| 5243 | Flickr XSRF to Change Photo Details |
XSRF |
Flickr |
Abdullah Hussam (@Abdulahhusam) |
Bug Bounty | 2014-08-06 | 2023-06-13 |
| 5214 | Blind SQL Inejction [Hootsuite] |
Blind SQL injection |
Hootsuite |
Abdullah Hussam (@Abdulahhusam) |
Bug Bounty | 2015-08-01 | 2023-06-13 |
| 5213 | One Payload to XSS Them All! |
Flash XSS |
Adobe |
Abdullah Hussam (@Abdulahhusam) |
Bug Bounty | 2015-08-03 | 2023-06-13 |
| 5206 | Cloudflare WAF XSS |
XSS |
Cloudflare |
Abdullah Hussam (@Abdulahhusam) |
Bug Bounty | 2015-11-16 | 2023-06-13 |
| 5194 | How I Hacked [Oculus] OAuth +Ebay +IBM |
Unrestricted file upload
XSS |
Meta / Facebook
Ebay
IBM
AnswerHub |
Abdullah Hussam (@Abdulahhusam) |
Bug Bounty | 2016-02-12 | 2023-06-13 |
| 5164 | Medium Full Account Takeover By One Click |
XSS |
Medium |
Abdullah Hussam (@Abdulahhusam) |
Bug Bounty | 2016-06-23 | 2023-06-13 |
| 5136 | Vine Re-auth Bypass [Twitter Bug Bounty] |
Authentication flaw |
Twitter |
Abdullah Hussam (@Abdulahhusam) |
Bug Bounty | 2016-09-21 | 2023-06-13 |
| 5126 | Leak Private Videos [Vimeo Bug Bounty] |
Logic flaw
Authorization flaw |
Vimeo |
Abdullah Hussam (@Abdulahhusam) |
Bug Bounty | 2016-10-23 | 2023-06-13 |
| 5041 | Medium Content Spoofing Leads to XSS |
Content spoofing
Stored XSS |
Medium |
Abdullah Hussam (@Abdulahhusam) |
Bug Bounty | 2017-07-08 | 2023-06-13 |
| 4960 | Leaking Amazon.com CSRF Tokens Using Service Worker API |
CSRF |
Amazon |
Abdullah Hussam (@Abdulahhusam) |
Bug Bounty | 2017-10-11 | 2023-06-13 |
| 4832 | Leaking WordPress CSRF Tokens for Fun, $1337 bounty, and CVE-2017-5489 |
CSRF |
WordPress |
Abdullah Hussam (@Abdulahhusam) |
Bug Bounty | 2018-03-15 | 2023-06-13 |
| 4709 | Take Advantage of Out-of-Scope Domains in Bug Bounty Programs |
XSS |
NA |
Abdullah Hussam (@Abdulahhusam) |
Bug Bounty | 2018-06-27 | 2023-06-13 |
