| 5112 | How I could have compromised any account on one of the biggest startup based in California |
Account takeover
IDOR
Password reset |
NA |
Prateek Tiwari (@prateek_0490) |
Bug Bounty | 2017-01-28 | 2023-06-13 |
| 4914 | Don%27t Trust the Host Header for Sending Password Reset Emails |
Password reset
Account takeover |
Mavenlink |
Jack Cable (@jackhcable) |
Bug Bounty | 2017-12-13 | 2023-06-13 |
| 4835 | #BugBounty — “Let me reset your password and login into your account “-How I was able to Compromise any User Account via Reset Password Functionality |
Logic flaw
Password reset
Account takeover |
NA |
Avinash Jain (@logicbomb_1) |
Bug Bounty | 2018-03-14 | 2023-06-13 |
| 4763 | How i HACKED admin account via password reset IDOR function of one private currency exchanger site |
IDOR
Account takeover
Password reset |
NA |
Aayush Pokhrel (@aayushpok) |
Bug Bounty | 2018-05-19 | 2023-06-13 |
| 4755 | #BugBounty — "How I was able to hack any user account via password reset?" |
IDOR
Account takeover
Password reset |
NA |
Bikash Gupta (@BgxDoc) |
Bug Bounty | 2018-05-23 | 2023-06-13 |
| 4729 | Full account Takeover via reset password function |
IDOR
Account takeover
Password reset |
NA |
Khaled Hassan |
Bug Bounty | 2018-06-12 | 2023-06-13 |
| 4721 | [Responsible disclosure] How I could have booked movie tickets through other user accounts |
Password reset
Account takeover
Bruteforce
OTP bypass |
AGS Cinemas |
Bharathvaj Ganesan |
Bug Bounty | 2018-06-18 | 2023-06-13 |
| 4712 | Account Take over via reset password |
Password reset
Account takeover |
NA |
Yasser Gersy (@yassergersy) |
Bug Bounty | 2018-06-25 | 2023-06-13 |
| 4699 | #BugBounty - Compromising User Account- "How I was able to compromise user account via HTTP Parameter Pollution(HPP)" |
HTTP parameter pollution
Password reset
Account takeover |
NA |
Avinash Jain (@logicbomb_1) |
Bug Bounty | 2018-07-07 | 2023-06-13 |
| 4651 | From data leak to account takeover |
Account takeover
Information disclosure
Password reset |
NA |
Antony Garand (@AntoGarand) |
Bug Bounty | 2018-08-07 | 2023-06-13 |
| 4649 | My First Critical Report |
Password reset
Account takeover |
NA |
Miguel Corral (@mcorral74) |
Bug Bounty | 2018-08-08 | 2023-06-13 |
| 4395 | Tokopedia Account Takeover Bug Worth 8 Million IDR |
Password reset
Account takeover |
Tokopedia |
Mukul Lohar (@ironfisto) |
Bug Bounty | 2018-12-24 | 2023-06-13 |
| 4385 | Tale of a Misconfiguration in Password Reset |
Password reset |
NA |
Shuaib Oladigbolu (@_sawzeeyy) |
Bug Bounty | 2018-12-30 | 2023-06-13 |
| 4250 | User Account Takeover [Password Change]— Nice Catch! |
Account takeover
Password reset |
NA |
Rohit kumar (@rohitcoder) |
Bug Bounty | 2019-03-14 | 2023-06-13 |
| 4080 | Password Reset Vulnerability — Full Account takeover (Insecure Direct Object Reference) |
Password reset
IDOR
Account takeover |
NA |
Muhammad Asim Shahzad (@protector47) |
Bug Bounty | 2019-06-22 | 2023-06-13 |
| 4032 | Account Takeover Vulnerability :) |
Password reset
Account takeover |
NA |
Sumit Jain (@sumit_cfe) |
Bug Bounty | 2019-07-17 | 2023-06-13 |
| 4016 | How I found the most critical bug in live bug bounty event? |
Password reset
Account takeover |
NA |
Lakshay (@inn0c3ntd3v1L) |
Bug Bounty | 2019-07-24 | 2023-06-13 |
| 4014 | Full Account Takeover via Changing Email And Password of any User through API Parameters |
IDOR
Password reset
Account takeover |
NA |
Adesh Nandkishor kolte (@AdeshKolte) |
Bug Bounty | 2019-07-26 | 2023-06-13 |
| 3970 | How I was able to earn 1000$ with just 10 minutes of bug bounty? |
Password reset |
NA |
Ninad Mathpati (@ninad_mathpati) |
Bug Bounty | 2019-08-17 | 2023-06-13 |
| 3954 | How I Hacked Instagram Again |
Password reset
Account takeover |
Meta / Facebook |
Laxman Muthiyah (@LaxmanMuthiyah) |
Bug Bounty | 2019-08-26 | 2023-06-13 |
| 3941 | Readme.com Account Takeover |
Password reset |
Readme.com |
Ankush Goel (@0xankush) |
Bug Bounty | 2019-09-05 | 2023-06-13 |
| 3929 | Pwn Them All #BugBounty |
Host header injection
Password reset |
NA |
Bilal Khan (@bilalmerokhel) |
Bug Bounty | 2019-09-11 | 2023-06-13 |
| 3770 | Account Takeover Through Password Reset Poisoning |
Password reset
Account takeover |
NA |
Vishal Bharad |
Bug Bounty | 2019-12-19 | 2023-06-13 |
| 3723 | How I discovered an interesting account takeover flaw? |
Account takeover
Password reset
Lack of rate limiting |
NA |
Akash Methani (@0xAkash) |
Bug Bounty | 2020-01-14 | 2023-06-13 |
| 3712 | Password Reset Token Leak Via Referrer |
Password reset
Information disclosure |
NA |
Shrey Shah (@ShreySh43332033) |
Bug Bounty | 2020-01-22 | 2023-06-13 |
