| 5059 | Godaddy XSS affects parked domains redirector/processor! |
Reflected XSS |
GoDaddy |
Mohamed A. Baset |
Bug Bounty | 2017-06-11 | 2023-06-13 |
| 5050 | Road to (unauthenticated) recovery: downloading GitHub SSO bypass codes |
Authorization flaw |
GitHub |
Yasin Soliman (@SecurityYasin) |
Bug Bounty | 2017-06-25 | 2023-06-13 |
| 3495 | DOM-Based XSS at accounts.google.com by Google Voice Extension. |
DOM XSS |
Google |
missoum1307 (@missoum1307) |
Bug Bounty | 2020-05-07 | 2023-06-13 |
| 3129 | Taking down the SSO, Account Takeover in the Websites of Kolesa due to Insecure JSONP Call |
Account takeover |
NA |
Yashar Shahinzadeh (@YShahinzadeh) |
Bug Bounty | 2020-09-28 | 2023-06-13 |
| 3111 | Research: The mass CSRFing of *.google.com/* products. |
CSRF |
Google |
Missoum Said (@missoum1307) |
Bug Bounty | 2020-10-07 | 2023-06-13 |
| 2768 | Stealing user passwords through a VPN’s SSO |
Open redirect
SSTI |
NA |
Alain Mowat (@plopz0r) |
Bug Bounty | 2021-02-25 | 2023-06-13 |
| 2618 | New Clubhouse Security Vulnerabilities Could Happen to Any Growing Unicorn |
Logic flaw |
Clubhouse |
Katie Moussouris (@k8em0) |
Bug Bounty | 2021-04-21 | 2023-06-13 |
| 1949 | The Story Of How I Bypass SSO Login |
Authentication bypass |
NA |
zer0d |
Bug Bounty | 2022-01-02 | 2023-06-13 |
| 1915 | XXE in SAML SSO Writeup - Bug Bounty |
XXE |
NA |
Aditya Singh / rook1337 (@imrook1337) |
Bug Bounty | 2022-01-16 | 2023-06-13 |
| 1894 | How I was able to take over accounts in websites deal with Github as an SSO provider |
Bruteforce
Lack of rate limiting
SSO
Email verification bypass
Account takeover |
NA |
Khaled Mohamed |
Bug Bounty | 2022-01-25 | 2023-06-13 |
| 1696 | Bug Bounty Adventures: A NodeBB 0-day |
CSRF
Account takeover
SSO
Authentication flaw |
Opera |
Marouane Mouhtadi (@Mar0_0uane) |
Bug Bounty | 2022-03-25 | 2023-06-13 |
| 1632 | Bypass Apple Corp SSO on Apple Admin Panel |
Path traversal |
Apple |
Stealthy (@stealthybugs) |
Bug Bounty | 2022-04-12 | 2023-06-13 |
| 1626 | Blinding Snort: Breaking The Modbus OT Preprocessor |
Memory corruption |
Cisco |
Claroty%27s Team82 (@Claroty) |
Bug Bounty | 2022-04-14 | 2023-06-13 |
| 1085 | Colorful Vulnerabilities |
Memory corruption
Buffer Overflow |
OpenRazer |
Tal Lossos (@TalLossos) |
Bug Bounty | 2022-09-14 | 2023-06-13 |
| 1023 | Exploits Explained: 5 Unusual Authentication Bypass Techniques |
Authentication bypass
JWT
CMS
SSO |
NA |
Ozgur Alp (@ozgur_bbh) |
Bug Bounty | 2022-09-28 | 2023-06-13 |
| 954 | Google SSO misconfiguration leading to Account Takeover |
Authentication bypass
Account takeover
SSO |
NA |
0x4KD (@0x4kd) |
Bug Bounty | 2022-10-14 | 2023-06-13 |
| 690 | Unprotected API endpoint at HAwebsso.nl leads to data leak of +15k medical doctor usernames & password hashes |
SSO
IDOR
Missing authentication |
HAwebsso.nl |
Jonathan Bouman (@JonathanBouman) |
Bug Bounty | 2022-12-14 | 2023-06-13 |
| 677 | Cengage LTI Session Management Leakage |
SSO
Session management issue |
Cengage |
Tony Porterfield |
Bug Bounty | 2022-12-20 | 2023-06-13 |
| 661 | Multiple authenticated blind SQL Injections in Sage XRT Business Exchange application |
Blind SQL injection |
Sage |
Mickaël Benassouli (@mickaelweb) |
Bug Bounty | 2022-12-21 | 2023-06-13 |
| 621 | Web Hackers vs. The Auto Industry: Critical Vulnerabilities in Ferrari, BMW, Rolls Royce, Porsche, and More |
Account takeover
SSO
RCE
Authorization bypass
SQL injection
Mass assignment
Information disclosure |
Kia
Honda
Infiniti
Nissan
Acura
Mercedes-Benz
Hyundai
Genesis
BMW
Rolls Royce
Ferrari
Spireon
Ford
Reviver
Porsche
Toyota
Jaguar
Land Rover
SiriusXM |
Sam Curry (@samwcyo) |
Bug Bounty | 2023-01-03 | 2023-06-13 |
| 571 | Azure Active Directory Flaw Allowed SAML Persistence |
Azure AD
SAML
SSO |
Microsoft (Azure) |
Secureworks Counter Threat Unit (@Secureworks) |
Bug Bounty | 2023-01-18 | 2023-06-13 |
| 503 | Discovering 5 XSS Vulnerabilities In a Simple Way With Xssor.go |
Reflected XSS |
NA |
Fares Walid (@SirBagoza) |
Bug Bounty | 2023-02-02 | 2023-06-13 |
| 497 | SSO Gadgets: Escalate (Self-)XSS to ATO |
SSO
OAuth
Account takeover
Self-XSS
Login CSRF |
NA |
Lauritz Holtmann (@_lauritz_) |
Bug Bounty | 2023-02-04 | 2023-06-13 |
| 458 | Hacking our way into internal DBs with hardcoded authentication keys |
JWT
SSO
Authentication bypass
Security misconfiguration |
NA |
Ophion Security (@OphionSecurity) |
Bug Bounty | 2023-02-13 | 2023-06-13 |
| 429 | Bypassing SSO Authentication from the Login Without Password Feature Lead to Account Takeover |
Account takeover
SSO
OTP
Authentication bypass |
NA |
Aidil Arief |
Bug Bounty | 2023-02-20 | 2023-06-13 |
