5222 | Neglected DNS records exploited to takeover subdomains |
Subdomain takeover |
Heroku |
Yassine Aboukir (@Yassineaboukir) |
Bug Bounty | 2015-02-20 | 2023-06-13 |
5146 | Floating Domains – Taking Over 20K DigitalOcean Domains via a Lax Domain Import System |
Subdomain takeover |
DigitalOcean |
Matthew Bryant (@IAmMandatory) |
Bug Bounty | 2016-08-25 | 2023-06-13 |
5142 | Reading Uber’s Internal Emails [Uber Bug Bounty report worth $10,000] |
Subdomain takeover |
Uber |
Rojan Rijal (@uraniumhacker) |
Bug Bounty | 2016-09-05 | 2023-06-13 |
5139 | How I snooped into your private Slack messages [Slack Bug bounty worth $2,500] |
Subdomain takeover |
Slack |
Rojan Rijal (@uraniumhacker) |
Bug Bounty | 2016-09-13 | 2023-06-13 |
5120 | Authentication bypass on Ubiquity’s Single Sign-On via subdomain takeover |
Subdomain takeover
Authentication bypass |
Ubiquity Networks |
Arne Swinnen (@ArneSwinnen) |
Bug Bounty | 2016-11-29 | 2023-06-13 |
5083 | Hundreds of hundreds sub-secdomains hack3d! (including Hacker0ne) |
Subdomain takeover |
HackerOne |
Ak1T4 (@akita_zen) |
Bug Bounty | 2017-03-28 | 2023-06-13 |
5051 | Authentication bypass on Uber’s Single Sign-On via subdomain takeover |
Subdomain takeover
Authentication bypass |
Uber |
Arne Swinnen (@ArneSwinnen) |
Bug Bounty | 2017-06-25 | 2023-06-13 |
4963 | Subdomain Takeover Through Expired Cloudfront Distribution | live.lamborghini.co |
Subdomain takeover |
Lamborghini |
Muhammad Khizer Javed (@khizer_javed47) |
Bug Bounty | 2017-10-10 | 2023-06-13 |
4961 | Bugcrowd’s Domain & Subdomain Takeover vulnerability! |
Subdomain takeover |
Bugcrowd |
Muhammad Khizer Javed (@khizer_javed47) |
Bug Bounty | 2017-10-10 | 2023-06-13 |
4927 | UBER Wildcard Subdomain Takeover | BugBounty POC |
Subdomain takeover |
Uber |
Muhammad Khizer Javed (@khizer_javed47) |
Bug Bounty | 2017-11-20 | 2023-06-13 |
4783 | How I earned 60K+ from private program |
Open redirect
Subdomain takeover
XSS
HTTP parameter pollution |
NA |
Siva Krishna Samireddi (@le4rner) |
Bug Bounty | 2018-04-25 | 2023-06-13 |
4774 | $4500 bounty - How I got lucky |
Subdomain takeover |
NA |
Eray Mitrani (@ErayMitrani) |
Bug Bounty | 2018-05-03 | 2023-06-13 |
4711 | Subdomain Takeover: Starbucks points to Azure |
Subdomain takeover |
Starbucks |
Patrik Hudak (@0xpatrik) |
Bug Bounty | 2018-06-25 | 2023-06-13 |
4665 | Shipt Subdomain TakeOver via HeroKu ( test.shipt.com ) |
Subdomain takeover |
Shipt |
Mohamed Haron (@m7mdharon) |
Bug Bounty | 2018-08-01 | 2023-06-13 |
4645 | Subdomain Takeover: Yet another Starbucks case |
Subdomain takeover |
Starbucks |
Patrik Hudak (@0xpatrik) |
Bug Bounty | 2018-08-09 | 2023-06-13 |
4593 | How to do 55.000+ Subdomain Takeover in a Blink of an Eye |
Subdomain takeover |
Shopify |
BuckHacker (@thebuckhacker) |
Bug Bounty | 2018-09-10 | 2023-06-13 |
4588 | Subdomain Takeover worth 200$ |
Subdomain takeover |
Netlify |
Ali Razzaq (@AliRazzaq_) |
Bug Bounty | 2018-09-14 | 2023-06-13 |
4569 | Subdomain Takeover via Unsecured S3 Bucket Connected to the Website |
Subdomain takeover |
NA |
Muhammad Khizer Javed (@khizer_javed47) |
Bug Bounty | 2018-09-24 | 2023-06-13 |
4558 | Subdomain Takeover via Shopify Vendor ( blog.exchangemarketplace.com ) with Steps |
Subdomain takeover |
Shopify |
Mohamed Haron (@m7mdharon) |
Bug Bounty | 2018-10-01 | 2023-06-13 |
4514 | Subdomain takeover dew to missconfigured project settings for Custom domain . |
Subdomain takeover |
Flock |
Prial Islam Khan (@prial261) |
Bug Bounty | 2018-10-25 | 2023-06-13 |
4486 | #bugbounty How I Takeover Microsoft Store. |
Subdomain takeover |
Microsoft |
Sadiq West |
Bug Bounty | 2018-11-08 | 2023-06-13 |
4435 | Taking over Google calendar of a company |
Subdomain takeover |
NA |
Daniel V. (@d4niel_v) |
Bug Bounty | 2018-12-04 | 2023-06-13 |
4422 | Microsoft Account Takeover Vulnerability Affecting 400 Million Users |
Subdomain takeover
OAuth |
Meta / Facebook |
Aviva Zacks |
Bug Bounty | 2018-12-11 | 2023-06-13 |
4406 | Subdomain Takeover — New Level |
Subdomain takeover |
NA |
Valeriy Shevchenko (@Krevetk0Valeriy) |
Bug Bounty | 2018-12-17 | 2023-06-13 |
4303 | Souq.com Subdomain Takeover via jazzhr.com service |
Subdomain takeover |
Souq.com |
Mohamed Haron (@m7mdharon) |
Bug Bounty | 2019-02-15 | 2023-06-13 |