| 4888 | How I got $13337 bounty From Google |
Weak credentials |
Google |
Sreeram KL (@kl_sree) |
Bug Bounty | 2018-01-18 | 2023-06-13 |
| 4751 | How i was able to get admin panel on a private program |
Weak credentials |
NA |
Shahzad Sadiq (@ShahzadSadiq25) |
Bug Bounty | 2018-05-29 | 2023-06-13 |
| 4693 | Attacking PostgreSQL Database |
Bruteforce
Weak credentials |
NA |
Vishnuraj |
Bug Bounty | 2018-07-16 | 2023-06-13 |
| 3385 | How I managed to Escalate privilege as admin |
Lack of rate limiting
Bruteforce
Weak credentials |
NA |
Abisheik Magesh (@AbisheikMagesh) |
Bug Bounty | 2020-06-16 | 2023-06-13 |
| 3373 | It took me only 5 minutes to find an RCE on Bentley |
RCE
Weak credentials |
Bentley |
Divyansh Sharma |
Bug Bounty | 2020-06-21 | 2023-06-13 |
| 3106 | Exploiting Admin Panel Like a Boss |
Authorization bypass
Weak credentials |
NA |
Shivam Kamboj Dattana (@sechunt3r) |
Bug Bounty | 2020-10-08 | 2023-06-13 |
| 2423 | Account Takeovers — Believe the Unbelievable |
Account takeover
Session management issue
Weak credentials
Components with known vulnerabilities
Password reset |
NA |
Nikhil (niks) (@niksthehacker) |
Bug Bounty | 2021-07-09 | 2023-06-13 |
| 2242 | Accessing Grofers Grafana Instance Using Shodan |
Weak credentials |
Grofers |
Lohith Gowda M (@lohigowda_in) |
Bug Bounty | 2021-09-08 | 2023-06-13 |
| 1734 | From Recon via Censys and DNSdumpster, to Getting P1 by Login Using Weak Password – “password” |
WAF bypass
Weak credentials |
NA |
YoKo Kho (@YokoAcc) |
Bug Bounty | 2022-03-14 | 2023-06-13 |
| 1603 | Adventures Into The MeowCorp Bug Bounty Program |
Information disclosure
Weak credentials
SSRF
.git folder disclosure
RCE |
NA |
Nirmal Thapa (@tnirmalz) |
Bug Bounty | 2022-04-21 | 2023-06-13 |
| 1508 | How to find & access Admin Panel by digging into JS files…🥰 |
Weak credentials
WAF bypass |
NA |
Ratnadip Gajbhiye (@scspcommunity) |
Bug Bounty | 2022-05-30 | 2023-06-13 |
| 1006 | Using Default Credential to Admin Account Takeover |
Weak credentials |
NA |
Rohit Kumar (Rohit_443) |
Bug Bounty | 2022-10-02 | 2023-06-13 |
| 906 | GL.iNET GL-MT300N-V2 Router Vulnerabilities and Hardware Teardown |
OS command injection
Arbitrary file read
Information disclosure
Account takeover
Stored XSS
Lack of rate limiting
Weak credentials
Password policy bypass |
GL.iNet |
Olivier Laflamme (@olivier_boschko) |
Bug Bounty | 2022-10-26 | 2023-06-13 |
| 874 | Chaining Multiple Vulnerabilities Leads to Remote Code Execution (RCE) on One of the Payment Service Companies. |
Exposed registration page
Exposed Jenkins instance
Weak credentials
RCE |
NA |
Rohit Soni (@streetofhacker) |
Bug Bounty | 2022-11-02 | 2023-06-13 |
| 604 | “2022: A Year of Fascinating Discoveries” |
CSRF
SSRF
Blind XSS
Password reset
Hyperlink injection
IDOR
Weak credentials
AWS misconfiguration |
NA |
dhakal_bibek (@dhakal__bibek) |
Bug Bounty | 2023-01-09 | 2023-06-13 |
| 163 | How careless default credentials impact to massive account takeover |
Authentication bypass
Account takeover
Weak credentials |
NA |
M Maulana Abdullah |
Bug Bounty | 2023-04-22 | 2023-06-13 |
