| 4898 | #BugBounty — How I was able to read chat of users in an Online travel portal |
IDOR |
NA |
Avinash Jain (@logicbomb_1) |
Bug Bounty | 2018-01-10 | 2023-06-13 |
| 4896 | #BugBounty — How I was able to delete anyone’s account in an Online Car Rental Company |
CSRF
Parameter tampering |
NA |
Avinash Jain (@logicbomb_1) |
Bug Bounty | 2018-01-14 | 2023-06-13 |
| 4893 | #BugBounty — AWS S3 added to my “Bucket” list! |
AWS misconfiguration |
NA |
Avinash Jain (@logicbomb_1) |
Bug Bounty | 2018-01-16 | 2023-06-13 |
| 4884 | #BugBounty @ Linkedln-How I was able to bypass Open Redirection Protection |
Open redirect |
LinkedIn |
Avinash Jain (@logicbomb_1) |
Bug Bounty | 2018-01-24 | 2023-06-13 |
| 4871 | #BugBounty — "I don%27t need your current password to login into your account" - How could I completely takeover any user%27s account in an online classified ads company. |
Authentication bypass |
NA |
Avinash Jain (@logicbomb_1) |
Bug Bounty | 2018-02-03 | 2023-06-13 |
| 4861 | #BugBounty — “How I was able to shop for free!”- Payment Price Manipulation |
Parameter tampering
Payment tampering |
NA |
Avinash Jain (@logicbomb_1) |
Bug Bounty | 2018-02-11 | 2023-06-13 |
| 4857 | #BugBounty — Exploiting CRLF Injection can lands into a nice bounty |
CRLF injection |
NA |
Avinash Jain (@logicbomb_1) |
Bug Bounty | 2018-02-17 | 2023-06-13 |
| 4847 | #BugBounty — API keys leakage, Source code disclosure in India’s largest e-commerce health care company. |
Path traversal |
NA |
Avinash Jain (@logicbomb_1) |
Bug Bounty | 2018-02-25 | 2023-06-13 |
| 4842 | #BugBounty — How I could book cab using your wallet money in India’s largest auto transportation company! |
OTP bypass |
NA |
Avinash Jain (@logicbomb_1) |
Bug Bounty | 2018-03-05 | 2023-06-13 |
| 4835 | #BugBounty — “Let me reset your password and login into your account “-How I was able to Compromise any User Account via Reset Password Functionality |
Logic flaw
Password reset
Account takeover |
NA |
Avinash Jain (@logicbomb_1) |
Bug Bounty | 2018-03-14 | 2023-06-13 |
| 4829 | #BugBounty — Rewarded by securing vulnerabilities in Bookmyshow (India’s largest online movie & event booking portal) |
Host header injection
IDOR |
BookMyShow |
Avinash Jain (@logicbomb_1) |
Bug Bounty | 2018-03-25 | 2023-06-13 |
| 4816 | #BugBounty — ” Your details are saved into my account”-User info disclosure Vulnerability in Practo (India’s biggest healthcare app) |
IDOR |
NA |
Avinash Jain (@logicbomb_1) |
Bug Bounty | 2018-04-05 | 2023-06-13 |
| 4791 | #BugBounty — "Journey from LFI to RCE!!!"-How I was able to get the same in one of the India’s popular property buy/sell company. |
LFI
RCE |
NA |
Avinash Jain (@logicbomb_1) |
Bug Bounty | 2018-04-19 | 2023-06-13 |
| 4780 | #BugBounty — How I was able to bypass firewall to get RCE and then went from server shell to get root user account! |
RCE |
NA |
Avinash Jain (@logicbomb_1) |
Bug Bounty | 2018-04-29 | 2023-06-13 |
| 4736 | #BugBounty —" Database hacked of India’s Popular Sports company"-Bypassing Host Header to SQL injection to dumping Database — An unusual case of SQL injection. |
SQL injection |
NA |
Avinash Jain (@logicbomb_1) |
Bug Bounty | 2018-06-06 | 2023-06-13 |
| 4699 | #BugBounty - Compromising User Account- "How I was able to compromise user account via HTTP Parameter Pollution(HPP)" |
HTTP parameter pollution
Password reset
Account takeover |
NA |
Avinash Jain (@logicbomb_1) |
Bug Bounty | 2018-07-07 | 2023-06-13 |
| 4662 | #BugBounty — @Paytm Customer Information is at risk — India’s largest digital wallet company |
IDOR |
Paytm |
Avinash Jain (@logicbomb_1) |
Bug Bounty | 2018-08-03 | 2023-06-13 |
| 4607 | #BugBounty — How Naaptol (India’s popular home shopping company) Kept their Millions of User Data at Risk! |
IDOR |
Naaptol |
Avinash Jain (@logicbomb_1) |
Bug Bounty | 2018-09-07 | 2023-06-13 |
| 4563 | #BugBounty — From finding Jenkins instance to Command Execution.Secure your Jenkins Instance! |
RCE
Exposed Jenkins instance |
NA |
Avinash Jain (@logicbomb_1) |
Bug Bounty | 2018-09-27 | 2023-06-13 |
| 4509 | #BugBounty — How I was able to download the Source Code of India’s Largest Telecom Service Provider including dozens of more popular websites! |
.git folder disclosure
Source code disclosure |
NA |
Avinash Jain (@logicbomb_1) |
Bug Bounty | 2018-10-27 | 2023-06-13 |
| 4446 | IRCTC — Millions of Passenger Details left at huge risk! |
Information disclosure
Lack of rate limiting |
IRCTC |
Avinash Jain (@logicbomb_1) |
Bug Bounty | 2018-11-28 | 2023-06-13 |
| 4416 | #BugBounty — “User Account Takeover-I just need your email id to login into your shopping portal account” |
OAuth
Authentication bypass
Account takeover |
NA |
Avinash Jain (@logicbomb_1) |
Bug Bounty | 2018-12-13 | 2023-06-13 |
| 4280 | Chain of hacks leading to Database Compromise! |
LFI
SSRF |
NA |
Avinash Jain (@logicbomb_1) |
Bug Bounty | 2019-02-23 | 2023-06-13 |
| 4180 | The journey of Web Cache + Firewall Bypass to SSRF to AWS credentials compromise! |
LFI
SSRF
WAF bypass
Cloudflare bypass |
NA |
Avinash Jain (@logicbomb_1) |
Bug Bounty | 2019-04-25 | 2023-06-13 |
| 4126 | The Unusual Case of Status code- 301 Redirection to AWS Security Credentials Compromise |
SSRF
RFI |
NA |
Avinash Jain (@logicbomb_1) |
Bug Bounty | 2019-06-02 | 2023-06-13 |
