| 5196 | How I got access to millions of [redacted] accounts |
RFI |
NA |
Bitquark (@bitquark) |
Bug Bounty | 2016-02-09 | 2023-06-13 |
| 5192 | Hacking Magento eCommerce For Fun And 17.000 USD |
Information disclosure
LFI
RFI |
Adobe |
Egidio Romano / EgiX |
Bug Bounty | 2016-03-03 | 2023-06-13 |
| 5168 | Popping the Pornhub Cherry |
Information disclosure |
PornHub |
Andy Gill (@ZephrFish) |
Bug Bounty | 2016-06-07 | 2023-06-13 |
| 5152 | CSV Injection -> Meterpreter on Pornhub |
CSV injection |
PornHub |
Andy Gill (@ZephrFish) |
Bug Bounty | 2016-07-29 | 2023-06-13 |
| 5134 | Persisting on Pornhub |
Stored XSS |
PornHub |
Andy Gill (@ZephrFish) |
Bug Bounty | 2016-09-23 | 2023-06-13 |
| 5132 | gif it time it%27ll come to you - Finding More Holes in The Hub |
XSS |
PornHub |
Andy Gill (@ZephrFish) |
Bug Bounty | 2016-10-01 | 2023-06-13 |
| 5022 | May the Shells be with You - A Star Wars RCE Adventure! |
RCE |
NA |
Andy Gill (@ZephrFish) |
Bug Bounty | 2017-07-22 | 2023-06-13 |
| 4741 | How I Hacked Fotor & Got “Nothing” |
SSRF
RFI |
Fotor |
Somdev Sangwan (s0md3v) |
Bug Bounty | 2018-06-01 | 2023-06-13 |
| 4126 | The Unusual Case of Status code- 301 Redirection to AWS Security Credentials Compromise |
SSRF
RFI |
NA |
Avinash Jain (@logicbomb_1) |
Bug Bounty | 2019-06-02 | 2023-06-13 |
| 4065 | How I escalated RFI into LFI |
RFI
LFI |
NA |
Hassan Khan Yusufzai (@Splint3r7) |
Bug Bounty | 2019-07-01 | 2023-06-13 |
| 3111 | Research: The mass CSRFing of *.google.com/* products. |
CSRF |
Google |
Missoum Said (@missoum1307) |
Bug Bounty | 2020-10-07 | 2023-06-13 |
| 1225 | URL filter bypass, RFI and XSS |
Stored XSS
RFI |
NA |
Bartłomiej Bergier (@_bergee_) |
Bug Bounty | 2022-08-14 | 2023-06-13 |
| 1053 | Tarfile: Exploiting the World With a 15-Year-Old Vulnerability |
Path traversal |
Python |
Kasimir Schulz (@Abraxus7331) |
Bug Bounty | 2022-09-21 | 2023-06-13 |
| 1050 | Tarfile: Exploiting the World With a 15-Year-Old Vulnerability |
Path traversal |
Python |
Kasimir Schulz (@Abraxus7331) |
Bug Bounty | 2022-09-21 | 2023-06-13 |
| 701 | CVE-2022-20942: It%27s not old functionality, it%27s vintage |
Information disclosure |
Cisco |
Silver Security (@SugarFiendSec) |
Bug Bounty | 2022-12-13 | 2023-06-13 |
| 677 | Cengage LTI Session Management Leakage |
SSO
Session management issue |
Cengage |
Tony Porterfield |
Bug Bounty | 2022-12-20 | 2023-06-13 |
| 648 | How I found multiple critical bugs in Red Bull |
Authentication bypass
HTTP response manipulation
Path traversal
LFI
XSS
SQL injection
RCE
Unrestricted file upload
RFI
Security code review |
Red Bull |
Bartłomiej Bergier (@_bergee_) |
Bug Bounty | 2022-12-26 | 2023-06-13 |
| 286 | Remote code execution in BIRT Viewer ≤ 4.12.0 (CVE-2023-0100) |
RCE
RFI
URL validation bypass
Security code review |
Eclipse Foundation |
Louis Wolfers (@TG91aXMK) |
Bug Bounty | 2023-03-17 | 2023-06-13 |
| 267 | Hacking AI: System and Cloud Takeover via MLflow Exploit |
LFI
RFI
RCE |
MLflow |
Dan McInerney (@DanHMcInerney) |
Bug Bounty | 2023-03-25 | 2023-06-13 |
