| 5316 | Stored Cross-Site Scripting (XSS) via DNS Record Poisoning |
XSS
Stored XSS |
Rengine |
Touhid M Shaikh |
Bug Bounty | 2024-08-23 | 2024-08-27 |
| 5299 | OWASP TOP 10-2021: ARRIVAL OF NEW RISKS |
Web Application Security |
OWASP |
Aswin Govind |
CheatSheet | 2021-10-05 | 2024-01-31 |
| 5297 | PWK/PEN-200 OSCP Preparation Roadmap |
OSCP |
OSCP |
Ishaq Mohammed |
Certification Journey Writeup | 2018-06-04 | 2024-01-31 |
| 5290 | Facebook XSS via Cross-Origin Resource Sharing |
XSS |
Meta / Facebook |
Matt Austin (@mattaustin) |
Bug Bounty | 2010-07-06 | 2023-06-13 |
| 5284 | Framing, Part 1: Click-Jacking Etsy |
Clickjacking |
Etsy |
Jack Whitton (@fin1te) |
Bug Bounty | 2013-02-05 | 2023-06-13 |
| 5277 | Amazon packaging feedback cross-site scripting vulnerability |
XSS |
Amazon |
Bitquark (@bitquark) |
Bug Bounty | 2013-07-03 | 2023-06-13 |
| 5276 | Admob creative image cross-site scripting vulnerability |
XSS |
Google |
Bitquark (@bitquark) |
Bug Bounty | 2013-07-19 | 2023-06-13 |
| 5272 | Delete any Photo from Facebook by Exploiting Support Dashboard - $12,500 Bug |
IDOR |
Meta / Facebook |
Arul Kumar (@ArulVaiyapuri) |
Bug Bounty | 2013-09-01 | 2023-06-13 |
| 5270 | PayPal Bug Bounty: PayPaltech.com E-Mail Injection |
Email injection |
Paypal |
Julien Ahrens (@MrTuxracer) |
Bug Bounty | 2013-09-26 | 2023-06-13 |
| 5264 | Instagram%27s One-Click Privacy Switch |
CSRF |
Meta / Facebook |
Jack Whitton (@fin1te) |
Bug Bounty | 2013-10-31 | 2023-06-13 |
| 5244 | Facebook – Stored Cross-Site Scripting (XSS) – Badges |
Stored XSS |
Meta / Facebook |
Brett Buerhaus (@bbuerhaus) |
Bug Bounty | 2014-06-16 | 2023-06-13 |
| 5241 | Step-by-step: exploiting SQL injection(s) in Oculus%27 website. |
SQL injection |
Meta / Facebook |
Josip Franjkovic (@josipfranjkovic) |
Bug Bounty | 2014-09-05 | 2023-06-13 |
| 5232 | AliExpress XSS vulnerability - take over any seller account |
XSS |
Alibaba |
Barak Tawily (@quitten11) |
Bug Bounty | 2014-12-10 | 2023-06-13 |
| 5225 | admin.google.com Reflected Cross-Site Scripting (XSS) |
Reflected XSS |
Google |
Brett Buerhaus (@bbuerhaus) |
Bug Bounty | 2015-01-21 | 2023-06-13 |
| 5221 | Telegram App Store Secret-Chat Messages in Plain-Text Database |
Privacy issue
Information disclosure |
Telegram |
Jon Paterson (@shellprompt) |
Bug Bounty | 2015-02-23 | 2023-06-13 |
| 5211 | CVE-2014-7216: A Journey Through Yahoo’s Bug Bounty Program |
Buffer Overflow
Memory corruption |
Yahoo! / Verizon Media |
Julien Ahrens (@MrTuxracer) |
Bug Bounty | 2015-09-03 | 2023-06-13 |
| 5210 | XSS to RCE in ... |
XSS
RCE |
NA |
Neil Hakuna Matatall (@ndm) |
Bug Bounty | 2015-09-08 | 2023-06-13 |
| 5197 | XSS without HTML: Client-Side Template Injection with AngularJS |
CSTI
XSS |
Google |
Gareth Heyes (@garethheyes) |
Bug Bounty | 2016-01-27 | 2023-06-13 |
| 5196 | How I got access to millions of [redacted] accounts |
RFI |
NA |
Bitquark (@bitquark) |
Bug Bounty | 2016-02-09 | 2023-06-13 |
| 5189 | Uber Bug Bounty: Turning Self-XSS into Good-XSS |
XSS |
Uber |
Jack Whitton (@fin1te) |
Bug Bounty | 2016-03-22 | 2023-06-13 |
| 5183 | ESEA Server-Side Request Forgery and Querying AWS Meta Data |
SSRF |
ESEA |
Brett Buerhaus (@bbuerhaus) |
Bug Bounty | 2016-04-18 | 2023-06-13 |
| 5170 | InstaBrute: Two Ways to Brute-force Instagram Account Credentials |
Bruteforce
Username enumeration |
Meta / Facebook |
Arne Swinnen (@ArneSwinnen) |
Bug Bounty | 2016-05-19 | 2023-06-13 |
| 5162 | TopCoder.com Vulnerabilities – A tail of site-wide bugs leads to accounts compromise & payments hijacking |
CSRF
Account takeover |
Topcoder.com |
Mohamed A. Baset |
Bug Bounty | 2016-06-28 | 2023-06-13 |
| 5157 | Twitter%27s Vine Source code dump - $10080 |
Source code disclosure
Information disclosure |
Twitter |
avicoder (@avicoder) |
Bug Bounty | 2016-07-22 | 2023-06-13 |
| 5156 | How we broke PHP, hacked Pornhub and earned $20,000 |
RCE
Memory corruption
Use-After-Free |
PornHub |
Ruslan Habalov (@evonide) |
Bug Bounty | 2016-07-23 | 2023-06-13 |
