| 2555 | How to prevent more than 200 million users from using Google services |
Logic flaw |
Google |
Omar Hashem (@OmarHashem666) |
Bug Bounty | 2021-05-16 | 2023-06-13 |
| 1113 | How I found 3 RXSS on the Lululemon bug bounty program |
XSS |
lululemon |
Omar Hashem (@OmarHashem666) |
Bug Bounty | 2022-09-07 | 2023-06-13 |
| 1081 | How I abused the file upload function to get a high severity vulnerability in Bug Bounty |
Unrestricted file upload
Information disclosure |
NA |
Omar Hashem (@OmarHashem666) |
Bug Bounty | 2022-09-14 | 2023-06-13 |
| 1049 | How I Found Multiple SQL Injections in 5 Minutes in Bug Bounty |
SQL injection |
NA |
Omar Hashem (@OmarHashem666) |
Bug Bounty | 2022-09-22 | 2023-06-13 |
| 1015 | Orange Arbitrary Command Execution |
RCE
Docker daemon misconfiguration
Missing authentication |
Orange |
Omar Hashem (@OmarHashem666) |
Bug Bounty | 2022-09-29 | 2023-06-13 |
| 990 | Full Company Building Takeover |
Information disclosure |
NA |
Omar Hashem (@OmarHashem666) |
Bug Bounty | 2022-10-06 | 2023-06-13 |
| 685 | CVE-2022-42710: A journey through XXE to Stored-XSS |
Stored XSS
XXE
Security code review |
Linear |
Omar Hashem (@OmarHashem666) |
Bug Bounty | 2022-12-16 | 2023-06-13 |
| 635 | CVE-2022-38627: A journey through SQLite Injection to compromise the whole enterprise building |
SQL injection |
NA |
Omar Hashem (@OmarHashem666) |
Bug Bounty | 2022-12-30 | 2023-06-13 |
| 468 | HubSpot Full Account Takeover in Bug Bounty |
Account takeover
Hyperlink injection
Password reset |
HubSpot |
Omar Hashem (@OmarHashem666) |
Bug Bounty | 2023-02-11 | 2023-06-13 |
