| 4301 | Bypassing rate limit abusing misconfiguration rules |
Rate limiting bypass |
NA |
Daniel V. (@d4niel_v) |
Bug Bounty | 2019-02-15 | 2023-06-13 |
| 4268 | Fixed : Brute-force Instagram account’s passwords |
Bruteforce
Rate limiting bypass |
Meta / Facebook |
Sameer Rao |
Bug Bounty | 2019-03-05 | 2023-06-13 |
| 4043 | How I Could Have Hacked Any Instagram Account |
Race condition
Rate limiting bypass |
Meta / Facebook |
Laxman Muthiyah (@LaxmanMuthiyah) |
Bug Bounty | 2019-07-14 | 2023-06-13 |
| 3695 | 2FA Bypass via Logical Rate Limiting Bypass |
MFA bypass
Logic flaw |
NA |
Jeppe Bonde Weikop |
Bug Bounty | 2020-01-30 | 2023-06-13 |
| 3550 | Bounty Tip !! Easiest way to bypass API’s Rate Limit. |
Rate limiting bypass |
NA |
Shaurya Sharma (@ShauryaSharma05) |
Bug Bounty | 2020-04-14 | 2023-06-13 |
| 3069 | Rate Limit Bypassing Allowing Identity Spoofing |
Rate limiting bypass
OTP bypass |
NA |
Mohamed Talaat (@T4144t) |
Bug Bounty | 2020-10-29 | 2023-06-13 |
| 2999 | Chaining Multiple Requests to Achieve Rate Limiting Vulnerabilities |
Rate limiting bypass |
NA |
Ahmad Halabi (@Ahmad_Halabi_) |
Bug Bounty | 2020-11-29 | 2023-06-13 |
| 2695 | Bypass rate limit to enumeration users through Google Drive |
Rate limiting bypass |
Google |
Abdullah Mohamed (@3bodymo_) |
Bug Bounty | 2021-03-24 | 2023-06-13 |
| 2591 | Password reset code brute-force vulnerability in AWS Cognito |
Password reset
Bruteforce
Rate limiting bypass
Account takeover |
AWS |
Pentagrid (@pentagridsec) |
Bug Bounty | 2021-04-30 | 2023-06-13 |
| 2461 | How I Found A Vulnerability To Hack iCloud Accounts and How Apple Reacted To It |
Account takeover
MFA bypass
Rate limiting bypass
Race condition |
Apple |
Laxman Muthiyah (@laxmanmuthiyah) |
Bug Bounty | 2021-06-19 | 2023-06-13 |
| 2418 | Trick to bypass rate limit of password reset functionality |
Rate limiting bypass |
NA |
Abdulrahman-Kamel |
Bug Bounty | 2021-07-12 | 2023-06-13 |
| 2316 | Confirming any new Email Address bug in Facebook (Part-4) |
Rate limiting bypass |
Meta / Facebook |
Lokesh Kumar (@lokeshdlk77) |
Bug Bounty | 2021-08-17 | 2023-06-13 |
| 2127 | How I was able to revoke your Instagram 2FA |
Bruteforce
Rate limiting bypass |
Meta / Facebook |
Dhiyaneshwaran (@DhiyaneshDK) |
Bug Bounty | 2021-10-23 | 2023-06-13 |
| 1627 | Bypass Rate Limit — A blank space leads to this random encounter! |
Password reset
Rate limiting bypass |
NA |
Roxst4r (@mveswar98) |
Bug Bounty | 2022-04-14 | 2023-06-13 |
| 1307 | HTTP Parameter Pollution - It’s Contaminated Again |
HTTP parameter pollution
Rate limiting bypass |
NA |
Jerry Shah (@Jerry) |
Bug Bounty | 2022-07-26 | 2023-06-13 |
| 1234 | An Unusual Tale of Email Verification Bypass |
Email verification bypass
Bruteforce
Rate limiting bypass |
NA |
Sagar Sajeev (@Sagar__Sajeev) |
Bug Bounty | 2022-08-13 | 2023-06-13 |
| 766 | Unique Rate limit bypass worth 1800$ |
Rate limiting bypass
Captcha bypass |
NA |
Manav Bankatwala (@ManavBankatwala) |
Bug Bounty | 2022-11-27 | 2023-06-13 |
| 533 | Bypassing account lockout through password reset functionality |
Rate limiting bypass |
NA |
Akash c |
Bug Bounty | 2023-01-28 | 2023-06-13 |
| 491 | Discovering a weakness leading to a partial bypass of the login rate limiting in the AWS Console |
Rate limiting bypass
Bruteforce |
AWS |
Christophe Tafani-Dereeper (@christophetd) |
Bug Bounty | 2023-02-06 | 2023-06-13 |
| 325 | Wait Time Bypass for fun and Profit |
Rate limiting bypass |
Automattic |
the_unluck_guy (@7he_unlucky_guy) |
Bug Bounty | 2023-03-10 | 2023-06-13 |
| 285 | Account Takeover with rate limit bypass |
Rate limiting bypass
Account takeover |
NA |
Shamim Ahamed (@itm4n) |
Bug Bounty | 2023-03-18 | 2023-06-13 |
| 32 | Rate Limit Bypass Leads to 0 Click ATO |
Rate limiting bypass
Bruteforce
Password reset
Account takeover |
NA |
ZeroXUF (@ZeroXUF) |
Bug Bounty | 2023-06-04 | 2023-06-13 |
