |
| 1182 | Break the Logic: Insecure Parameters (€300) |
Parameter manipulation
Logic flaw
Mass assignment |
NA |
can1337 (@canmustdie) |
Bug Bounty | 2022-08-24 | 2023-06-13 |
| 1055 | Mass Assignment Leading to Pre Account Takeover |
Mass assignment |
NA |
Cyberali |
Bug Bounty | 2022-09-21 | 2023-06-13 |
| 715 | Privilege Escalation to remove the owner from the organization |
Privilege escalation
Mass assignment |
NA |
Hemant Kumar |
Bug Bounty | 2022-12-09 | 2023-06-13 |
| 621 | Web Hackers vs. The Auto Industry: Critical Vulnerabilities in Ferrari, BMW, Rolls Royce, Porsche, and More |
Account takeover
SSO
RCE
Authorization bypass
SQL injection
Mass assignment
Information disclosure |
Kia
Honda
Infiniti
Nissan
Acura
Mercedes-Benz
Hyundai
Genesis
BMW
Rolls Royce
Ferrari
Spireon
Ford
Reviver
Porsche
Toyota
Jaguar
Land Rover
SiriusXM |
Sam Curry (@samwcyo) |
Bug Bounty | 2023-01-03 | 2023-06-13 |
| 284 | Easy $$$ via API params manipulation leading to bypassing the email verification block |
Mass assignment
Email verification bypass |
NA |
Fares Walid (@SirBagoza) |
Bug Bounty | 2023-03-18 | 2023-06-13 |
| 119 | Mass Assignment leads to the victim’s account being inaccessible forever |
Mass assignment
Logic flaw |
NA |
Arman (@M7arm4n) |
Bug Bounty | 2023-05-05 | 2023-06-13 |
| 61 | From Response To Request, Adding Your Own Variables Inside Of GraphQL Queries For Account Take Over |
GraphQL
IDOR
Mass assignment |
NA |
Tom Neaves |
Bug Bounty | 2023-05-23 | 2023-06-13 |
