| 5142 | Reading Uber’s Internal Emails [Uber Bug Bounty report worth $10,000] |
Subdomain takeover |
Uber |
Rojan Rijal (@uraniumhacker) |
Bug Bounty | 2016-09-05 | 2023-06-13 |
| 5139 | How I snooped into your private Slack messages [Slack Bug bounty worth $2,500] |
Subdomain takeover |
Slack |
Rojan Rijal (@uraniumhacker) |
Bug Bounty | 2016-09-13 | 2023-06-13 |
| 5111 | I got emails - G Suite Vulnerability |
Logic flaw
Authorization flaw |
Google
Meta / Facebook
Yelp |
Rojan Rijal (@uraniumhacker) |
Bug Bounty | 2017-02-02 | 2023-06-13 |
| 5078 | I got emails — G Suite Vulnerability |
Logic flaw |
Google
Yelp
Meta / Facebook |
Rojan Rijal (@uraniumhacker) |
Bug Bounty | 2017-05-05 | 2023-06-13 |
| 4996 | Developer Luminate IDOR |
IDOR |
Yahoo! / Verizon Media |
Rojan Rijal (@uraniumhacker) |
Bug Bounty | 2017-08-30 | 2023-06-13 |
| 4995 | Luminate Store Basics defacement and potential takeover |
CSRF
Session management issue |
Yahoo! / Verizon Media |
Rojan Rijal (@uraniumhacker) |
Bug Bounty | 2017-08-30 | 2023-06-13 |
| 4975 | This domain is my domain — G Suite A record vulnerability |
Domain takeover |
Google
Uber |
Rojan Rijal (@uraniumhacker) |
Bug Bounty | 2017-09-21 | 2023-06-13 |
| 4974 | Luminate Internal Privilege Escalation — Admin to Owner |
Authorization flaw |
Yahoo! / Verizon Media |
Rojan Rijal (@uraniumhacker) |
Bug Bounty | 2017-09-21 | 2023-06-13 |
| 4919 | Getting a RCE — CTF Way |
RCE |
NA |
Rojan Rijal (@uraniumhacker) |
Bug Bounty | 2017-12-05 | 2023-06-13 |
| 4810 | Source Code Analysis in YSurvey — Luminate bug |
Authentication bypass
Authorization flaw
SQL injection |
Yahoo! / Verizon Media |
Rojan Rijal (@uraniumhacker) |
Bug Bounty | 2018-04-10 | 2023-06-13 |
| 4695 | Should this be public though? |
Information disclosure |
Shopify
Uber |
Rojan Rijal (@uraniumhacker) |
Bug Bounty | 2018-07-13 | 2023-06-13 |
| 4685 | RCE on Yahoo Luminate |
RCE |
Yahoo! / Verizon Media |
Rojan Rijal (@uraniumhacker) |
Bug Bounty | 2018-07-19 | 2023-06-13 |
| 4655 | Unauth meetings access |
Authorization flaw
Logic flaw |
Google |
Rojan Rijal (@uraniumhacker) |
Bug Bounty | 2018-08-06 | 2023-06-13 |
| 4635 | Another "TicketTrick" story |
Ticket Trick
Logic flaw |
Uber |
Rojan Rijal (@uraniumhacker) |
Bug Bounty | 2018-08-14 | 2023-06-13 |
| 4575 | Shopify Athena Bug |
Authorization flaw
Information disclosure |
Shopify |
Rojan Rijal (@uraniumhacker) |
Bug Bounty | 2018-09-20 | 2023-06-13 |
| 4284 | Exploiting Google Calendars |
Authorization flaw
Information disclosure |
Uber
Shopify
Netflix |
Rojan Rijal (@uraniumhacker) |
Bug Bounty | 2019-02-22 | 2023-06-13 |
| 4193 | Scary Tickets😨 |
Ticket Trick |
NA |
Rojan Rijal (@uraniumhacker) |
Bug Bounty | 2019-04-19 | 2023-06-13 |
| 3651 | Blind XSS against a Googler |
Blind XSS |
Google |
Rojan Rijal (@uraniumhacker) |
Bug Bounty | 2020-02-23 | 2023-06-13 |
| 3502 | G Suite - Device Management XSS |
XSS |
Google |
Rojan Rijal (@uraniumhacker) |
Bug Bounty | 2020-05-05 | 2023-06-13 |
| 3501 | Multiple XSS |
Stored XSS |
Google |
Rojan Rijal (@uraniumhacker) |
Bug Bounty | 2020-05-05 | 2023-06-13 |
| 3500 | Stored XSS on biz.waze.com |
XSS |
Google (Waze) |
Rojan Rijal (@uraniumhacker) |
Bug Bounty | 2020-05-05 | 2023-06-13 |
| 2751 | RocketChat - Unauthenticated access to messages |
Authorization flaw |
Rocket.Chat |
Rojan Rijal (@uraniumhacker) |
Bug Bounty | 2021-03-01 | 2023-06-13 |
| 2653 | Auth Issues |
Authentication flaw
Logic flaw |
Google |
Rojan Rijal (@uraniumhacker) |
Bug Bounty | 2021-04-09 | 2023-06-13 |
| 2049 | RocketChat - Monitor User Messages |
Authorization flaw |
Rocket.Chat |
Rojan Rijal (@uraniumhacker) |
Bug Bounty | 2021-11-25 | 2023-06-13 |
| 1305 | Exploiting GitHub Actions on open source projects |
RCE |
Elastic |
Rojan Rijal (@uraniumhacker) |
Bug Bounty | 2022-07-26 | 2023-06-13 |
