| 5016 | Cracking the lens: targeting HTTP%27s hidden attack-surface |
Reflected XSS
SSRF |
Yahoo! / Verizon Media
BT
New Relic |
James Kettle (@albinowax) |
Bug Bounty | 2017-07-27 | 2023-06-13 |
| 4913 | Hacking the Hackers: Leveraging an SSRF in HackerTarget |
SSRF |
HackerTarget |
Corben Leo (@hacker_) |
Bug Bounty | 2017-12-17 | 2023-06-13 |
| 4247 | Target Finds Cross-Site Scripting in Microsoft SharePoint |
XSS |
Microsoft |
Target |
Bug Bounty | 2019-03-15 | 2023-06-13 |
| 3647 | How i found 3 SSRF in one day on different bug bounty targets |
SSRF |
NA |
- |
Bug Bounty | 2020-02-25 | 2023-06-13 |
| 3518 | Indirect UXSS issue on a private Android target app |
Universal XSS |
NA |
Kunal pandey (@kunalp94) |
Bug Bounty | 2020-04-29 | 2023-06-13 |
| 3485 | $3000 Bug Bounty Award from Mozilla for a successful targeted Credential Hunt |
Information disclosure |
NA |
Johann Rehberger (wunderwuzzi23) |
Bug Bounty | 2020-05-13 | 2023-06-13 |
| 2971 | How i got my First Bug Bounty in Intersting Target (LFI to SXSS) |
LFI
Stored XSS |
NA |
Ph.Hitachi |
Bug Bounty | 2020-12-11 | 2023-06-13 |
| 2961 | Github Secrets exposed due to RCE in Formatter Action from pull_request_target event |
RCE |
Google |
Anthony Weems |
Bug Bounty | 2020-12-17 | 2023-06-13 |
| 2523 | How I hacked a Target again and again… |
OAuth
Account takeover
XSS
Broken Access Control |
NA |
Aditya Verma (@0cirius0) |
Bug Bounty | 2021-05-27 | 2023-06-13 |
| 1709 | Targeting Visual Studio Code for macOS: File Discovery and a TCC bypass (kinda) |
Local Privilege Escalation
TCC bypass
MacoS |
Apple
Microsoft |
Alfie Champion (@ajpc500) |
Bug Bounty | 2022-03-21 | 2023-06-13 |
| 1656 | New npm Flaws Let Attackers Better Target Packages for Account Takeover |
Information disclosure |
GitHub |
Yakir Kadkoda |
Bug Bounty | 2022-04-05 | 2023-06-13 |
| 481 | Reflected XSS on Target with tough WAF ( WAF Bypass ) |
Reflected XSS
WAF bypass |
NA |
Eagle_92 |
Bug Bounty | 2023-02-08 | 2023-06-13 |
