| 4797 | IDOR (at Private Bug Bounty Program) that could Leads to Personal Data Leaks |
IDOR |
NA |
YoKo Kho (@YokoAcc) |
Bug Bounty | 2018-04-17 | 2023-06-13 |
| 4796 | How I Get the Name of the Hotel (and other Data) that you ever Stay - Personal Data Leaks: Private Bug Bounty Program |
IDOR |
NA |
YoKo Kho (@YokoAcc) |
Bug Bounty | 2018-04-18 | 2023-06-13 |
| 4795 | Ribose — IDOR with Simple CSRF Bypass — Unrestricted Changes and Deletion to other Photo Profile |
IDOR |
Ribose |
YoKo Kho (@YokoAcc) |
Bug Bounty | 2018-04-18 | 2023-06-13 |
| 4792 | Bypassing the Current Password Protection at PayPal TechSupport Portal |
Authorization flaw
Account takeover |
Paypal |
YoKo Kho (@YokoAcc) |
Bug Bounty | 2018-04-19 | 2023-06-13 |
| 4789 | Turning Self-XSS into non-Self Stored-XSS via Authorization Issue at “PayPal Tech-Support and Brand Central Portal |
Stored XSS |
Paypal |
YoKo Kho (@YokoAcc) |
Bug Bounty | 2018-04-21 | 2023-06-13 |
| 3920 | Race Condition that could Result to RCE - (A story with an App that temporary stored an uploaded file within 2 seconds before moving it to Amazon S3) |
Race condition
RCE
Unrestricted file upload |
NA |
YoKo Kho (@YokoAcc) |
Bug Bounty | 2019-09-14 | 2023-06-13 |
| 3908 | A Simple bypass of Registration Activation that Lead to many Bug - |
Information disclosure
IDOR
CSRF |
NA |
YoKo Kho (@YokoAcc) |
Bug Bounty | 2019-09-21 | 2023-06-13 |
| 3901 | Information Disclosure at PayPal and Xoom (PayPal Acquisition) via Simple Google Dork - 1,000 USD |
Information disclosure |
Paypal |
YoKo Kho (@YokoAcc) |
Bug Bounty | 2019-09-24 | 2023-06-13 |
| 3863 | Illegal Rendered at Download Feature in Several Apps (including Opera Mini) that Lead to Extension Manipulation (with RTLO) |
RTLO |
Opera |
YoKo Kho (@YokoAcc) |
Bug Bounty | 2019-10-26 | 2023-06-13 |
| 3857 | 5,000 USD XSS Issue at Avast Desktop AntiVirus for Windows (Yes, Desktop!) |
Reflected XSS |
Avast |
YoKo Kho (@YokoAcc) |
Bug Bounty | 2019-10-29 | 2023-06-13 |
| 3658 | From Recon to Optimizing RCE Results – Simple Story with One of the Biggest ICT Company in the World |
Information disclosure
RCE |
NA |
YoKo Kho (@YokoAcc) |
Bug Bounty | 2020-02-18 | 2023-06-13 |
| 3416 | From 3,99 to 1,650 USD (Part I) – Simple Vertical Privilege Escalation by Changing HTTP Response |
Privilege escalation |
NA |
YoKo Kho (@YokoAcc) |
Bug Bounty | 2020-06-06 | 2023-06-13 |
| 3378 | From Recon to Bypassing MFA Implementation in OWA by Using EWS Misconfiguration |
Information disclosure
MFA bypass |
NA |
YoKo Kho (@YokoAcc) |
Bug Bounty | 2020-06-19 | 2023-06-13 |
| 3026 | Optimizing Hunting Results in VDP for use in Bug Bounty Programs - From Sensitive Information Disclosure to Accessing Hidden APIs which can be used to Retrieve Customer Data |
Information disclosure
Broken access control
IDOR
SQL injection |
NA |
YoKo Kho (@YokoAcc) |
Bug Bounty | 2020-11-15 | 2023-06-13 |
| 1734 | From Recon via Censys and DNSdumpster, to Getting P1 by Login Using Weak Password – “password” |
WAF bypass
Weak credentials |
NA |
YoKo Kho (@YokoAcc) |
Bug Bounty | 2022-03-14 | 2023-06-13 |
