| 5294 | $6000 with Microsoft Hall of Fame | Microsoft Firewall Bypass | CRLF to XSS | Microsoft Bug Bounty |
CRLF ( Firewall Bypass )
Privilege Escalation
XSS
CRLF to XSS |
MSRC Microsoft |
Neh Patel ( thecyberneh ) |
Bug Bounty | 2022-10-12 | 2024-01-31 |
| 5286 | Google.com cross site scripting and privilege escalation in Consumer Surveys |
Stored XSS
Authorization flaw |
Google |
Josip Franjkovic (@josipfranjkovic) |
Bug Bounty | 2013-01-03 | 2023-06-13 |
| 5249 | A Tale of 7 Vulnerabilities |
Stored XSS
Reflected XSS
Default credentials
Privilege escalation |
Paypal |
Patrik Fehrenbach (@ITSecurityguard) |
Bug Bounty | 2014-04-20 | 2023-06-13 |
| 5212 | Hacking Facebook Pages |
Authorization flaw
Privilege escalation
Broken Access Control |
Meta / Facebook |
Laxman Muthiyah (@LaxmanMuthiyah) |
Bug Bounty | 2015-08-26 | 2023-06-13 |
| 5064 | Django Privilege Escalation – Zero To Superuser |
Privilege escalation |
NA |
Sean Melia (@seanmeals) |
Bug Bounty | 2017-06-01 | 2023-06-13 |
| 5036 | Fabric.io API permission apocalypse – Privilege Escalations |
Authorization flaw
Account takeover |
Twitter |
WeSecureApp (@wesecureapp) |
Bug Bounty | 2017-07-10 | 2023-06-13 |
| 4974 | Luminate Internal Privilege Escalation — Admin to Owner |
Authorization flaw |
Yahoo! / Verizon Media |
Rojan Rijal (@uraniumhacker) |
Bug Bounty | 2017-09-21 | 2023-06-13 |
| 4834 | GraphQL abuse: Bypass account level permissions through parameter smuggling |
GraphQL
Privilege escalation |
New Relic |
Jon Bottarini (@jon_bottarini) |
Bug Bounty | 2018-03-14 | 2023-06-13 |
| 4833 | CVE-2017-13253: Buffer overflow in multiple Android DRM services |
Memory corruption
Local Privilege Escalation |
Google |
Tamir Zahavi-Brunner (@tamir_zb) |
Bug Bounty | 2018-03-15 | 2023-06-13 |
| 4691 | CVE-2018-13784: PrestaShop 1.6.x Privilege Escalation |
Privilege escalation
Session management issue |
PrestaShop |
Charles Fol (@cfreal_) |
Bug Bounty | 2018-07-16 | 2023-06-13 |
| 4663 | Discovering and Exploiting a Vulnerability in Android’s Personal Dictionary (CVE-2018-9375) |
Privilege escalation
Android |
Google |
Daniel Kachakil (@Kachakil) |
Bug Bounty | 2018-08-01 | 2023-06-13 |
| 4630 | https://www.updatelap.com/2018/08/privileged-escalation-in-facebook-rooms.html |
Authorization flaw
Privilege escalation |
Meta / Facebook |
Jafar Abo Nada (@Jafar_Abo_Nada) |
Bug Bounty | 2018-08-18 | 2023-06-13 |
| 4626 | Privileged Escalation in Facebook Messenger Rooms |
Privilege escalation
IDOR |
Meta / Facebook |
Jafar Abo Nada (@Jafar_Abo_Nada) |
Bug Bounty | 2018-08-24 | 2023-06-13 |
| 4510 | Privilege Escalation like a Boss |
IDOR |
NA |
Jay Jani (@JayJani007) |
Bug Bounty | 2018-10-27 | 2023-06-13 |
| 4473 | Creating unauthorized comments on Facebook Live Stream! |
Privilege escalation
Authorization flaw |
Meta / Facebook |
Binit Ghimire (@WHOISbinit) |
Bug Bounty | 2018-11-16 | 2023-06-13 |
| 4460 | How I Hacked Netflix users & Use it free forever |
Cookie injection
Privilege escalation |
Netflix |
Blueberryinfosec (@bbinfosec) |
Bug Bounty | 2018-11-19 | 2023-06-13 |
| 4425 | Token Brute-Force to Account Take-over to Privilege Escalation to Organization Take-Over |
Account takeover
Privilege escalation
Bruteforce |
NA |
Plenum (@plenumlab) |
Bug Bounty | 2018-12-10 | 2023-06-13 |
| 4405 | WordPress Privilege Escalation through Post Types |
Privilege escalation
Stored XSS
Object injection |
WordPress |
Simon Scannell (@scannell_simon) |
Bug Bounty | 2018-12-17 | 2023-06-13 |
| 4403 | Exploiting Two Endpoints to get Account Takeover |
Authorization flaw
Privilege escalation |
NA |
Hritik Sharma |
Bug Bounty | 2018-12-19 | 2023-06-13 |
| 4275 | Horizontal Privilege Escalation on Quora which can compromise all users on Quora |
Privilege escalation |
Quora |
SpyD3r (@TarunkantG) |
Bug Bounty | 2019-02-26 | 2023-06-13 |
| 4249 | Privilege escalation on private program. |
Privilege escalation
Information disclosure |
NA |
Imran Parray (@imranparray101) |
Bug Bounty | 2019-03-14 | 2023-06-13 |
| 4142 | Google Adwords(Privilege Escalation): Read-only user able to add YouTube channels via Linked accounts |
Privilege escalation
Authorization flaw |
Google |
Family guy |
Bug Bounty | 2019-05-21 | 2023-06-13 |
| 4069 | Facebook BugBounty : Short story on Page admin disclosure |
Authorization flaw
Privilege escalation |
Meta / Facebook |
Bijan Murmu (@0xBijan) |
Bug Bounty | 2019-06-28 | 2023-06-13 |
| 4041 | Facebook Bug : Sending messages as a page with jobmanager permission |
Authorization flaw
Privilege escalation |
Meta / Facebook |
Devansh batham (@devanshwolf) |
Bug Bounty | 2019-07-15 | 2023-06-13 |
| 3992 | Leveraging AngularJS-based XSS to Privilege Escalation |
XSS
Privilege escalation |
NA |
Shawar Khan (@ShawarkOFFICIAL) |
Bug Bounty | 2019-08-04 | 2023-06-13 |
