| 5249 | A Tale of 7 Vulnerabilities |
Stored XSS
Reflected XSS
Default credentials
Privilege escalation |
Paypal |
Patrik Fehrenbach (@ITSecurityguard) |
Bug Bounty | 2014-04-20 | 2023-06-13 |
| 4956 | How I hacked all the [REDACT] Agents accounts |
Default credentials |
NA |
Neeraj Sonaniya (@neeraj_sonaniya) |
Bug Bounty | 2017-10-17 | 2023-06-13 |
| 4646 | From TOMCAT to NT AUTHORITYSYSTEM |
Default credentials |
NA |
Rahul R |
Bug Bounty | 2018-08-09 | 2023-06-13 |
| 4019 | Pwning child company to get access to ParentCompany%27s Slack Team |
SQL injection
Default credentials |
NA |
Parth Malhotra (@Parth_Malhotra)< |
Bug Bounty | 2019-07-23 | 2023-06-13 |
| 3847 | A simple post auth bypass leads to unauthorized web server access |
Default credentials |
NA |
Hein Thant Zin (@H3Lowr) |
Bug Bounty | 2019-11-08 | 2023-06-13 |
| 3004 | SD-PWN Part 4 — VMware VeloCloud — The Last Takeover |
RCE
Authentication bypass
Default credentials
SQL injection
Path traversal
LFI |
VMware |
Realmode Labs (@RealmodeLabs) |
Bug Bounty | 2020-11-26 | 2023-06-13 |
| 2774 | Grafana Admin Panel bypass in Google Acquisition(VirusTotal) |
Default credentials |
Google |
Jayateertha Guruprasad (@JayateerthaG) |
Bug Bounty | 2021-02-22 | 2023-06-13 |
| 2403 | RCE via WebDav - Power Of PUT |
Default credentials
RCE |
NA |
Jerry Shah (@Jerry) |
Bug Bounty | 2021-07-18 | 2023-06-13 |
| 2283 | Bug Bounty: “My Remote Code Execution” |
Default credentials
RCE |
NA |
0xJin (@0xJin) |
Bug Bounty | 2021-08-29 | 2023-06-13 |
| 1897 | How I got access to 25+ Tesla’s around the world. By accident. And curiosity. |
Default credentials |
Tesla |
David Colombo (@david_colombo_) |
Bug Bounty | 2022-01-23 | 2023-06-13 |
| 1546 | Variant Cloud Analysis |
Default credentials |
NA |
jspin (@jespinhara) |
Bug Bounty | 2022-05-18 | 2023-06-13 |
| 1510 | DOMAIN ADMIN Compromise in 3 HOURS |
Default credentials |
NA |
popalltheshells |
Bug Bounty | 2022-05-29 | 2023-06-13 |
| 1502 | How I Mass hunt for Admin Panel Access…🤩 |
Default credentials |
Gemeente Delft (The City of Delft) |
Ratnadip Gajbhiye (@scspcommunity) |
Bug Bounty | 2022-06-02 | 2023-06-13 |
| 1500 | How Attacker could have suffocated the company staff |
Default credentials |
NA |
Muhammad Abdullah |
Bug Bounty | 2022-06-05 | 2023-06-13 |
| 878 | How I Get 5x Swag From Sony |
DOM XSS
Directory listing
Default credentials
Information disclosure |
Sony |
Naeem Ahmed Sayed (@0xNaeem) |
Bug Bounty | 2022-11-02 | 2023-06-13 |
| 816 | Security concerns with the e-Tugra certificate authority |
Default credentials
Exposed registration page |
e-Tugra |
Ian Carroll (@iangcarroll) |
Bug Bounty | 2022-11-17 | 2023-06-13 |
| 624 | Access to page with default credentials that require authenticate $$$. |
Default credentials |
NA |
Adham sayed (doosec101) |
Bug Bounty | 2023-01-03 | 2023-06-13 |
| 477 | Exploits Explained: Default Credentials Still a Problem Today |
Default credentials |
NA |
Popeax |
Bug Bounty | 2023-02-09 | 2023-06-13 |
| 321 | Default Credentials on Sony- Swag Time |
Hardcoded credentials
Information disclosure |
Sony |
Arman (@M7arm4n) |
Bug Bounty | 2023-03-10 | 2023-06-13 |
| 265 | How I escalated default credentials to Remote Code Execution |
Default credentials
RCE |
NA |
Pawan Chhabria (@heybenchmarkkk) |
Bug Bounty | 2023-03-26 | 2023-06-13 |
| 163 | How careless default credentials impact to massive account takeover |
Authentication bypass
Account takeover
Weak credentials |
NA |
M Maulana Abdullah |
Bug Bounty | 2023-04-22 | 2023-06-13 |
| 128 | Accessing Admin Dashboard in 5 seconds: Hall of Fame. |
Default credentials |
NA |
Sumedh Dawadi |
Bug Bounty | 2023-05-03 | 2023-06-13 |
| 77 | How Misconfigured and Vulnerable Devices Could Expose Your Company to Physical and Cyber Threats |
IoT
Default credentials
Internal pentest |
NA |
Arben Shala (@arbennsh) |
Bug Bounty | 2023-05-18 | 2023-06-13 |
