| 3283 | DNS Rebinding, The treacherous attack it can be |
DNS rebinding |
NA |
Vuk Ivanovic |
Bug Bounty | 2020-07-25 | 2023-06-13 |
| 3257 | Refocusing in bug hunting, Bonus: An interestingly simple to test CSRF bypass |
CSRF |
NA |
Vuk Ivanovic |
Bug Bounty | 2020-08-01 | 2023-06-13 |
| 3247 | CSRF PoC mistake that broke crucial functions for the end user/victim |
Logic flaw |
NA |
Vuk Ivanovic |
Bug Bounty | 2020-08-05 | 2023-06-13 |
| 3237 | Bug Hunting with Param Miner: Cache poisoning with XSS, a peculiar case |
XSS
Web cache poisoning |
NA |
Vuk Ivanovic |
Bug Bounty | 2020-08-08 | 2023-06-13 |
| 3225 | Cache poisoning of wget |
Web cache poisoning |
NA |
Vuk Ivanovic |
Bug Bounty | 2020-08-12 | 2023-06-13 |
| 3221 | False2True, Match and Replace bug hunting — A cautionary tale |
Privilege escalation |
NA |
Vuk Ivanovic |
Bug Bounty | 2020-08-14 | 2023-06-13 |
| 3203 | Fun with header and forget password, with a twist: |
Password reset
Host header injection |
NA |
Vuk Ivanovic |
Bug Bounty | 2020-08-18 | 2023-06-13 |
| 3196 | Upload to the future |
IDOR |
NA |
Vuk Ivanovic |
Bug Bounty | 2020-08-22 | 2023-06-13 |
| 3187 | Accessing the website directly through its IP address, a case of a poorly hidden sql injection |
SQL injection |
NA |
Vuk Ivanovic |
Bug Bounty | 2020-08-27 | 2023-06-13 |
| 3184 | The Importance of keeping up to date, or how I found an interesting bug thanks to a tweet |
Stored XSS |
NA |
Vuk Ivanovic |
Bug Bounty | 2020-08-29 | 2023-06-13 |
| 3140 | Fun with Header and Forget Password |
HTTP header injection |
NA |
Vuk Ivanovic |
Bug Bounty | 2020-09-22 | 2023-06-13 |
| 2859 | Business Logic Error Methodology (easy way) + PoC-s |
Logic flaw |
NA |
Vuk Ivanovic |
Bug Bounty | 2021-01-28 | 2023-06-13 |
| 2479 | Importance of burp history analysis to bypass 403 |
403 bypass |
NA |
Vuk Ivanovic |
Bug Bounty | 2021-06-15 | 2023-06-13 |
| 2132 | A story of another awesome old school hacking that lead to a cool P1 bug |
403 bypass |
NA |
Vuk Ivanovic |
Bug Bounty | 2021-10-22 | 2023-06-13 |
| 1352 | FFUF-ing RECON, or how to get to P1–P3 from a slightly different recon |
vHost misconfiguration
403 bypass
Information disclosure |
NA |
Vuk Ivanovic |
Bug Bounty | 2022-07-17 | 2023-06-13 |
| 1220 | Salesforce bug hunting to Critical bug |
Information disclosure
Salesforce |
NA |
Vuk Ivanovic |
Bug Bounty | 2022-08-15 | 2023-06-13 |
| 469 | Disabling js for the win |
Unrestricted file upload
RCE |
NA |
Vuk Ivanovic |
Bug Bounty | 2023-02-10 | 2023-06-13 |
