| 3018 | Server Side Misconfigurartion - A Funny Fix |
Information disclosure |
Basecamp |
Jerry Shah (@Jerry) |
Bug Bounty | 2020-11-18 | 2023-06-13 |
| 2984 | RCE via LFI Log Poisoning - The Death Potion |
RCE
LFI
Log poisoning |
NA |
Jerry Shah (@Jerry) |
Bug Bounty | 2020-12-06 | 2023-06-13 |
| 2904 | CSRF with IDOR - A Deadly Combo |
CSRF
IDOR |
NA |
Jerry Shah (@Jerry) |
Bug Bounty | 2021-01-12 | 2023-06-13 |
| 2828 | Duplicate Registration - The Twinning Twins |
Account takeover
Authentication flaw |
NA |
Jerry Shah (@Jerry) |
Bug Bounty | 2021-02-08 | 2023-06-13 |
| 2766 | Account Takeover - Smoking with null’ |
Account takeover
Authentication flaw |
NA |
Jerry Shah (@Jerry) |
Bug Bounty | 2021-02-26 | 2023-06-13 |
| 2700 | Cross Site Port Attack - A Stranger’s Call |
XSPA |
NA |
Jerry Shah (@Jerry) |
Bug Bounty | 2021-03-21 | 2023-06-13 |
| 2633 | XSS via Exif Data - The P2 Elevator |
Stored XSS |
NA |
Jerry Shah (@Jerry) |
Bug Bounty | 2021-04-18 | 2023-06-13 |
| 2505 | Server Side Request Forgery - A Forged Document |
SSRF
File upload |
NA |
Jerry Shah (@Jerry) |
Bug Bounty | 2021-06-03 | 2023-06-13 |
| 2482 | Blind Command Injection - It hurts |
Command injection
RCE |
NA |
Jerry Shah (@Jerry) |
Bug Bounty | 2021-06-14 | 2023-06-13 |
| 2450 | PII Leakage - Revealing Secrets |
Information disclosure |
NA |
Jerry Shah (@Jerry) |
Bug Bounty | 2021-06-25 | 2023-06-13 |
| 2403 | RCE via WebDav - Power Of PUT |
Default credentials
RCE |
NA |
Jerry Shah (@Jerry) |
Bug Bounty | 2021-07-18 | 2023-06-13 |
| 2251 | Business Logic Errors - Must Vote |
Logic flaw |
NA |
Jerry Shah (@Jerry) |
Bug Bounty | 2021-09-05 | 2023-06-13 |
| 2144 | Business Logic Errors - A Logic Destruction |
Logic flaw |
NA |
Jerry Shah (@Jerry) |
Bug Bounty | 2021-10-17 | 2023-06-13 |
| 2003 | Open Redirection - QR Code Magic |
Open redirect |
NA |
Jerry Shah (@Jerry) |
Bug Bounty | 2021-12-11 | 2023-06-13 |
| 1942 | SQL Injection - The File Upload Playground |
Unrestricted file upload
SQL injection |
NA |
Jerry Shah (@Jerry) |
Bug Bounty | 2022-01-04 | 2023-06-13 |
| 1824 | Broken Link Hijacking - Mr. User-Agent |
Broken link hijacking |
NA |
Jerry Shah (@Jerry) |
Bug Bounty | 2022-02-13 | 2023-06-13 |
| 1722 | Parameter Pollution - Zero Day |
HTTP parameter pollution |
Discourse |
Jerry Shah (@Jerry) |
Bug Bounty | 2022-03-17 | 2023-06-13 |
| 1636 | XSS - The LocalStorage Robbery |
XSS |
NA |
Jerry Shah (@Jerry) |
Bug Bounty | 2022-04-12 | 2023-06-13 |
| 1579 | Business Logic Errors - Art of Testing Cards |
Payment bypass
Logic flaw |
NA |
Jerry Shah (@Jerry) |
Bug Bounty | 2022-05-04 | 2023-06-13 |
| 1307 | HTTP Parameter Pollution - It’s Contaminated Again |
HTTP parameter pollution
Rate limiting bypass |
NA |
Jerry Shah (@Jerry) |
Bug Bounty | 2022-07-26 | 2023-06-13 |
| 735 | Account Takeover - Inside The Tenant |
Account takeover
Information disclosure |
NA |
Jerry Shah (@Jerry) |
Bug Bounty | 2022-12-03 | 2023-06-13 |
| 570 | API Misconfiguration - No Swag of SwaggerUI |
Security misconfiguration
Privilege escalation |
NA |
Jerry Shah (@Jerry) |
Bug Bounty | 2023-01-19 | 2023-06-13 |
| 505 | IDOR - Inside the Session Storage |
IDOR |
NA |
Jerry Shah (@Jerry) |
Bug Bounty | 2023-02-02 | 2023-06-13 |
| 297 | LFI - An Interesting Tweak |
LFI |
NA |
Jerry Shah (@Jerry) |
Bug Bounty | 2023-03-15 | 2023-06-13 |
| 217 | SQL Wildcard DoS - Hang Till Death |
DoS
File upload |
NA |
Jerry Shah (@Jerry) |
Bug Bounty | 2023-04-08 | 2023-06-13 |
